Web privacy guides unclear

The failure of Office of Management and Budget officials to spell out privacy guidelines in clear and concise terms has created continuing privacy concerns about agency Web sites, according to a new report by the General Accounting Office.

The report focuses on the use of "cookies," which are small pieces of software stored on users' computers when they visit a Web site. OMB officials have given agencies do's and don'ts for cookies, but the guidelines are spread across several memoranda and a letter to the federal CIO Council that is not included on the OMB Web site, GAO found.

The rules also have a confusing gap, according to GAO. OMB officials told agencies that they must meet certain terms if they want to use cookies that remain on end-users' computers after they leave the Web site — known as "persistent" cookies — including disclosing any such use to Web visitors. But officials did not say whether agencies must disclose the use of "session" cookies, which disappear once visitors leave a site.

OMB leaders told GAO that session cookies do not present a privacy concern, and therefore, no disclosure is required. But by following this position, agencies could state they are not using cookies while using session cookies.

This could "confuse and mislead" visitors to federal Web sites who have set their browser to detect cookies and "could raise questions about the practices of the Web site that would not be resolved by viewing the privacy policy," GAO officials wrote.

OMB officials had no written comment to GAO on the report.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected