US civil liberties gang questions Obama cookie plan

Fed website 'sea change'


A proposal to loosen restrictions on the use of tracking cookies by federal government websites should be carefully scrutinized so they don't jeopardize the privacy of people who visit them, groups advocating civil liberties warned Monday.

The American Civil Liberties Union said the proposal, floated July 24 by the White House OMB, or Office of Management and Budget, was a "sea change" that could erode protections that for the past nine years have safeguarded the personal information of millions of people who visit federal websites.

"Without explaining this reversal of policy, the OMB is seeking to allow the mass collection of personal information of every user of a federal government website," Michael Macleod-Ball, the acting director of the ACLU's Washington legislative office, said in a statement. "Until the OMB answers the multitude of questions surrounding this policy shift, we will continue to raise our strenuous objections."

Under current rules, federal agencies are prohibited from using cookies and similar tracking technologies unless there is a "compelling need" and the agency head has approved their use. Under the new rules, the OMB would adopt a three-tier approach that would permit tracking under different circumstances. They include:

  • Single-session technologies, which track users over a single session and do not maintain tracking data over multiple sessions or visits;
  • Multi-session technologies for use in analytics, which track users over multiple sessions purely to gather data to analyze web traffic statistics; and
  • Multi-session technologies for use as persistent identifiers, which track users over multiple visits with the intent of remembering data, settings, or preferences unique to that visitor for purposes beyond what is needed for web analytics.

"The goal of this review is to develop a new policy that allows the Federal Government to continue to protect the privacy of people who visit Federal websites while, at the same time, making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics," federal CIO Vivek Kundra and Michael Fitzpatrick, associate administrator of the OMB Office of Information and Regulatory Affairs, wrote.

While the use of cookies on most websites has vastly increased over the past nine years, their use on federal websites have remained static, they added.

Two other privacy advocates also weighed in on the proposed changes. In comments (PDF) jointly submitted by the Electronic Frontier Foundation and the Center for Democracy and Technology said any change should include broad disclosures to visitors that include the fact that tracking technologies are being used, the reasons for their use, whether tracking is based on single or multiple visits to the site, and the identities of the third-party companies involved in the tracking.

They also said any information collected that is not relevant to the purpose of the tracking should be discarded as soon as possible.

"Federal agency Web sites will have a key role to play in making government more transparent, accountable and participatory," the groups wrote. "To succeed, the operation and improvement of Federal agency Web sites must be done through the lens of protecting citizen privacy." ®

Broader topics


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022