http://www.gcn.com/vol1_no1/daily-updates/35113-1.html By Mary Mosquera GCN Staff 02/17/05 Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee, wrote today to Van Zeck, the Treasury Department's commissioner of the Public Debt, to express concern over the safety and security of personal information collected on the www.treasurydirect.gov Web site, which enables people to purchase government savings bonds electronically. Treasury received a D+ on the 2004 federal computer security scorecard Davis' committee released yesterday. "I am concern(ed) about the extent of personal information that is required to be disclosed on the Web site," Davis wrote. While many online financial transactions require individuals to submit their credit card account numbers, treasurydirect.gov instructs users to electronically transmit their Social Security number, driver's license number, bank routing number and account number, home address, date of birth and e-mail address, in addition to other personal information. "Expecting individuals to provide their personal banking account information rather than relying on their credit card information is troubling to me," Davis said. Transacting online purchases with a credit card provides a shield to consumers that is not available to individuals who transmit personal bank account routing and Social Security numbers over the Internet. Davis also found troubling a disclaimer in the Web site's privacy and security notice that Treasury cannot guarantee the confidentiality of the personal information as it travels across the Internet. However, the notice said the Bureau of the Public Debt uses the Secure Sockets Layer protocol and 128-bit encryption technology to protect the information. "We'll be taking a look at other Web sites. Part of the effort to promote e-gov is to have citizens feel confident that the information they provide will be safe and secure. Otherwise it will be hard to promote e-gov," said House Government Reform Committee spokesman Drew Crockett. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Fri Feb 18 2005 - 03:52:02 PST