It's not some half-baked conspiracy theory whipped up by a TV demagogue, but the Obama Administration is planning changes that could impact the privacy of everyone who visits US Government Web sites.
[ Also on InfoWorld: "Does Obama want to tap your computer?" and "The Obama plan to own your PC, part deux" | Stay up to date on Robert X. Cringely's musings and observations with InfoWorld's Notes from the Underground newsletter. ]
The OMB wants to use three kinds of cookies: single-session cookies that don't maintain tracking data; multisession cookies that gather anonymous data for use in Web analytics; and multisession cookies "for use as persistent identifiers, which track users over multiple visits with the intent of remembering data, settings, or preferences unique to that visitor for purposes beyond what is needed for web analytics."
It's that last category of cookie that isn't going down so well with folks at the ACLU, which released a blistering attack on the proposed changes. Per Michael Macleod-Ball, Acting Director of the ACLU Washington Legislative Office:
Without explaining this reversal of policy, the OMB is seeking to allow the mass collection of personal information of every user of a federal government web site. Until the OMB answers the multitude of questions surrounding this policy shift, we will continue to raise our strenuous objections.
(Thus putting a lot of folks in the "Obama wants to take over the planet and eat your children" camp in the uncomfortable position of agreeing with the ACLU.)
For example: The CDT/EFF say Uncle Sam should only use the data for measuring Web site performance and not share it with third parties. They want the feds to nuke the data after 90 days, disclose the use of tracking cookies to all Web site users, let them opt out without penalty, and have an inspector general or other third party verify they're following the rules.
On the other hand, the Cato Institute's Jim Harper, whom I would call a classic libertarian when it comes to privacy, says it's about time federal sites joined the rest of the Web here in the 21st century:
Because you can control cookies, a government regulation restricting cookies is needless nannying. It may marginally protect you from government tracking – they have plenty of other methods, both legitimate and illegitimate – but it won’t protect you from tracking by others, including entities who may share data with the government.... By moving away from the stultifying limitation on federal cookies, the federal government acknowledges that American grown-ups can and should look out for their own privacy.
Of course, as cyber-bureaucrats Vivek Kundra and Michael Fitzpatrick note in their White House blog, the feds haven't changed anything yet. The comments period just ended, and they have yet to decide what they're going to change, if anything, and how they're going to do it.
Of course, InfoWorld doesn't have an army (more like a geek militia) or police powers. It's not likely to send someone to your door to question you about your Web habits or incarcerate you for years. So the bar here is much higher; the federal government needs to do better than private industry in protecting our privacy, not just meet the status quo. Let's hope they do.
Do you think the Obama administration is out to kill your privacy? Post your thoughts below or e-mail me: firstname.lastname@example.org. And please, try to keep the SCREAMING to a minimum. Thank you.