RSSAfter 9-year cookie ban, US Government wants to start tracking you online again
By Angela Gunn | Published July 27, 2009, 3:10 PM
Nine years ago, the Office of Management and Budget issued a directive banning Federal agencies from dropping cookies on visitors' computers. On Friday, the White House called for public discussion about whether that policy should continue. Whether you see that as a nod to improved privacy protections and a smarter userbase, or sigh at the encroachments tracking tech has made in a decade, is perhaps a matter of perspective.
The announcement, blogged on the White House site by federal CIO Vivek Kundra and OMB associate administrator for information and regulatory affairs Michael Fitzpatrick and reproduced nearly verbatim in the proposal's listing in the Federal Register (PDF available), says that the point of the policy review is "to develop a new policy that allows the Federal Government to continue to protect the privacy of people who visit Federal websites while, at the same time, making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics."
The proposal describes a three-tiered system for deploying Web tracking tech on Federal sites -- one single-session option and two multi-session options, one focused strictly on analytics and one with a broader scope. The proposal acknowledges that the more comprehensive option may have higher privacy risks and states that there would be other, more stringent restrictions on those tracking mechanisms.
On the OMB blog (where the piece is cross-posted) the high level of discourse indicate that someone's probably moderating (at least lightly) the comments on this proposal. That said, response there is varying.
Some commenters within government have questions about first- and third-party trackers. (Respondents seemed to be fairly negative about the latter possibility.) Other commenters want to know if the analytics data might be made public, in the spirit of transparency. One noted that opt-in, not the proposal's opt-out, is preferable to many privacy-conscious folk.
Commenter "Paul Kincaid," who identifies himself as a security professional, raises the question of authentication. Meanwhile "Jeffrey Chester," speaking for the Center for Digital Democracy, asks why the comment period is so short and calls for a "serious public debate" on the matter, and dismisses persistent cookies out of hand -- drawing some ultra-polite heat from respondent and federal consultant Kochukoshy Cheruvettolil, who suggests that perhaps "the Center for Digital Democracy can provide some positive input on this issue rather than raise the usual concerns which I admit are valid but for which solutions need to be found."
Comments will be accepted through August 10, and may be submitted via email or fax, or through either of two sites listed in the Federal Register.
I think it is silly to worry about cookies when all website activity is logged and tracked anyway. The firewall logs and web server logs track way more information than cookies do. At least the cookies are stored on your PC, so you have control over it.
Score: 1
|You can't make many features on a modern website work without using cookies.
Lots of users of federal sites would probably love to not have to log in every time (some things don't need to be that secure) or have it remember where they left off in some process. Cookies can allow you do these things and more, while giving full control over identity (just delete the cookie) to users. The alternatives are requiring registration, which means the identifier lives on the government server.
I'm a strong believer that there aren't nearly enough privacy protections in the US. However, I have no problem with Gov't sites setting cookies. If you are really concerned about privacy and government sites, press for them to not log IP addresses.
Score: 0
|Like a cookie helps track users? Only the most paranoid people would think so, and they can browse in "incogneto"/"safe"/"secret" mode if they want so that they don't actually save the cookies.
Score: 1
|Really, seriously? That would be an invasion of privacy, and I do believe that there would be issues with this idea that would follow. However I guess it would not matter much personally, considering I disable my cookies for 99% of all web sites.
Score: 0
|Oh No!
They're gonna TRACK me?
Thank goodness I use Google for searches, email, YouTube, voice, and docs.
Oh wait, nevermind...
Score: 1
|People tend to not care about privacy till it blows up in their face. Since people seem to go for car analogies, it's like claiming there's no need for traffic signals and lines until people start running into you. Might work in the country, but not in the city.
Score: 0
|Nice Example! I agree that many people do ruin it for others.
Score: 2
|cookiesafe/refcontrol :) tin foil hat
Score: 1
|