Watchdogs Call For More, But Limited, Cookie Use By Government

Late last month, new federal CIO Vivek Kundra told Congress that current cookie restrictions were holding the government back from adopting social media.
It's not often that the Center for Democracy and Technology and the Electronic Frontier Foundation get together to argue for less-restrictive privacy measures by the federal government. They're more likely to argue for just the opposite.

However, in a new report released this week, the government watchdogs say that an almost complete ban on government use of cookies to perform Web analytics on government Web sites is too broad and restrictive, and that selective use of cookies could give the government and citizens a better, more personalized Web experience.

"Federal agencies have been restricted in their ability to offer users the option of advanced features that are powered by persistent cookies or other tracking technologies," the report notes.

It also says that limitations on the use of cookies have prevented federal agencies from being able to measure and demonstrate the success of their Web sites in order to procure more funding. Without the use of cross-session cookies, for example, government agencies aren't even able to measure the number of total unique visitors to their sites, which is a vital metric for Web site success.

Late last month, new federal CIO Vivek Kundra told Congress that current cookie restrictions were holding the government back from adopting social media. The White House recently stopped using YouTube for presidential videos, partially because of concerns over cookies there.

The groups aren't calling for a full return to the days before 2000, when the White House Office of National Drug Control Policy was found to be tracking Web site visitors with persistent cookies and there was no oversight of the use of cookies. A lot has changed since that time, and Web analytics have matured, as the report notes. The groups are calling for guidelines that include use of the data only for aggregated and anonymous analysis, prominent disclosure of the use of cookies, limited cross-session measurement, visitor choice of whether to accept the cookies, limited data retention, and third-party verification of privacy measures.

Already, the use of persistent cookies requires the government to disclose their use, demonstrate a compelling need to gather the data, demonstrate use of privacy safeguards in the handling of that data, and get personal approval for persistent cookie use from the agency head. However, the CDT and EFF admit this is limiting, especially because of the requirement to get approval from the agency head.

Still, the CDT and the EFF both say that only a restricted cookie policy will likely be accepted by public opinion.

"Given the government’s increasing appetite for citizen data in recent years, the public is rightly skeptical about data collection on government Web sites," the report notes.

InformationWeek will be highlighting innovative government IT organizations in an upcoming issue. Nominate your agency by submitting an essay on your most innovative IT initiative completed in the last year. Find out more, and nominate your organization -- deadline extended to May 15.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing