recommended reading

Defense considers allowing cookies on its websites

The Defense Department and civilian agencies are considering allowing Web managers to place cookies, which collect personal information to target content, on their websites, but only if visitors give their consent, a top Defense official said on Wednesday.

"People have strong feelings about the right to privacy, so we're going to have to navigate" through the benefits and caveats of allowing cookies, said David Wennergren, deputy chief information officer at Defense, in an interview with Nextgov. Wennergren was attending an annual dinner hosted by the trade group TechAmerica, which honored him with a government executive of the year award.

Since 2000, government officials have banned federal websites from using cookies to protect civil liberties. But the policy was instituted years before the advent of social media, which largely relies on cookies. Today, Internet users are accustomed to giving up some privacy in return for receiving more interactive online services. For example, cookies enable commercial websites to monitor a user's most-frequently visited pages to recommend other content that might be interesting and useful.

Now with the popularity of cookies, the White House, in consultation with agencies, is expected to roll back some prohibitions to make government websites more engaging.

"It might be one of these things where we have to opt in" to first give users the choice of being tracked before activating a cookie, Wennergren said. Many commercial sites have opt-out policies that capture a user's online behavior by default unless the user takes action to disable the cookie.

"That's what we're sorting through right now," he said. Wennergren noted Web users have come to expect customized online experiences and transactions that require them to provide personal information.

Wednesday's event brought together information technology executives and federal leaders to recognize the partnership between government and industry in advancing innovation.

"It's hard for people because they've kind of gotten used to the way we run things and it's shifting," he told the audience when he accepted his award.

In February, Defense issued a social media directive aimed at opening Defense networks to discussion forums, including Twitter, YouTube and Facebook, that had previously been blocked.

"Don't ever underestimate the power of team and that you yourself have to be an agent for change," Wennergren said.

A trend that concerns Wennergren's colleagues that he singled out is cloud computing, an on-demand IT arrangement in which a user accesses applications and saves work on a third-party's network, rather than through in-house servers and data centers.

"Everybody that I work with is really excited about the cloud as long as they're not in anybody else's cloud," said Wennergren, who also serves as vice chair of the federal CIO Council. "It's OK. We'll bring them along."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.