Dozens of U.S. federal Web sites use unauthorized software that tracks Internet users despite policy rules that ban such information-gathering, according to a report to Congress.
The true scope of the problem has not been identified. The report said the National Aeronautics and Space Administration, NASA, could not even determine how many Web sites it operates, so investigators could not say how many of them might be using the tracking software.
The report was culled from 16 agency audits, a third of the audits in the works. The other agencies are expected to release their findings within a few months, said Sen. Fred Thompson, a Republican from Tennessee who is chairman of the Senate Governmental Affairs Committee.
Thompson released the report Monday. It said investigators found 64 federal Web sites that used unauthorized files that allowed them to track the browsing and buying habits of Internet users.
In many instances, the agencies said they did not know the tracking technology was being used. But some agencies say they benefit from the data gathered by the electronic “cookies,” as the technology is called.
A cookie is a small software file that allows an Internet site to identify a specific computer that logs on to the site. Cookies can make browsing more convenient by letting sites distinguish user preferences, but the device has been attacked as an intrusion on privacy because they can track the kinds of Web sites frequented by a specific computer.
The U.S. Mint uses the software to operate an online shopping cart that is similar to what can be found on many e-commerce sites.
The departments of Education, Treasury, Energy, Interior and Transportation used unauthorized cookies, as did NASA and the General Services Administration, the report said.
It did not estimate how many people visited the sites during the audit, which occurred late last year and early this year.
The company Jupiter Media Metrix, which tracks Internet usage, said government sites are popular. The company estimates that 3.5 million Internet users went to NASA’s Web site in March, and 2.2 million people visited the Education Department’s site.
Ari Schwartz, senior policy analyst for the Center for Democracy and Technology, which follows privacy issues, called the report troubling.
“Generally when we think about privacy and the government, we want to make sure that the government is transparent and does protect privacy over and above the rest of the Internet and the rest of the private and nonprofit sector,” Schwartz said.
His organization was among several that signed a letter Monday urging the administration of President George W. Bush to fill quickly a post created by former President Bill Clinton that heads an office to keep tabs on agencies ensuring they adhere to privacy policies.
Contractors operating Web sites for government agencies also must abide by the policy.
The White House referred questions to the Office of Management and Budget, where spokesman Chris Ullman said the Clinton-era policy remains in effect.
“Privacy issues are of great importance to the president,” Ullman said.
Because 11 Energy Department Web sites used the unauthorized files, Inspector General Gregory Friedman said the department “cannot provide reasonable assurance” the privacy of Web site visitors would be protected.