*************************************************** 
                         NOTICE
***************************************************

This document was converted from
Word97 to ASCII Text format.

Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page
numbers will not show up in this text version.

All text attributes such as bold, itallic, underlining, etc. from the
original document will not show up in this text version.

Features of the orginal document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.

If you need the complete document, download the
Word97, or Adobe Acrobat versions, if available.

The path and name of the Word97, and Acrobat files
 will be the same as the ASCII Text file except that they  will 
end with the letters wp, doc, or pdf  respectively, 
instead of the letters txt.

****************************************************

Special Review of Internet Privacy and Web Cookies


Table of Contents


  										       Page


EXECUTIVE SUMMARY								1


REVIEW OBJECTIVE								3

REVIEW SCOPE									3

BACKGROUND									3

OBSERVATIONS									4

APPENDIX 1	Document entitled "Privacy Issues for IGs to Examine"	          11
	Resulting from Discussions between the Inspector General
	Community and Congressional Staff

APPENDIX 2	Management Response		12
	




EXECUTIVE SUMMARY

The Federal Communications Commission (FCC) is increasingly using the Internet to 
conduct business and to disseminate information.  For example, the Commission 
currently maintains several internet-based electronic filing (e-filing) systems that allow 
the public to submit and/or review different types of filings related to FCC proceedings, 
rulemakings, tariffs, and official forms.  However, although the use of the Internet for 
commerce presents opportunities to improve the efficiency of Commission operations, it 
also presents new and unique privacy challenges.  Federal agencies are required to protect 
an individual's right to privacy when they collect personal information   including a 
regulation on the use of cookies .  Cookies are small pieces of information that are stored 
on a user's web browser  that can be manipulated to surreptitiously collect personal 
information.

On December 14, 2000, Congress passed the "Treasury and General Government Act, 
2001" (the Act).  Section 646 of the Act  (Section 646) states that "Not later than 60 days 
after the date of enactment of this Act, the Inspector General of each department or 
agency shall submit to Congress a report that discloses any activity of the applicable 
department or agency relating to-

(1) the collection or review of singular data, or the 
        creation of aggregate lists that include personally 
        identifiable information, about individuals who access any 
        Internet site of the department or agency; and

(2) entering into agreements with third parties, including 
        other government agencies, to collect, review, or obtain 
        aggregate lists or singular data containing personally 
        identifiable information relating to any individual's access or 
        viewing habits. "

Following passage of this legislation, representatives of the Department of Defense 
Office of Inspector General (DOD IG) met with congressional staff to obtain an 
understanding of the intent of Section 646 and to discuss expectations regarding the 
parameters of the review and individual reports.  Based on these discussions, the DOD IG 
prepared and distributed a list of agreed upon questions relating to Internet Privacy and 
Web Cookies.  In addition, the due date for the report to congress was extended to May 
2001.  Please refer to Appendix 1, entitled "Privacy Issues for IGs to Examine", for a 
copy of this list of the agreed upon questions.

The objectives of this Special Review were to evaluate Commission practices related to 
Internet Privacy and Web Cookies and to provide a report to Congress on these practices.  
Specific objectives of the review were to examine: 1) the purpose and use of cookies on 
FCC web pages, 2) the use of other Internet information collection devices, such as web 
bugs, 3) what categories of information are collected on the FCC web site, 4) what 
personal information is collected when people e-mail or submit questions to the agency, 
including how this information is protected, and 5) the distribution of personally 
identifiable information to any party outside of government for any purpose.  The scope 
of our review was limited to obtaining answers to the five questions that resulted from the 
discussions between the DOD IG and the congressional staff and performing limited 
testing to verify the accuracy of Commission responses.

During our limited review, we found that Commission was generally complying with 
Federal privacy laws and regulations.  We identified two issues that needed corrective 
action.  We identified one issue where the hyperlink text to the Internet privacy policy 
web page could have been more clearly identified.  When we informally notified the 
Internet Webmaster, this problem was corrected.  We reviewed the appropriate web sites 
and confirmed that the FCC Webmaster implemented the change.  The second issue 
related to the International Bureau Filing System's (IBFS) nondisclosure of its use of 
cookies.  When we notified the IBFS system owner of this observation, the system owner 
stated that IBFS would disclose its use of cookies by adding a link to the Commission's 
Privacy Notice.

In a response to the draft report, the Chief Information Officer (CIO) stated that "the 
report provides a comprehensive response to the questions asked during your review."  
The CIO suggested some minor edits, all of which we have incorporated into our report.  
We have included a copy of the joint response in its entirety as Appendix 2 to this report.

REVIEW OBJECTIVE

The objectives of this Special Review on Internet Privacy and Web Cookies were to 
evaluate Commission practices related to Internet Privacy and Web Cookies and to 
provide a report to Congress on these practices.  Specific objectives were to examine: 1) 
the purpose and use of cookies on FCC web pages, 2) the use of other Internet 
information collection devices, such as web bugs, 3) what categories of information are 
collected on the FCC web site, 4) what personal information is collected (and not 
disclosed) when people email or submit questions to the agency, and 5) the distribution of 
personally identifiable information to any party outside of government for any purpose. 

To accomplish the objectives of the Special Review,  we sent questionnaires and e-mails 
to the Chief Information Officer, the FCC Webmaster, and selected Bureau and Office 
personnel.  We examined selected FCC Internet web pages for privacy statements.  We 
analyzed the hyperlink text connecting appropriate Commission web pages to the pages 
containing the privacy information to determine if the privacy information was "clearly 
labeled and easily accessed " as required by Office and Management and Budget (OMB) 
Memorandum 99-18.

REVIEW SCOPE

This project was conducted as a special review.  A special review is meant to be a quick 
study of a process and, as such, was not conducted in accordance with all professional 
auditing standards.  A special review was conducted in this case because of the time 
constraints imposed by the legislation requiring the review.

The scope of our review was limited to obtaining answers to the five questions that 
resulted from the discussions between the DOD IG and the congressional staff and 
performing limited testing to verify the accuracy of Commission responses.  In addition, 
we reviewed selected Commission Internet web pages that aided us in responding to the 
congressional inquiry.  No Commission Intranet sites were examined as part of this 
special review.

The special review was conducted at the Commission headquarters facility located at 445 
12th Street, Southwest, Washington, DC.  Fieldwork on this special review was conducted 
from February 5, 2001 through March 16, 2001.

BACKGROUND

Federal agencies are required by law to protect an individual's right to privacy when an 
agency collects personal information.  The Privacy Act of 1974, as amended, is the 
primary law regulating the federal government's collection and maintenance of personal 
information.  Other laws of general application that apply to the protection of personal 
information collected by the Federal government are the Freedom of Information Act 
(FOIA), the Computer Security Act of 1987, the Paperwork Reduction Act of 1995, and 
the Computer Matching and Privacy Protection Act of 1988 .

OMB circulars and memorandums provide direction as to how federal agencies are to 
implement these privacy laws.  Appendices I and III of OMB Circular A-130 provide 
advice to executive departments and agencies on protecting personal information.  On 
June 2, 1999, OMB issued Memorandum M-99-18 directing agencies to post privacy 
policies on federal Web sites.  On June 22, 2000, OMB issued Memorandum M-00-13 
providing additional guidance relating to the collection of information by federal Web 
sites .  These OMB documents add details that assist departments and agencies in 
implementing the laws related to privacy in the Internet environment.

Recently, Congress added additional Web privacy requirements.  As part of the Treasury 
and Appropriations Act of 2001, Congress included a section on Web privacy.  This 
provision, Section 646 of the Treasury and Appropriations Act of 2001 requires the 
Inspector General of each department or agency to submit to Congress a report that 
discloses any activity of the applicable department or agency relating to: (1) the 
collection or review of singular data, or the creation of aggregate lists that include 
personally identifiable information, about individuals who access any Internet site of the 
department or agency; or (2) entering into agreements with third parties, including other 
government agencies to collect, review or obtain aggregate lists or singular data 
containing personally identifiable information relating to any individual's access or 
viewing habits for governmental and non-governmental Internet sites .

OBSERVATIONS 

On December 14, 2000, Congress passed the "Treasury and General Government Act, 
2001".  Section 646 of the Act states that "Not later than 60 days after the date of 
enactment of  this Act, the Inspector General of each department or agency shall submit 
to Congress a report that discloses any activity of the applicable department or agency 
relating to-

(1) the collection or review of singular data, or the 
        creation of aggregate lists that include personally 
        identifiable information, about individuals who access any 
        Internet site of the department or agency; and

(2) entering into agreements with third parties, including 
        other government agencies, to collect, review, or obtain 
        aggregate lists or singular data containing personally 
        identifiable information relating to any individual's access or 
        viewing habits. "

Following passage of this legislation, representatives of the DOD IG met with 
congressional staff to obtain an understanding of the intent of Section 646 and to discuss 
the parameters of the review and report.  Based on these discussions, the DOD IG 
prepared and distributed a list of agreed upon questions relating to Internet Privacy and 
Web Cookies.  In addition, the due date for the report to congress was extended to May 
2001.  Please refer to Appendix 1, entitled "Privacy Issues for IGs to Examine", for a 
copy of this list of the agreed upon questions.

This special review first focused on responding to the five questions on web privacy that 
resulted from discussions between the DOD IG and congressional staff.  Those questions 
are restated with the FCC's response below.  For each question, we obtained input from 
Commission Bureaus and Offices and prepared a consolidated response.  In some cases, 
we have added background information and information to clarify Bureau and Office 
responses (e.g., description of session cookies versus persistent cookies).  Where 
appropriate, we have provided a brief description of the steps taken to verify Commission 
responses.  In addition to providing a response to the five (5) questions that were agreed 
upon between DOD IG staff and congressional staff, we are reporting on another 
observation we made on web privacy at the FCC.

Responses to the Agreed Upon Questions and OIG Comments

1.   Cookies:
a.	Follow up on GAO report last fall and their ongoing work..  

FCC Response and OIG Comments: The September 2000, report by GAO on Internet 
Privacy stated that when an agency uses cookies, they must "make clear" that they are 
using cookies.  OMB requires it to disclose the following information in their privacy 
policies about the cookies and the information they collect:

1. What information is collected;
2. Why the information is collected; and
3. How the information will be used .

To determine if the Commission complies with these regulations, we first determined if 
the FCC had web pages that used cookies.  Then we examined the Commission's Privacy 
Notice to determine compliance with OMB regulations.

The FCC uses session cookies to support the Universal Licensing System (ULS), 
Consolidated Database System (CDBS), Broadband Licensing System (BLS), Antenna 
Structure Registration, International Bureau Filing System (IBFS),
and Auctions applications.  These applications use session cookies only to maintain state.  
The session cookies are erased when the users web browser is closed.  A transaction or 
session, may involve a number of such information exchanges, each followed by a break 
in the connection.  In order to maintain the state (a user's location during a web session) 
of a transaction, the FCC web sites may place session cookies in memory allocated to 
users' browsers.  Session cookies permit the users to more efficiently perform 
transactions when they are connected to the FCC web site. The session cookie may last 
throughout the course of the transactions or sessions.  However, session cookies are 
erased from the users' systems when they close their browsers.  No cookie remains on the 
user's computer.

These session cookies collect one piece of information, the session id.  This is used to 
maintain state. These cookies are erased from the user's system when they close their 
Internet browsers.  

No persistent cookies are used.  Persistent cookies are those cookies that typically stay in 
a user's browser for long periods of time , even after the user web browser is closed.  
Persistent cookies are often used to track and gather personal data.

As part of our special review, we examined the ULS and the Antenna Structure 
Registration applications and confirmed that the applications were using only session 
cookies.  We also searched the hard drives of the computers used to access these systems 
and could not find any evidence of these session cookies.

b.  Where GAO found cookies being used and not disclosed, IG should go behind 
that and ask what information is being collected and why.

FCC Response and OIG Comments: Cookie usage is disclosed to users in the Privacy 
Notice section of the Disclosure Statement accessible from the FCC's home page, 
www.fcc.gov/disclaimers.html.  We verified that the disclosure statement is accessible 
from the FCC's home page. We also verified that the Privacy Notice is linked by a 
hypertext link to the Wireless Telecommunications Branch (WTB) home page,  
www.fcc.gov/wtb, the e-filing home page, the Automated Reporting Management 
Information System (ARMIS) page, www.fcc.gov/ccb/armis, the Bureau/Office page, 
www.fcc.gov/bureaus.html, the Commissioners' home page, 
www.fcc.gov/commissioners.html, the Major Initiatives page, www.fcc.gov/major.html, 
and the Releases and Updates page, www.fcc.gov/releases.html.   The WTB and the e-
filing home pages are portals used to access the ULS, Antenna Structure Registration, 
and Auctions applications.

The Commission's Privacy Notice specifically addresses the issues posed in this question 
(i.e. where are cookies being used and not disclosed, and what information is being 
collected and why).  The text of the Commission's Privacy Notice is printed below.

Privacy Notice

The Federal Communications Commission provides this Internet site as a public 
service.  We do not obtain personally identifying information about you when you 
visit this site unless you choose to provide such information to us. 

The FCC posts a Privacy Act notice at those places on this site where the 
Commission needs to collect any individually identifiable information for use by the 
FCC. 

Any information collected within the context of your email inquiry or comment is used 
only for the expressed purpose of responding to your inquiry or comment. We collect 
personally identifiable information only if specifically and knowingly provided by 
you. 

For site management, information is collected for statistical purposes.  This 
government computer system uses software programs to create summary statistics, 
which are used for purposes such as assessing what information is of most and least 
interest, determining technical design specifications, and identifying system 
performance or problem areas. This information is not expressed in any form that 
would reveal personally identifiable information. 

The FCC provides numerous online software programs that support the Universal 
Licensing System, Antenna Structure Registration, Auctions, and other FCC 
functions. When a user visits the FCC web site to perform a transaction (sending an 
application, initiating a query, receiving a query response, etc), the web server 
receives data or sends a response and then may send a cookie before breaking the 
connection with the user. A cookie is a small piece of software that is placed by a web 
server on users' personal computers and is then used to personalize the site when a 
visitor returns. A transaction or session, may involve a number of such information 
exchanges, each followed by a break in the connection. In order to maintain the state 
(where one is in the process) of a transaction, the FCC web sites may place session 
cookies in memory allocated to users' browsers. Session cookies permit the users to 
perform transactions as if they were connected to the FCC web site throughout the 
course of the transactions or sessions. Session cookies are erased from the users' 
systems when they close their browsers .
 
As part of our special review, we examined the IBFS application.  During our review, a 
reply from the International Bureau disclosed that the IBFS application uses session 
cookies to maintain system state.  However, we determined that IBFS does not disclose 
their use in its web pages or provide a link to a privacy notice.  When we notified the 
IBFS system owner of this nondisclosure issue, the system owner stated that IBFS would 
disclose its use of cookies by adding a link to the Commission's Privacy Notice.

2.  Other information-collection devices (Web bugs, etc.):
a.	Is personal information being collected and not disclosed?

FCC Response and OIG Comments: Commission Bureaus and Offices indicate that 
they do not use other collection devices such as web bugs.  Our limited review of 
Commission web pages did not disclose any use of web bugs to collect personal 
information.

3.	General information collection:
a.	In what instances do agencies collect personally identifiable information (e.g., 
names, addresses, phone, cell and fax numbers, social security numbers) via 
Web sites (including information collected with the help of cookies or Web bugs, 
as well as information collected when Web site users submit questions using e-
mail or other means) without disclosure?  In such instances, exactly what 
information is being collected and why?

FCC Response and OIG Comments: The FCC collects names, addresses, phone 
numbers, faxes, for its electronically and manually filed licensing, fee filing, complaint, 
and comment forms.  The Commission Registration System (CORES) and the ULS 
collect taxpayer identification numbers (TINs).  TINs are nine digit numbers 
corresponding to social security numbers (SSNs) and employer identification numbers 
(EINs).  All information is provided on a voluntary basis for business applications and tin 
specifically for the Debt Collection Act of 1996.

Cookies are used only to maintain session state, not to collect any information, including 
personally identifiable information.  Persistent cookies are not used.

b.   In such instances, where is the information stored, and are the archives 
accessible to the public.  Are these archives FOIA-able?

FCC Response and OIG Comments: Commission Bureaus and Offices indicate that all 
electronic information is stored in the FCC's databases and computers, either owned by 
the FCC or managed by its contractors.  All licensing information, with the exception of 
TIN, is accessible to the public via web applications and license searches.  All data, with 
the exception of TIN, can be obtained through a process established by the Freedom of 
Information Act (FOIA).

4.   Public questions to agencies:
a.   Is personal information collected (and not disclosed) when people email or 
submit questions to the agency ?  This issue applies only to personal information 
collected for questions submitted by e-mail or via the Internet.

FCC Response and OIG Comments: Five (5) FCC Bureaus and Offices replied that 
they do not collect personal information, either by e-mail or through the World Wide 
Web.  Eight (8) others replied that they collect some personal information.  Those 
Bureaus and Offices that collect personal information indicate that this information is 
collected by the sites while performing day to day Commission activities such as license 
filing via the Internet or responding to e-mail queries by consumers.  This information is 
collected for valid business related purposes such as implementing Commission policies 
and procedures and providing consumers with accurate and timely information to resolve 
their complaints in an effective and amicable manner.
 
Personal information, such as name or address, may be disclosed, in some instances, as 
part of the administration of the Commission's policies, programs and rules.  For 
example, the name and address of the holder of a license may be disclosed electronically 
as part of the Commission's policy to allow the general public, members of the industry, 
and state regulatory agencies, among others, to have access to this information.  
Electronic access is an outgrowth of the Commission's policy of allowing public access 
to this information through such mechanisms as the Commission Reading Room.  
Sensitive information, such as TIN information, is not disclosed.  All data, with the 
exception of TIN information, can be obtained via the FOIA process.

The Commission's e-filing Internet applications collect personal data, including names 
and addresses.  For example, the electronic tariff filing system (ETFS) of the FCC's 
Common Carrier Bureau (CCB) collects information on filers of tariffs.  CCB classifies 
ETFS data as tariffs, not as "questions to the agency."  Tariffs are filed so that the public 
can examine and challenge them.  Therefore, it is not possible for the ETFS filers to 
believe that the information would be held in confidence.  Other licensing applications 
are also filed with the knowledge the public can examine and often challenge them.

5.	Third parties
a.   Provide examples of agency/administration agreements, if any, with third parties 
to collect data containing personally identifiable information relating to an 
individual's access or viewing habits?  If so, can you provide us details about 
such agreements?

FCC Response and OIG Comments: Commission Bureaus and Offices report that they 
do not have any agreements with third parties to collect data containing personally 
identifiable information relating to an individual's access or viewing habits.  

During our special review, we did not find any instances of agency/administration 
agreements with third parties to collect data containing personally identifiable 
information relating to an individual's access or viewing habits.  

b. Disclose any instances where personally identifiable information was sold, given 
away, or distributed by government agencies (or their contractors) to any party 
outside of government (including contractors) for any purpose, and find out why 
such information was distributed.

FCC Response and OIG Comments: Commission Bureaus and Offices did not report 
any instances where personally identifiable information was sold, given away, or 
distributed by government agencies (or their contractors) to any party outside of 
government (including contractors) for any purpose.

During our special review, we did not find any instances where personally identifiable 
information was sold, given away, or distributed by government agencies (or their 
contractors) to any party outside of government (including contractors) for any purpose.  

Related Web Privacy Observation 

In general, the Commission is complying with the web privacy policies as enunciated in 
the applicable public laws and OMB documents.  The Privacy Statement found at 
http://www.fcc.gov/disclaimers.html meets OMB standards.  Also, the FCC has limited 
its use of cookies and other programs to the acceptable, non-intrusive session cookies.  

However, we found one problem with the labeling of the privacy statement on the FCC's 
home page and other pages, such as the e-filing page.  Appendix I to OMB Memorandum 
99-18 requires that privacy policies must be clearly labeled and easily accessed when 
someone visits a web site.  In a September, 2000 report on Internet privacy, the GAO 
defined the term "clearly labeled."  The GAO stated that hypertext links to Privacy 
Statements must include the word "privacy ."  The hypertext links to the FCC's Privacy 
Statement, such as the one on the Commission's home page, do not use the word 
"privacy."  We are suggesting that these links incorporate the word privacy in their text, 
A possible modification could read 'Web Site Policies and Notices, including Privacy.'

We notified the Webmaster of our observation. He immediately changed the wording on 
the home page to read "Web Site Policies, Notices & Privacy Statement" and stated that 
he will change it on the rest of the non-bureau/office-specific pages as soon as possible. 
Also, he will request that the bureaus make a similar change to the pages that they 
control.  

On February 15, 2001, we confirmed that the hyperlink text to the privacy statement 
notice read "Web Site Policies, Notices & Privacy Statement."  With the implementation 
of the revised wording on the FCC's home page, we consider this matter to be closed.

Appendix 1


PRIVACY ISSUES FOR IGs TO EXAMINE

A. Cookies

1. Follow up on GAO report last fall and their ongoing work.

2. Where GAO found cookies being used and not disclosed, IGs should go behind 
that and ask what information is being collected and why.

B. Other information-collection devices (Web bugs, etc.)

1. Is personal information being collected and not disclosed?

C. General information collection

1. In what instances do agencies collect via Web sites personally identifiable 
information (e.g., names, addresses, phone, cell and fax. numbers, social security 
numbers) by any means when that is not disclosed?  In such instances, exactly 
what information is being collected and why?

2. In such instances, where is the information stored, and are the archives accessible 
to the public?  Are these archives FOIA-able? 

D. Public questions to agencies

1. Is personal information collected (and not disclosed) when people email or submit 
questions to the agency?

E. Third parties

1.	Provide examples of agency/administration agreements with third parties to 
collect data containing personally identifiable information relating to an 
individual's access or viewing habits. 

1. What happened at the Forest Service? (See GAO report).
2. What happened at ONDCP?

2. Disclose any instances where personally identifiable information was sold, given 
away, or distributed by government agencies (or their contractors) to any party 
outside of government (including contractors) for any purpose, and find out why 
such information was distributed. 

Appendix 2

Chief Information Officer
Memo


To:			Inspector General

From:		Chief Information Officer

Date:		April 4, 2001

Subject:	Reply to Draft Report on Special Review of Internet Privacy and Web Cookies

I appreciate the opportunity to review and comment on your draft report discussing Internet Privacy 
and use of Web Cookies report dated March 22nd.  Overall, the report provides a comprehensive 
response to the questions asked during your review.  There are however, suggested edits in the 
following areas:

Suggested Grammatical Edits

? In the second paragraph of page 5, revise the text to read "In addition to providing a response 
to the five (5)."
? In the third paragraph of page 6, revise the text to read "Persistent cookies are those cookies 
that typically stay in a user's browser..."
? In the last paragraph of page 7, revise the text to read ". that IBFS does not disclose their use 
in its web pages."
? In the last paragraph of page 9, bold "FCC Response and OIG Comments:"  to remain 
consistent with format.

Suggested Content Edits

In the FCC Response and OIG Comments section to question 1.a., found on page 5, there is 
discussion that reads "The FCC uses session cookies to support the Universal Licensing System 
(ULS), Antenna Structure Registration, International Bureau Filing System (IBFS), and Auctions 
applications."
It should be noted that the Mass Media Bureau also uses session cookies for both the Consolidated 
Database System (CDBS) and Broadband Licensing System (BLS), which are accessible to the 
public.  In both cases, the respective system's User Guides discuss the use of cookies.  The CDBS 
User Guide is accessible at http://svartifoss.fcc.gov:8080/prod/cdbs/forms/prod/cdbs_ug.htm and the 
BLS User Guide is accessible at http://haifoss.fcc.gov/prod/mmb/forms/blsef_ug.htm. 

This response has been coordinated with David Kitzmiller from the Office of Media Relations.  
Please contact David Jarrell at 418-1817 if you require further assistance on this matter.


   U.S. Office of Management and Budget, Memorandum 99-18, Privacy Policies on Federal Web Sites, June 2, 1999, p. 1.
   U.S. Office of Management and Budget, Memorandum 00-13, Privacy Policies and Data Collection on Federal Web Sites, June   
22, 2000, p. 1.
   Cookies, 1998, URL: http://www.cookiecentral.com/cm002.htm   (February 13, 2001).
   H.R. 5658, URL: http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:h5658ih.txt.  (February 
15, 2001).
   U.S. Office of Management and Budget, Memorandum 99-18, Privacy Policies on Federal Web Sites, June 2, 1999, p. 1.
   United States General Accounting Office, Internet  Privacy, Agencies' Efforts to Implement OMB's Privacy Policy 
(GAO/GGD-00-191, September 5, 2000), p. 47.
   Ibid.  
   HR 5658, Treasury and General Government Appropriations Act, 2001,  December 14, 2000, URL: URL: 
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:h5658ih.txt.  (February 15, 2001).
   Ibid.
  United States General Accounting Office, Internet  Privacy, Agencies' Efforts to Implement OMB's Privacy Policy (GAO/GGD-
00-191, September 5, 2000), p. 12.
  Webopedia, Cookies, URL: http://webopedia.internet.com/TERM/c/cookie.html.  (March 16, 2001).
   Federal Communications Commission, Policies and Notices, November 6, 2000, URL:  
http://www.fcc.gov/disclaimers.html.  (February 15, 2001).
  United States General Accounting Office, Internet  Privacy, Agencies' Efforts to Implement OMB's Privacy Policy (GAO/GGD-  
00-191, September 5, 2000),  p. 37.
12

 
 1