Agencies warned on cookies

Bush administration officials are promising "to light a fire" under agency Web managers who violate privacy regulations that forbid the use of cookies that track the activities of Web site visitors.

The cookie ban imposed last June by the Clinton administration "is still in effect, and we expect [agencies] to be in compliance with it," said Chris Ullman, a spokesman for the Office of Management and Budget. "We will work with them on that."

Reports submitted to Congress by inspectors general from 16 agencies showed that as of March 30, seven agencies operated 64 federal Web sites that continued to use persistent cookies. Sen. Fred Thompson (R-Tenn.) released the findings April 17.

The 16 agencies, including the Federal Aviation Administration and the Treasury Department, represent about a third of the agencies required to send Web audit reports to Congress. With dozens of agencies yet to file reports, the number of sites violating the ban likely will be higher, said Chris Hoofnagle of the Electronic Privacy Information Center.

OMB banned persistent cookies from federal Web sites in all but the most unusual circumstances. Persistent cookies were deemed a violation of Web users' privacy when it was discovered that the Office of Drug Control Policy was using them to track visitors to its Web site.

Persistent cookies are pieces of computer code placed on an Internet user's computer by a Web site. They track the user's movement from page to page through the Web site, and some track movement from site to site.

In the private sector, companies use cookies to tie online activity to data such as names, addresses and buying habits.

Many privacy advocates worry that cookies give the government too much monitoring ability. For example, they fear that monitoring a taxpayer's visits to Internal Revenue Service pages about tax deductions might lead to audits.

But John Spotila said he was "never aware of anything sinister" about cookies being used on government Web sites. Until last year, Spotila was head of the Office of Information and Regulatory Affairs.

He said cookies can help improve Web pages by providing information about what site visitors like and don't like. In addition, government Web sites that were designed by commercial contractors may include cookies simply because they are common on commercial sites, Spotila said. In other cases, agency Web managers may be unaware that cookies have essentially been banned on government sites.

The ban on cookies does not apply to "session cookies," which disappear from the user's computer when an Internet session ends.

Cookies aren't the only violations the inspectors general reported. Many sites fail to post privacy policies as required.

Half the Education Department's Web sites that collect personal information lack posted privacy policies, and nine pages were linked to servers that collect e-mail addresses without the user's knowledge.

The Trasportation Department said April 20 that it had removed all cookies from its 23 Web sites after its IG reported finding them in mid-February. The agency created a checklist for Web managers to follow to prevent cookies from being used on DOT Web sites in the future, a spokesman said.

"For the most part, they were inadvertent," he said. The cookies were added to Web sites during upgrades — often automatically by software — and unbeknownst to agency Web managers.

Thompson, who is chairman of the Senate Governmental Affairs Committee, said the discovery of such widespread cookie use was disturbing because agencies "should be setting the standard for privacy protection in the Information Age." Thompson said he planned to introduce legislation that would create a commission to examine government privacy practices.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group