The Federal Trade Commission has lately become quite interested in the possibly nefarious and privacy-violating uses of personal information gleaned through commercial Web sites. But federal government Web sites also engage in some sneaky information-collecting practices, says a new study from the private research organization OMB Watch.
In the wake of findings by the Electronic Privacy Information Center that most popular commercial Web sites lack basic privacy protection standards, OMB Watch decided to do a similar survey of 70 federal government Web pages. It found that 44 percent of the sites surveyed collect personally identifiable information, and only 35 percent of those notify the user how such information will be used or under what authority it is requested, even though that is often required by such laws as the Privacy Act of 1974 and the Paperwork Reduction Act of 1995.
Researchers also found three sites using the notorious computer "cookies"–programs that leave marks on the user's hard drive, without the user's knowledge, through which the Web server can monitor the visitor's use of the site. Since a draft of the report was released, all three cookie-using agencies–the Department of Veterans Affairs, the Federal Emergency Management Agency, and the National Science Foundation–have ceased the practice. Even so, cookies a government agency has used would stay in the unaware citizen's hard drive until 2010–"long beyond the necessity for any legitimate use laid out by federal webmasters," the report notes.