Bytes

Dozens of federal agencies still are not complying with a Clinton administration directive banning the use of files that track computer users' online movements, according to recent surveys conducted by the offices of 16 inspectors general.

IGs found that 64 sites-including some run by the General Services Administra-tion, the Transportation Department and the Education Department-continue to use "persistent cookies," files stored permanently on a user's hard drive that track pages the user visits while surfing the Web. "Session cookies," which expire once a user's browser is shut down or upon the completion of a transaction, are not forbidden under the directive. Not only are agencies still using persistent cookies, they are failing to post required privacy policies on their sites and linking users to anonymous servers that collect their e-mail addresses without their knowledge, the IGs found.

-Shane Harris

Digital Fortress

The new British Government Gateway, which will provide online access to government services for 60 million citizens, began with one simple principle: If the site isn't secure, we won't build it British officials know that a single disturbing account of a stolen identity or a bank account wiped clean could doom their effort to get all services online by 2005. Thus, the United Kingdom tapped Microsoft to build a digital fortress.

The gateway takes a multi-step approach to keeping information under virtual lockdown. To transact business that doesn't involve transmitting sensitive personal data, user IDs are available. But for transactions that must be secured, citizens and businesses will need digital certificates to ensure authenticity and security. Citizens must get their digital operating licenses in person from a government authority.

"You're going to have to go through more trouble to impersonate somebody in the digital world" than in the real one, says Microsoft's Dave Wascha, a project manager who has worked closely with the gateway from the beginning.

-Shane Harris

Identity Theft

Federal employees run the risk of having their identity stolen when they sell, throw away or donate their old computers without properly deleting personal files, NASA's inspector general has warned.

Identity thieves need only birth dates, Social Security numbers, addresses and phone numbers to begin their impersonations. "All they have to do is piece enough information together to steal someone's identity," says Dana Mellerio, director of inspections and assessments in the NASA inspector general's office. "People need to be cautious about what is on a computer and what can be done with that information when it leaves their home or even government control."

The alert said that the nation's capital is tops when it comes to identity theft. Annually, 20 incidents occur for every 100,000 people in the Washington metropolitan area. Nationally, 500,000 to 700,000 cases pop up each year, costing victims $765 million.

The NASA IG became interested in identity theft after random examinations of hard drives slated to leave the agency.

-Joshua Dean