OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Davis Questions Effectiveness of Treasury's Website Information Security

Date: Feb. 17, 2005
Location: Washington, DC
Issues: Senior Citizens Entitlements and the Safety Net


Davis Questions Effectiveness of Treasury's Website Information Security
February 17, 2005

Letter Comes in Wake of Computer Security Scorecard Release

Washington, D.C. - House Government Reform Committee Chairman Tom Davis (R-VA) wrote today to Mr. Van Zeck, Commissioner of the Public Debt for the Department of Treasury, to express his concerns and seek information related to the safety and security of personal information collected on the Treasury Department's "treasurydirect.gov" website.

A copy of the letter follows:

February 17, 2005

Mr. Van Zeck
Commissioner of the Public Debt
United States Department of Treasury
1500 Pennsylvania Avenue, NW
Washington, DC 20220

Dear Mr. Zeck:

Yesterday, my Committee released the 2004 federal government computer security scorecards. The Treasury Department received a "D+". It is within that context that I write to express my concern about the safety and security of personal information collected on the Treasury Department's "treasurydirect.gov" website. This website enables people to purchase government savings bonds electronically.

You should be commended for helping to bring the federal government into the 21st century by enabling the public to use the Internet to purchase savings bonds, but I am concern about the extent of personal information that is required to be disclosed on the website. While many online financial transactions require individuals to submit their credit card account numbers, treasurydirect.gov instructs users to electronically transmit their Social Security number, driver's license number, bank routing number and account number, home address, date of birth, and email address, in addition to other personal information.

Expecting individuals to provide their personal banking account information rather than relying on their credit card information is troubling to me. Enabling individuals to make online purchases with a credit card provides a shield that is not available to an individual that transmits his or her personal bank account routing number and social security number over the Internet.

What is even more troubling, however, is that the website's "privacy and security notices" section (www.treasurydirect.gov/privacy.htm) includes the following question and answer:

Can I safely send personal information across the Internet?

If you choose to send us personal information electronically or request that we send you personal information electronically, we cannot guarantee its confidentiality as it travels across the Internet. Although not likely, it is possible for others to eavesdrop. To make this less likely, the Bureau of the Public Debt uses the Secure Sockets Layer (SSL) protocol and strong 128-bit encryption technology to protect the information you transmit via the Internet. All the information you provide to us is stored securely offline.

While I am a strong proponent of bringing the federal government into the 21st century by automating federal services, I am concerned about the potential risks of having people supply such sensitive information over the Internet. I look forward to your response and I look forward to working with you on this and other issues in the future.

Sincerely,

Tom Davis

Chairman

http://tomdavis.house.gov/cgi-data/news/files/155.shtml

arrow_upward