recommended reading

More agencies use cookies to track Web activity

Some federal departments have obtained waivers to sidestep a long-standing policy that bars government Web sites from tracking visitor activity on the Internet.

In 2000, the Office of Management and Budget issued a federal policy banning the use of persistent cookies, files that a Web site deposits on a user's computer to collect information about how the visitor navigates the site to provide more personal interaction.

The policy was established to protect personal privacy, but it hinders the government's ability to provide richer online experiences for the public, say critics of the ban.

They add the ban is outdated and stymies efforts to solicit and respond to what the public wants, noting commercial sites routinely employ cookies to enhance their public outreach. Even civil liberties advocates favor the use of agency cookies as long as they allow visitors to opt-out and do not collect personally identifiable information. White House officials began considering a new cookie framework last summer, but they have not instituted changes yet.

Some Obama administration officials and many open government activists have urged OMB to rewrite the policy so Web managers can tailor agency sites to visitors' preferences and conduct other traffic analysis that the public now typically expects from private sector sites.

In the meantime, some departments, including the General Services Administration and NASA, have used a little-noticed provision in the original cookie policy that allows agency heads to authorize the use of the tracking technologies if they have a "compelling need." OMB is not required to sign off on the waivers, nor are agencies required to tell OMB if managers have granted waivers. A 2003 revision to the cookie policy stated agencies must report the use of tracking technology to OMB, and identify the circumstances, safeguards and approving official.

But OMB officials said subsequent memos instructing agencies on how to update OMB on e-government activities dropped the notification rule, so currently agencies are not required to inform OMB about waivers.

GSA in January approved a waiver for a governmentwide Web tool to use cookies to speed the sign-in process for citizens who want to participate in online debates about open government. Departments now are using the application, called IdeaScale, to seek recommendations for plans due on April 7 that will incorporate the principles of public participation, agency transparency and private sector collaboration into government's daily operations. The plans are the centerpiece of a directive the White House issued in December.

NASA sought a sanctioned work around to the cookie ban to make it easier for visitors to maneuver through its many images, videos and other online activities related to its high-profile missions, agency officials said on Monday.

Since 2005, NASA has used tracking technology to observe where people travel on the site, collect aggregate search results and follow user clicks to recommend sites to other visitors. For example, a user might see a message when visiting a Hubble space telescope page that states, "People who read this also read . . . ." The suggestions are based on previous users' click patterns. The cookies also store preferences for users who create "myNASA" personal accounts.

In addition, the technology is deployed to "remember when a user has been offered the customer-satisfaction survey so that frequent visitors are not constantly peppered with it," NASA spokesman David Steitz said on Monday. "Though individual click paths are observed, none is associated with an IP address the series of numbers that identifies a user's computer or anything else that might help to identify an individual."

The process of obtaining a waiver from the NASA administrator took only a few months, Steitz said. Ultimately, it was approved by the chief information officer, assistant administrator for public affairs and, as required by OMB, the administrator. More recent waivers were approved by the CIO in a matter of days, he added.

Like NASA's sites, many pages operated by the National Institutes of Health automatically issue surveys that rely on cookies, according to an NIH privacy notice. The cookies only record that the visitor was offered the chance to answer questions and they expire within 90 days of being deposited on a computer.

IdeaScale's cookies give users the option of letting the tool save their login information so users don't have to re-enter passwords every time they have a suggestion or want to comment on other users' recommendations. Cookies also allow users to sign in with an existing ID from outside Web service providers, including Google, Yahoo and AOL.

"No personal information is saved in either of these two cookies set by IdeaScale, nor can these cookies be used to track user activities across other Web sites," said Gwynne Kostin, who works at the Center for New Media and Public Engagement at GSA.

Ari Schwartz, vice president and chief operating officer at the privacy group Center for Democracy and Technology, said the center has met with OMB officials to retool the online tracking policy under the rubric of open government. The center is one of the civil liberties organizations that supports federal cookies within limits.

The center has concerns about the current waiver provision and looks forward to an overhaul of the whole policy, he said.

The waiver process "was meant to be a roadblock to prevent rapid spread of cookies," Schwartz said. "If we stick to this waiver policy, over time it's going to deteriorate. . . . It won't be based on whether privacy threats have been addressed but will be based on how quickly an agency can get approval from a senior official."

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.