CIA Says It Canned Its Internet Cookies

Via NY Transfer News * All the News That Doesn't Fit

source - http://www.newsbytes.com/news/02/175288.html

CIA Web Site Cans Cookies After Report 

By Brian McWilliams, Newsbytes

WASHINGTON, 18 March--A Web site operated by the Central Intelligence
Agency (CIA) today discontinued marking visitors with a unique
identification tag, or "cookie," after a non-profit group complained
about the practice.

The use of "persistent" cookies at the CIA's Electronic Reading
Room (ERR) site, which provides online access to previously
released CIA documents, violated federal privacy guidelines and the
agency's own privacy policy, according to Public Information
Research (PIR), a Texas-based non-profit which reported the
practice to the agency Friday.

Designed to remain on the visitor's computer until December 2010,
the cookies contained the user's Internet protocol (IP) address as
well as a unique identification number, Newsbytes confirmed this
morning.

According to a spokesperson, the CIA was not aware that the site,
located at http://www.foia.ucia.gov , was placing the tracking
files on visitors' computers. The representative said the
technology was inadvertently added by a contractor during a
redesign of the site that was completed Jan. 29.

This afternoon, ERR site administrators disabled the software that
was tagging visitors with a persistent cookie as well as with a
temporary or "session" cookie that expired when the user's browser
closed.

In a June 2000 memorandum to all government agencies, the director
of the White House Office of Management and Budget (OMB) advised
operators of government sites and their contractors that "the
presumption should be that 'cookies' will not be used at Federal
Web sites."

Before today, the privacy policy at the ERR stated that the site
did not use persistent cookies and instead only used session
cookies.

The CIA has updated the privacy statement to reflect its current
practice of setting no cookies on visitors' computers.

The CIA's Web site, located at http://www.cia.gov , does not use
cookies to gather or store information about visitors, according to
the main site's privacy policy.

A review of some federal sites today by Newsbytes revealed that
several are placing session cookies on visitors' computers. Such
sites include the FirstGov.gov portal, the FBI's jobs site, as well
as the main sites operated by the Small Business Administration,
the Department of Education and the Selective Service.

According to the OMB memo, the use of cookies by federal sites is
justified only when there is "a compelling need to gather the data
on the site" as well as "appropriate and publicly disclosed privacy
safeguards for handling of information derived from cookies."

Most Web sites can log the Internet protocol (IP) address and
activities of visitors without the use of cookies. But the
persistent cookie at the CIA's ERR site enabled the agency to
better track an individual visitor's search requests, according to
Daniel Brandt, PIR's founder.

"The key words you put in for searching on FOIA (freedom of
information act) documents can reveal a lot about you. The CIA can
use these cookies to reconstruct who is interested in what. Even if
you browse from several different ISPs, they can use your cookie's
unique ID to tie all your searches together," said Brandt.

To eliminate any possibility of "improperly retained data," CIA
officials said they intend to delete later today two sets of log
files maintained for the ERR site since Jan. 29.

Before changes to the site today, the HTML source code of the ERR
site said it was designed by Olympus Group.  Calls to the
Virginia-based company's switchboard resulted in a recorded message
stating that, "Olympus Group has closed its door and is no longer
in operation."

The site appears to be hosted on systems operated by Digex, a large
Internet service provider in Maryland.

The CIA Electronic Reading Room is at http://www.foia.ucia.gov .

The Public Information Research report is at
http://www.pir.org/ciascan.html

The OMB's cookie memo is at
http://www.whitehouse.gov/omb/memoranda/m00-13.html . 

Reported by Newsbytes, http://www.newsbytes.com . 

21:49 CST 

(c) 2001 The Washington Post Company


 
=================================================================
  NY Transfer News Collective   *   A Service of Blythe Systems 
           Since 1985 - Information for the Rest of Us          
              339 Lafayette St., New York, NY 10012             
  http://www.blythe.org                  e-mail: nyt@blythe.org 
=================================================================
 
nytmed-03.19.02-09:37:44-26036