Obama's cookies may not go down so easy

Changes to federal Web sites may threaten your privacy or bring our current cybergovernment into the 21st century -- or possibly both

It's not some half-baked conspiracy theory whipped up by a TV demagogue, but the Obama Administration is planning changes that could impact the privacy of everyone who visits US Government Web sites.

The White House Office of Management and Budget has proposed major changes on how Federal sites use cookies. Depending on your point of view, it's either a troubling reversal of policies protecting consumer privacy or a welcome step into modern Web technology.

[ Also on InfoWorld: "Does Obama want to tap your computer?" and "The Obama plan to own your PC, part deux" | Stay up to date on Robert X. Cringely's musings and observations with InfoWorld's Notes from the Underground newsletter. ]

The OMB wants to use three kinds of cookies: single-session cookies that don't maintain tracking data; multisession cookies that gather anonymous data for use in Web analytics; and multisession cookies "for use as persistent identifiers, which track users over multiple visits with the intent of remembering data, settings, or preferences unique to that visitor for purposes beyond what is needed for web analytics."

It's that last category of cookie that isn't going down so well with folks at the ACLU, which released a blistering attack on the proposed changes. Per Michael Macleod-Ball, Acting Director of the ACLU Washington Legislative Office:

Without explaining this reversal of policy, the OMB is seeking to allow the mass collection of personal information of every user of a federal government web site. Until the OMB answers the multitude of questions surrounding this policy shift, we will continue to raise our strenuous objections.

(Thus putting a lot of folks in the "Obama wants to take over the planet and eat your children" camp in the uncomfortable position of agreeing with the ACLU.)

Other privacy groups were a little more nuanced in their response. The Center for Democracy and Technology and the Electronic Frontier Foundation both agree that the feds need to use cookies in some form to improve the effectiveness of eGovernment, but within limits [PDF].

For example: The CDT/EFF say Uncle Sam should only use the data for measuring Web site performance and not share it with third parties. They want the feds to nuke the data after 90 days, disclose the use of tracking cookies to all Web site users, let them opt out without penalty, and have an inspector general or other third party verify they're following the rules.

All pretty standard privacy stuff, as anyone who's ever read a decently written privacy policy (all 17 of you) would recognize.

On the other hand, the Cato Institute's Jim Harper, whom I would call a classic libertarian when it comes to privacy, says it's about time federal sites joined the rest of the Web here in the 21st century:

Because you can control cookies, a government regulation restricting cookies is needless nannying. It may marginally protect you from government tracking – they have plenty of other methods, both legitimate and illegitimate – but it won’t protect you from tracking by others, including entities who may share data with the government.... By moving away from the stultifying limitation on federal cookies, the federal government acknowledges that American grown-ups can and should look out for their own privacy.

Of course, as cyber-bureaucrats Vivek Kundra and Michael Fitzpatrick note in their White House blog, the feds haven't changed anything yet. The comments period just ended, and they have yet to decide what they're going to change, if anything, and how they're going to do it.

If all of this makes you want to pick up a pitchfork and a torch and storm the White House gates, consider this: InfoWorld uses cookies much like those described above. So do many other sites you probably visit on a regular basis.

Of course, InfoWorld doesn't have an army (more like a geek militia) or police powers. It's not likely to send someone to your door to question you about your Web habits or incarcerate you for years. So the bar here is much higher; the federal government needs to do better than private industry in protecting our privacy, not just meet the status quo. Let's hope they do.

Do you think the Obama administration is out to kill your privacy? Post your thoughts below or e-mail me: cringe@infoworld.com. And please, try to keep the SCREAMING to a minimum. Thank you.

Take the InfoWorld news quiz


Copyright © 2009 IDG Communications, Inc.