Web privacy guides unclear

The failure of Office of Management and Budget officials to spell out privacy guidelines in clear and concise terms has created continuing privacy concerns about agency Web sites, according to a new report by the General Accounting Office.

The report focuses on the use of "cookies," which are small pieces of software stored on users' computers when they visit a Web site. OMB officials have given agencies do's and don'ts for cookies, but the guidelines are spread across several memoranda and a letter to the federal CIO Council that is not included on the OMB Web site, GAO found.

The rules also have a confusing gap, according to GAO. OMB officials told agencies that they must meet certain terms if they want to use cookies that remain on end-users' computers after they leave the Web site — known as "persistent" cookies — including disclosing any such use to Web visitors. But officials did not say whether agencies must disclose the use of "session" cookies, which disappear once visitors leave a site.

OMB leaders told GAO that session cookies do not present a privacy concern, and therefore, no disclosure is required. But by following this position, agencies could state they are not using cookies while using session cookies.

This could "confuse and mislead" visitors to federal Web sites who have set their browser to detect cookies and "could raise questions about the practices of the Web site that would not be resolved by viewing the privacy policy," GAO officials wrote.

OMB officials had no written comment to GAO on the report.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.