Congress: Stay out of the cookie jar
- By Diane Frank
- Jul 31, 2000
Just as agencies seem poised to begin offering more electronic services,
digital government advocates are worried that recent efforts to control
the collection of personal data on federal World Wide Web sites may slow
Congress added language to the Treasury/ Postal appropriations bill,
which passed the House July 20, barring the use of "cookies," Web technology
that collects personal information about people visiting a Web site.
The amendment would ban cookies and other such technology "until we
have a governmentwide, consistent policy under force of law that provides
the necessary protections against the unintentional and involuntary collection
of people's information," said Rep. Rodney Frelinghuysen (R-N.J.) in a statement
introducing the amendment.
A cookie is software placed on users' hard drives to identify them when
they return to a site so that the site's developers can customize information
for users based on the content they accessed in previous visits.
it was reported that the White House site for the Office of National Drug
Control Policy used the technology to track which pages visitors accessed.
Some privacy advocates and members of Congress fear the information could
As a result, Jacob Lew, director of the Office of Management and Budget,
sent a memorandum reminding agencies of the White House's policy on privacy
for federal Web sites, which directs agencies to clearly label a Web site's
The memo also set stricter criteria that agencies must meet before
collecting users' personal data, including demonstrating a compelling need
for the information and posting a clear notice for users.
A complete ban on such technology could have unintended consequences,
said Roger Baker, chief information officer at the Commerce Department and
co-chairman of the CIO Council's privacy committee. "When Jack Lew puts
out policy with wording in it, then the people who have to interpret it
are the people who are putting it in place," he said. "When you put out
law with wording in it, then the people who are interpreting it are the
Baker added that the language could stop many electronic initiatives
just when agencies have started putting services online. When users submit
information to an agency via the Web or conduct a transaction, such as paying
a federal fee, the process involves using cookies. Banning the technology
could shut down popular new sites such as the U.S. Patent and Trademark
Office's online patent application system.
"If you tie both hands behind our backs, then implementing e-government
is going to be fairly hard," Baker said.
In most cases, Web sites use technologies such as cookies for the visitor's
benefit, said Rich Kellett, director of the Emerging IT Policies Division
at the General Services Administration's Office of Governmentwide Policy.
"Cookies remember password information, which certainly is the convenience
that people want," he said.
Kellet said Congress' concern that information collected by cookies
could be misused should always be a consideration. But he added that the
Privacy Act of 1974 does not prohibit collecting personal information but
rather requires that the agency have a legitimate need for the information.
As for the OMB memo asking agencies to meet certain criteria before
collecting information, Baker plans to submit a letter detailing all CIOs'
concerns to Lew. Overall, CIOs support the new policy, but many are concerned
about more clearly defining what constitutes a cookie vs. other technologies.
"The CIO Council, as the tech weenies responsible, needs to get back
to Jack Lew saying, "Here's what we read into this,' and just clear up a
couple of the nuances," he said.