July 26, 2000 | Commentary on Internet And Technology

'FirstGov' - A Web of Insecurity

How appropriate that President Clinton used his first national "Webcast" on June 24 to tout "FirstGov.gov"-a Web site heralded as a "one-stop shop" for federal government services. But perhaps more appropriately, given Washington's reputation for efficiency, is the site's potential as a hacker's dream and a citizen's nightmare.

FirstGov won't be unveiled for at least another three months, but we're told it will offer a variety of services. These include tracking your Social Security benefits, shopping for a fuel-efficient car, buying a home and even checking on flight delays. Indeed, FirstGov's ability to conduct sophisticated transactions online will help create a "high-speed, high-tech, user-friendly government," President Clinton said.

But the president's confidence in FirstGov may be misplaced. Anyone ready to share the kind of sensitive, personal information necessary to conduct such transactions needs to be warned that government agencies are notoriously incapable of protecting their own data. And there's no reason to believe FirstGov will be any different.

According to the General Accounting Office (GAO), the government's chief auditor, Washington is more sieve than safeguard. The Environmental Protection Agency (EPA), for example, had to shut down its Web server in February after the GAO hacked into EPA's main Web site during a security check. The GAO determined that the agency's computer data and systems were highly vulnerable to misuse or attack by hackers through the Internet. Files at risk included law enforcement data, as well as information on where toxic chemicals were located throughout the country.

The Internal Revenue Service recently violated the privacy of 1,300 Arizona families by accidentally disclosing confidential taxpayer information to a certified public accountant. The IRS acknowledged the error, informing taxpayers of their right to sue the agency for damages resulting from the disclosure and offering to compensate each taxpayer $1,000 per disclosure.

A GAO official recently told Congress his agency found weaknesses at many other government Web sites as well, including the Social Security Administration and the Department of Veterans Affairs. Such vulnerability could place tax, medical and other personal records at risk, the official said.

If the federal government is involved in online transactions through FirstGov, those using the site will have to provide confidential information to government bureaucrats: addresses, Social Security numbers, credit card and other types of personal information needed for e-commerce will all become fair game.

What assurances do Americans have that such information would be safe? In an effort to protect privacy, Vice President Al Gore has called for new security measures called digital "certificates" - personal codes intended to give visitors secure access to FirstGov. Gore wants a "free" certificate distributed to any citizen who requests one and has ordered government agencies to issue at least 100,000 such certificates by year's end.

But even with these certificates, there is still concern that FirstGov's data could be hacked or deliberately shared with other government agencies. The data could be used to snoop on patients participating in health research or to track down students who are behind on their student loan payments. The fact that the White House was collecting data on users of the Office of National Drug Control Policy Web site highlights the temptation by federal agencies to use Web-collected data for other than its intended purpose.

FirstGov promises to be a "one-stop shop" all right - for hackers. The number of online attacks is likely to be enormous, given the fact that federal officials admit they lack the capability to protect their data. If Americans are worried about the security of information they provide to private companies - who, after all, have a vested, financial interest in protecting it - how much more should they worry about using FirstGov?

Scott Rayder is a technology analyst for The Heritage Foundation, (www.heritage.org), a Washington-based public policy institute.

About the Author

Related Issues: Internet And Technology

Distributed nationally by Knight-Ridder/Tribune News Wire