- By Diane Frank
- Jun 25, 2001
"Privacy Policies and Data Collection on Federal Web Sites"
A simple step that anyone using a Web browser can perform would help federal agencies determine whether their Web sites are making inappropriate use of "persistent cookies."
But many federal Web sites violate the policy. A recent summary of reports from 51 agency inspectors general found nearly 300 persistent cookies in use without approval. Most of the IG reports determined that the agencies' Webmasters were aware of the OMB policy, but did not know that the cookies were in use on their sites.
Today's Web browsers, however, offer an easy way to test for these "inadvertent cookies" — a method most of the IGs used but agency Webmasters apparently did not, said Roger Baker, former chairman of the CIO Council's privacy subcommittee.
The IGs first used utility programs to delete cookies from computer hard drives, then changed the security settings on their Web browsers to warn the user whenever a Web server tried to place a cookie on a computer. The cookie- warning setting is found in the Security/Custom Level area under Tools/Internet Options in Microsoft Corp.'s Internet Explorer 5, and in the Advanced settings under Edit/Preferences in Net.scape Communications Corp.'s Navigator 4.7.
Once the setting is enabled in either browser, the user is notified whenever a site wants to store a cookie on the computer. The user can allow or deny the cookie.
One problem, she said, is that agencies use commercial Web page devel.opment software, in which "the default is to use a persistent cookie, and the system administrator just doesn't turn off that feature."
Baker said agency chief information officers should update their internal Internet privacy policies to include a requirement that cookies be disabled during the Web page development process.