Davis questions TreasuryDirect security

The chairman of the House Government Reform Committee has concerns about the Treasury Department's ability to protect personal information.

In a letter sent today to the Treasury Department's commissioner of the public debt, Rep. Tom Davis (R-Va.) asked about the security of personal information collected on the TreasuryDirect.gov Web site, which sells government bonds online. The letter comes the day after the committee, which Davis heads, released its annual federal security score card. Treasury scored a D-plus.

Rather than going with masked credit card numbers, TreasuryDirect collects a bevy of personal data, including Social Security, driver's license, bank routing and account numbers; home addresses; birthdates; and e-mail addresses. Treasury's Bureau of the Public Debt's Web site includes a notice that reads:

"If you choose to send us personal information electronically or request that we send you personal information electronically, we cannot guarantee its confidentiality as it travels across the Internet. Although not likely, it is possible for others to eavesdrop."

Davis' letter to Van Zeck, commissioner of the public debt, describes the caution as troubling.

In May 2003, Treasury officials said credit card purchases of savings bonds would be phased out by the end of the year because of the additional cost to the department for offering that option. Treasury started TreasuryDirect, which now offers I Bonds and Series EE bonds in electronic form, to potentially save the government millions of dollars. Officials have estimated that paper savings bonds can cost more than $150 million annually.

Bureau spokesman Peter Hollenbach said officials look forward to responding directly to Davis. "We place the highest importance on the security and confidentiality of the information our customers provide to us," he said.

The committee, while commending Treasury on attempting to modernize the Web site, would like to work with the department on securing confidentiality during online transactions. "We're not mandating that they go to credit card numbers," said Drew Crockett, a committee spokesman, adding they may have a good reason for requesting personal information instead of credit card numbers. "Part of expanding e-government is making the citizens confident that the information they provide to the government will be safe. If that confidence is lost, we're going to have a hard time bringing the federal government into the 21st century.

The Federal Information Security Management Act of 2002 requires an annual independent evaluation of agency information security practices, usually performed by the inspector general. Agency and inspector general reports are submitted to Congress and the Office of Management and Budget and used to compile the annual score cards, which help Congress assess the government's security progress.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.