Feeds

US civil liberties gang questions Obama cookie plan

Fed website 'sea change'

Internet Security Threat Report 2014

A proposal to loosen restrictions on the use of tracking cookies by federal government websites should be carefully scrutinized so they don't jeopardize the privacy of people who visit them, groups advocating civil liberties warned Monday.

The American Civil Liberties Union said the proposal, floated July 24 by the White House OMB, or Office of Management and Budget, was a "sea change" that could erode protections that for the past nine years have safeguarded the personal information of millions of people who visit federal websites.

"Without explaining this reversal of policy, the OMB is seeking to allow the mass collection of personal information of every user of a federal government website," Michael Macleod-Ball, the acting director of the ACLU's Washington legislative office, said in a statement. "Until the OMB answers the multitude of questions surrounding this policy shift, we will continue to raise our strenuous objections."

Under current rules, federal agencies are prohibited from using cookies and similar tracking technologies unless there is a "compelling need" and the agency head has approved their use. Under the new rules, the OMB would adopt a three-tier approach that would permit tracking under different circumstances. They include:

  • Single-session technologies, which track users over a single session and do not maintain tracking data over multiple sessions or visits;
  • Multi-session technologies for use in analytics, which track users over multiple sessions purely to gather data to analyze web traffic statistics; and
  • Multi-session technologies for use as persistent identifiers, which track users over multiple visits with the intent of remembering data, settings, or preferences unique to that visitor for purposes beyond what is needed for web analytics.

"The goal of this review is to develop a new policy that allows the Federal Government to continue to protect the privacy of people who visit Federal websites while, at the same time, making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics," federal CIO Vivek Kundra and Michael Fitzpatrick, associate administrator of the OMB Office of Information and Regulatory Affairs, wrote.

While the use of cookies on most websites has vastly increased over the past nine years, their use on federal websites have remained static, they added.

Two other privacy advocates also weighed in on the proposed changes. In comments (PDF) jointly submitted by the Electronic Frontier Foundation and the Center for Democracy and Technology said any change should include broad disclosures to visitors that include the fact that tracking technologies are being used, the reasons for their use, whether tracking is based on single or multiple visits to the site, and the identities of the third-party companies involved in the tracking.

They also said any information collected that is not relevant to the purpose of the tracking should be discarded as soon as possible.

"Federal agency Web sites will have a key role to play in making government more transparent, accountable and participatory," the groups wrote. "To succeed, the operation and improvement of Federal agency Web sites must be done through the lens of protecting citizen privacy." ®

Remote control for virtualized desktops

More from The Register

next story
BIG FAT Lies: Porky Pies about obesity
What really shortens lives? Reading this sort of crap in the papers
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?