[ISN] Davis questions security of Treasury Web site

From: InfoSec News (isn@private)
Date: Fri Feb 18 2005 - 01:30:06 PST


http://www.gcn.com/vol1_no1/daily-updates/35113-1.html

By Mary Mosquera 
GCN Staff
02/17/05

Rep. Tom Davis (R-Va.), chairman of the House Government Reform
Committee, wrote today to Van Zeck, the Treasury Department's
commissioner of the Public Debt, to express concern over the safety
and security of personal information collected on the
www.treasurydirect.gov Web site, which enables people to purchase
government savings bonds electronically.

Treasury received a D+ on the 2004 federal computer security scorecard
Davis' committee released yesterday.

"I am concern(ed) about the extent of personal information that is
required to be disclosed on the Web site," Davis wrote. While many
online financial transactions require individuals to submit their
credit card account numbers, treasurydirect.gov instructs users to
electronically transmit their Social Security number, driver's license
number, bank routing number and account number, home address, date of
birth and e-mail address, in addition to other personal information.

"Expecting individuals to provide their personal banking account
information rather than relying on their credit card information is
troubling to me," Davis said. Transacting online purchases with a
credit card provides a shield to consumers that is not available to
individuals who transmit personal bank account routing and Social
Security numbers over the Internet.

Davis also found troubling a disclaimer in the Web site's privacy and
security notice that Treasury cannot guarantee the confidentiality of
the personal information as it travels across the Internet. However,
the notice said the Bureau of the Public Debt uses the Secure Sockets
Layer protocol and 128-bit encryption technology to protect the
information.

"We'll be taking a look at other Web sites. Part of the effort to
promote e-gov is to have citizens feel confident that the information
they provide will be safe and secure. Otherwise it will be hard to
promote e-gov," said House Government Reform Committee spokesman Drew
Crockett.



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Fri Feb 18 2005 - 03:52:02 PST