Featured eBooks
Budget Outlook for Fiscal 2025
Opportunities in CX
Future of Naval Warfare
News

Several agencies violating 'no cookies' rule

Joshua Dean

|

Twelve federal agencies are in violation of the Clinton administration's policy on the use of "cookie" files on federal Web sites, the General Accounting Office has announced.

Senate Governmental Affairs Committee Chairman Fred Thompson, R-Tenn., had asked GAO to review the use of cookies on federal Web sites. Cookies are small text files that track users' movements on the Web. Cookies come in two flavors: "session" and "persistent." Session cookies expire once users close their browsers. Persistent cookies are stored on users' computers for a much longer time.

Thompson asked GAO to specifically look for agencies that "used cookies but did not disclose this use in their privacy policies," wrote Linda Koontz, director for information management issues at GAO, in the report, "Internet Privacy: Federal Agency Use of Cookies" (GAO-01-147R).

The use of cookies by agencies without disclosing they are doing so violates Office of Management and Budget Memorandum M-00-13, released on June 22. GAO reviewed a total of 65 federal Web sites in August, September and October.

In response to GAO's report, Sally Katzen, OMB's deputy director for management, said the administration believes session cookies "do not collect information in ways that raise privacy concerns." Use of persistent cookies, Katzen said, depends on "personal approval by the head of the agency."

For Thompson, cookies fit into the larger issue of computer security and Internet privacy. "The federal government should set the standard for privacy protection," he said. "Unfortunately, it appears that at some instances, the agencies are misleading the public about whether they or third parties are tracking information about citizens who visit their Web sites."

Thompson was concerned about a Forest Service Web site that uses cookies and shares ownership of citizen usage data with the company that provides "traffic reports" for the site.

Katzen wrote that agencies whose Web sites do not comply with administration policy would be contacted "promptly, to reinforce administration policy."

NEXT STORY: Agencies pass budget test, but not with flying colors