CIO site caught with 'cookies'

CIO Council Web site

The redesigned Web site for the CIO Council had to be pulled off-line today after Federal Computer Week notified officials the site was using persistent cookies, a violation of government privacy rules.

The use of cookies violates the CIO Council's posted privacy policy, which flatly states, "We do not use 'persistent cookies.'" It also violates the Office of Management and Budget's much-publicized no-cookie rule issued late last year. (See snapshot, which shows the CIO Council's Web page stating its cookies policy along with the window that indicates a persistent cookie, set to expire in 2037.)

Cookies are packets of information that Web sites can put on a user's computer, often to personalize a Web site. But cookies have become a privacy concern because they potentially can be used to track how a person moves through a site or even other Web sites.

OMB has allowed agencies to use temporary "session cookies," but has prohibited permanent cookies unless they are completely necessary and are approved by the agency's senior management.

Officials from the General Services Administration, which operates the CIO Council's Web site, were surprised to find the site was using cookies, and they said they were working to determine how such a privacy violation occurred.

Susan Hinden, a member of the GSA support staff, said that the contractor, Midwest Total Internet Inc., was told several times "that the site can't set persistent cookies."

GSA tested the site off-line for some time before going live, "and there were no cookies," said Michelle Heffner, leader of the GSA team.

"If there's a persistent cookie, the site's coming down," she said this afternoon. "We want this site to be an example of the standard across government."

The site was not even scheduled to go live until June 9 or 10 so that GSA could conduct last-minute reviews, she said. "Had I known it was going up, I would have tested it," she said.

The problem with the CIO Council's Web site appeared to be fixed by late this afternoon, after GSA was notified about the problem.

OMB, which leads the CIO Council, had no specific comment today on the council's Web site. However, OMB communications director Christopher Ullman said that privacy is an important issue for President Bush and the administration will continue to focus on this area.

Most observers and privacy advocates were struck by the irony that the federal government's leading technology policy organization was caught with its hand in the Web cookie jar.

Ari Schwartz, an analyst at the Center for Democracy and Technology, said this is often a problem for an organization when it relaunches its Web site. "A lot of off-the-shelf software has the default set to use cookies," he said.

"It is problematic to have systems doing things that the policy people don't know it is doing," he said.

Roger Baker, who recently retired as the Commerce Department CIO and spearheaded privacy for the CIO Council, said the focus on cookies deflects from more substantive privacy issues.

The CIO Council's faux pas comes as the President's Council on Integrity and Efficiency is due to release a report compiling all 50 of the inspector general reports on agencies' use of cookies, said David Steensma, acting assistant inspector general for auditing at the Defense Department, which is leading the report.

About the Authors

Christopher J. Dorobek is the co-anchor of Federal News Radio’s afternoon drive program, The Daily Debrief with Chris Dorobek and Amy Morris, and the founder, publisher and editor of the DorobekInsider.com, a leading blog for the Federal IT community.

Dorobek joined Federal News Radio in 2008 with 16 years of experience covering government issues with an emphasis on government information technology. Prior to joining Federal News Radio, Dorobek was editor-in-chief of Federal Computer Week, the leading news magazine for government IT decision-makers and the flagship of the 1105 Government Information Group portfolio of publications. As editor-in-chief, Dorobek served as a member of the senior leadership team at 1105 Government Information Group, providing daily editorial direction and management for FCW magazine, FCW.com, Government Health IT and its other editorial products.

Dorobek joined FCW in 2001 as a senior reporter and assumed increasing responsibilities, becoming managing editor and executive editor before being named editor-in-chief in 2006. Prior to joining FCW, Dorobek was a technology reporter at PlanetGov.com, one of the first online community centers for current and former government employees. He also spent five years at Government Computer News, another leading industry publication, covering a variety of federal IT-related issues.

Dorobek is a frequent speaker on issues involving the government IT industry, and has appeared as a frequent contributor to NewsChannel 8’s Federal News Today program. He began his career as a reporter at the Foster’s Daily Democrat, a daily newspaper in Dover, N.H. He is a graduate of the University of Southern California. He lives in Washington, DC.



Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.