DorobekINSIDER Reader: Federal Internet cookie policies

Saturday - 6/26/2010, 5:21pm EDT

The Office of Management and Budget has just issued a new policy for dealing with Internet “cookies” — these are text files that a Web site can put on your computer to track how you traverse the site.

Cookies enable Web site personalization — for example, the allow a Web site to remember you and, maybe, the items you put in your online shopping cart. But they have always been watched by some privacy advocates because of the potential implications — for example, they could track a visitor’s travels to other sites. [Read how cookies work here... and how to delete them here.]

The federal government has been all but banned from using persistent Internet cookies because of those privacy concerns. OMB has just issued new policy guidance would enable agencies to use this tool. And Federal News Radio’s Max Cacas reported on the new policies on the Dorobek Insider on Friday. You can find his report here.

This is an issue I’ve followed for a long time (here is the FCW editorial I wrote on the subject back in 2006) — and, to be honest, I’m suspicious of the new policy. That being said, I have just started reading them.

The new OMB policy seeks to re-balance the privacy considerations given that the ban was instituted more than a decade ago. The idea: Times have changed and people are more accepting of these tools.

As I say, I’m reading the policies now, but… It is important to be very clear — agencies were absolutely not banned from using cookies. They had been banned from using PERSISTENT cookies — cookies that can track you long term. I didn’t get a chance to read all the comments that came in — and unfortunately OMB has not kept those comments online. And I still have to read the policies, but… I have year to hear a convincing argument why agencies must have persistent cookies. Some argue that the private sector does it, but that argument is specious — the government is not the private sector. In the end, it doesn’t matter what the private sector does. (Should government follow the Facebook privacy model?)

Let’s be very clear — this is not the most critical privacy issue facing government. That being said, it doesn’t help. People are already distrustful of government. I have yet to be convinced of the enormous public good that comes from using this tracking tool that one cannot accomplish otherwise. Again, agencies can use cookies — just not persistent cookies. How does it make people feel about their government if they feel like they are being tracked? (The stopwatch is running until the first story comes out of people using cookies to actually track people using government Web sites.)

I’m reading the new policies with an open mind, but… I’m very suspicious.

Regardless, I thought it was an opportunity to pull together the DorobekINSIDER Reader on the OMB cookie policy with background information, given that this has been going on for a long time…

The 2010 cookie/federal Web privacy policies:

* OMB policy M-10-22: Guidance for Online Use of Web Measurement and Customization Technologies [PDF] [Scribd]

* OMB policy M-10-23: Guidance for Agency Use of Third-Party Websites and Applications [PDF] [Scribd]

* The OMB “fact sheet” on the two policies

How these came about…
Giving OMB credit, they tried to evolve these policies in a relatively public way. As I seem to say a lot these days, I think they could have developed it in a public way. That being said, it would be nice if the comments were still available.

Here were some of the discussion:

White House blog post from July 24, 2009: Federal Websites: Cookie Policy
By federal CIO Vivek Kundra and Michael Fitzpatrick, associate administrator of OMB’s Office of Information and Regulatory Policy

During the Open Government Initiative outreach, Federal employees and the public have asked us questions about the federal government’s policy on cookies. As part of our effort to create a more open and innovative government, we’re working on a new cookie policy that we’ll want your input on. But before we get into that, let’s provide some context.