Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
DorobekINSIDER Reader: Federal Internet cookie policies
Saturday - 6/26/2010, 5:21pm EDT
The Office of Management and Budget has just issued a new policy for dealing with Internet “cookies” — these are text files that a Web site can put on your computer to track how you traverse the site.
Cookies enable Web site personalization — for example, the allow a Web site to remember you and, maybe, the items you put in your online shopping cart. But they have always been watched by some privacy advocates because of the potential implications — for example, they could track a visitor’s travels to other sites. [Read how cookies work here... and how to delete them here.]
The federal government has been all but banned from using persistent Internet cookies because of those privacy concerns. OMB has just issued new policy guidance would enable agencies to use this tool. And Federal News Radio’s Max Cacas reported on the new policies on the Dorobek Insider on Friday. You can find his report here.
This is an issue I’ve followed for a long time (here is the FCW editorial I wrote on the subject back in 2006) — and, to be honest, I’m suspicious of the new policy. That being said, I have just started reading them.
The new OMB policy seeks to re-balance the privacy considerations given that the ban was instituted more than a decade ago. The idea: Times have changed and people are more accepting of these tools.
As I say, I’m reading the policies now, but… It is important to be very clear — agencies were absolutely not banned from using cookies. They had been banned from using PERSISTENT cookies — cookies that can track you long term. I didn’t get a chance to read all the comments that came in — and unfortunately OMB has not kept those comments online. And I still have to read the policies, but… I have year to hear a convincing argument why agencies must have persistent cookies. Some argue that the private sector does it, but that argument is specious — the government is not the private sector. In the end, it doesn’t matter what the private sector does. (Should government follow the Facebook privacy model?)
I’m reading the new policies with an open mind, but… I’m very suspicious.
The 2010 cookie/federal Web privacy policies:
* OMB policy M-10-22: Guidance for Online Use of Web Measurement and Customization Technologies [PDF] [Scribd]
* OMB policy M-10-23: Guidance for Agency Use of Third-Party Websites and Applications [PDF] [Scribd]
How these came about…
Giving OMB credit, they tried to evolve these policies in a relatively public way. As I seem to say a lot these days, I think they could have developed it in a public way. That being said, it would be nice if the comments were still available.
Here were some of the discussion:
By federal CIO Vivek Kundra and Michael Fitzpatrick, associate administrator of OMB’s Office of Information and Regulatory Policy