Scott J. Ferrell/Congressional Quarterly/Getty Images Sens. George Allen and Ernest F. Hollings discuss Internet privacy bills at a Senate Commerce meeting.

Government Policy on Internet Tracking

While it's not efficient to try to track a person's Web activities with cookies, it's still a concern for privacy advocates. A government Web page could hire a corporation like DoubleClick to provide Internet cookies. In theory, DoubleClick could search its database to see if the visitor had been to any other Web site that also used DoubleClick cookies. The government could try to gather information about a user by cross-referencing all the DoubleClick cookie sites he or she visits.

Some Internet privacy advocates don't like the idea of a governmental agency keeping information files about Web site visitors. Whether the government intends to use that information for tracking purposes is beside the point. The advocates argue that the government shouldn't keep tabs on people using cookies at all.

It may come as a surprise to conspiracy theorists, but the government more or less agrees with this perspective. In 2003, the White House's Office of Management and Budget issued a memo regarding the federal government's Internet privacy policies. The memo said that all federal government sites must post their privacy policies on an easily accessible Web page. The memo also forbids the use of persistent cookies in most cases. These are Internet cookies that remain on your hard drive even after you close your browser program [source: Office of Management and Budget].

There are some exceptions to the rule. The memo says that a federal government Web site can use persistent cookies if:

  • There is a "compelling need," although the memo doesn't define what makes a need compelling
  • The agency provides a clear posting in the privacy policy that alerts the user that the site has persistent cookies
  • The agency explains in the privacy policy how the information in the cookie will be used

Cookies that expire once the user closes his or her browser program are exempt from these rules. Web bugs, which are images one pixel wide by one pixel tall that have many of the same properties as persistent Internet cookies, are not explicitly addressed, meaning some agencies may consider them exempt.

Despite this memo, several people have reported the use of persistent cookies on governmental Web sites. For example, the New York Times reported in 2005 that the National Security Agency (NSA) used persistent Internet cookies on its Web site that wouldn't expire until 2035. An NSA spokesperson said that the inclusion of the persistent cookies was an accident caused by a software upgrade [source: New York Times].

Many of the exposé reports about government Web sites and persistent cookies seem to be due to such accidents. Some Web page development software includes persistent cookies as a standard option. If the Web administrator doesn't know about the option, he or she might create a Web page that includes persistent cookies without being aware of it. Considering the amount of work necessary to track someone using cookies, it's likely that most of these incidents are, in fact, accidents.

To learn more about tracking activities on the Internet and related topics, follow the links on the next page.