Davis questions TreasuryDirect security

The chairman of the House Government Reform Committee has concerns about the Treasury Department's ability to protect personal information.

In a letter sent today to the Treasury Department's commissioner of the public debt, Rep. Tom Davis (R-Va.) asked about the security of personal information collected on the TreasuryDirect.gov Web site, which sells government bonds online. The letter comes the day after the committee, which Davis heads, released its annual federal security score card. Treasury scored a D-plus.

Rather than going with masked credit card numbers, TreasuryDirect collects a bevy of personal data, including Social Security, driver's license, bank routing and account numbers; home addresses; birthdates; and e-mail addresses. Treasury's Bureau of the Public Debt's Web site includes a notice that reads:

"If you choose to send us personal information electronically or request that we send you personal information electronically, we cannot guarantee its confidentiality as it travels across the Internet. Although not likely, it is possible for others to eavesdrop."

Davis' letter to Van Zeck, commissioner of the public debt, describes the caution as troubling.

In May 2003, Treasury officials said credit card purchases of savings bonds would be phased out by the end of the year because of the additional cost to the department for offering that option. Treasury started TreasuryDirect, which now offers I Bonds and Series EE bonds in electronic form, to potentially save the government millions of dollars. Officials have estimated that paper savings bonds can cost more than $150 million annually.

Bureau spokesman Peter Hollenbach said officials look forward to responding directly to Davis. "We place the highest importance on the security and confidentiality of the information our customers provide to us," he said.

The committee, while commending Treasury on attempting to modernize the Web site, would like to work with the department on securing confidentiality during online transactions. "We're not mandating that they go to credit card numbers," said Drew Crockett, a committee spokesman, adding they may have a good reason for requesting personal information instead of credit card numbers. "Part of expanding e-government is making the citizens confident that the information they provide to the government will be safe. If that confidence is lost, we're going to have a hard time bringing the federal government into the 21st century.

The Federal Information Security Management Act of 2002 requires an annual independent evaluation of agency information security practices, usually performed by the inspector general. Agency and inspector general reports are submitted to Congress and the Office of Management and Budget and used to compile the annual score cards, which help Congress assess the government's security progress.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected