Swire: Making privacy a priority

Citizens should be able to browse federal sites without creating a permanent record

Recent investigations have uncovered Web cookies on the sites of the National Security Agency and other federal agencies, in violation of federal guidelines.

The guidelines limit federal Web sites' use of persistent cookies, pieces of code placed on the visitor's hard drive so the site can recognize the computer on

return visits. Cookies don't reveal the visitor's name.

A site has the cookie number and the user's name; however, the cookie does track an identifiable individual. That happens, for instance, if the visitor completes a transaction or fills out a form, linking the cookie to a name.

A lot is at stake in violating these rules. The guidelines date back to June 2000, when I was serving as chief counselor for privacy at the Office of Management and Budget. At that time, the press discovered that the White House Office of National Drug Control Policy's Web site placed cookies on users' computers, contrary to the site's privacy policy.

The cookies were reporting surfing behavior to DoubleClick, which could link a person to visits at private-sector sites. DoubleClick and the White House site were not collecting names, but they could find names if users identified themselves at any of the private-sector sites.

In response to the problem, OMB issued guidance on June 22, 2000, stating that federal Web sites should not persistently track their visitors. The rules allow tracking devices such as cookies, but only with notice to users and approval of a high agency official. Agencies' sites can also employ temporary "session cookies" because they expire when users close their browsers.

The logic behind the policy is that citizens should be able to browse federal sites without their visits becoming part of a permanent record. Citizen access to sites is vital to e-government. Tracking citizens at government sites can reduce trust and discourage access to e-government services.

OMB may be able to fine-tune the guidance to take advantage of advances in Web technology while still protecting citizen privacy. If it does, OMB should make the changes explicit and take responsibility for any new policy choices. However, the problem now is that agencies were caught violating the rules. That sends the message that protecting citizen privacy is not important. It also signals that following the OMB rules, which have been on the books for more than five years, is not a priority.

This concern about government snooping and rule-breaking is especially serious now. President Bush has acknowledged that the National Security Agency has used wiretaps on citizens without a warrant. His message has been, "Trust us, we're careful in how we do this."

Recent press accounts, however, show that agencies have violated privacy rules regarding cookies, and the public knows agencies are breaking the rules. If agencies are openly breaking cookie rules, they might also be breaking less-public privacy rules.

The Bush administration does not have a policy official to address privacy issues. Such an official would help convince the public that it should trust government to follow the rules.

Swire is the C. William O'Neill Professor of Law at the Ohio State University and a visiting senior fellow at the Center for American Progress.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group