GAO: Web privacy guidelines not clear

The failure of Office of Management and Budget officials to spell out privacy guidelines in clear and concise terms has created continued privacy concerns about agency Web sites, according to a new report by the General Accounting Office.

The report focuses on the use of "cookies," which are small pieces of software stored on users computers when they visit a Web site. OMB officials have given agencies do's and don'ts for cookies, but the guidelines are spread across several memoranda, as well as in a letter to the federal CIO Council that is not included on the OMB Web site, GAO found.

The guidance also has a confusing gap, according to GAO.

OMB officials told agencies they must meet certain terms if they want to use cookies that remain on end-user computers after they leave the Web site — what are known as "persistent" cookies — and that they must disclose any such use to Web visitors. But officials did not say whether agencies must disclose the use of "session" cookies, which disappear once visitors leave a site.

OMB told GAO that session cookies do not present a privacy concern, and therefore, no disclosure is required. But by following this position, agencies could state they are not using cookies while continuing to use session cookies.

This could "confuse and mislead" visitors to federal Web sites that have set their browser to detect cookies, and "could raise questions about the practices of the Web site that would not be resolved by viewing the privacy policy," GAO wrote.

GAO conducted a review of the use of cookies on 65 agency Web sites between November 2000 and January 2001. GAO found that eight federal sites used persistent cookies. Four agencies did so without disclosing it in a privacy policy, as required by OMB, and two of those were using persistent cookies from third-party sites.

The other four did disclose the use of cookies but did not meet OMB's other conditions, including having a compelling need for the data and having personal approval from the head of the agency.

All four using cookies without disclosure have since removed the cookies from their sites, according to GAO. Two of the others have also removed their cookies, while the final two are going through the process to meet the OMB conditions.

GAO conducted the review following a request from Sen. Fred Thompson (R-Tenn.), chairman of the Senate Governmental Affairs Committee, because of privacy concerns raised last year when it was discovered how many agencies were using persistent cookies.

OMB officials provided no written comment to GAO on the report.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group