Can the government see what Web sites I visit?

©iStockphoto/Angel Manuel Herrero Good try, but a ski mask offers little protection from online scrutiny. See more laptop pictures.

Imagine you're shopping at a mall. You browse different stores, make a few purchases and move on. Then, you notice that a man you don't know seems to be following you. You even catch a glimpse of him taking notes on what you're looking at and buying. The entire time you've been shopping, you've been spied on!Many people fear that a similar thing is happening on the Web. They're worried that someone, usually the government, is recording and analyzing their Web browsing activity. They argue that these acts are an invasion of privacy. Are they right to be worried? Can the government keep track of all the Web sites everyone visits, and would it be able to act on that information?

Laptop Image Gallery

It's easy to understand why some people are worried. The United States Patriot Act expands the government's ability to perform searches and install wiretaps. It doesn't seem like a big stretch to add tracking people's Internet activity to the list. These people fear that they'll be spied on whether they've done anything to justify it or not.

In some ways, fear about the government's ability to keep tabs on Web activities has reached the level of a conspiracy theory. In the most extreme version of the theory, the government is tracking not only Web site activity, but also is building a database of potential suspects for crimes ranging from corporate sabotage to terrorism. Other theories don't go that far, but still suggest the government is treating everyone like a suspect -- even if people aren't doing anything illegal or questionable.

­

How might the government track someone's activities on the Web? Find out in the next section.

Keeping Track of Web Activity

Mandel Ngan/AFP/Getty Images Texas Rep. Lamar Smith (far right) poses with other representatives and President Bush at the signing of an executive order intended to improve agency information disclosure.

Internet cookies aren't going to tell the government about every Web site you've visited. Some consumer news articles might give you the impression that Internet cookies broadcast everything you do on your computer to every Web site administrator connected to the Internet. The truth isn't quite so frightening.

Internet cookies are small text files that Web sites store to your computer's hard drive -- they aren't computer programs. An Internet cookie gives a unique identifier relevant to a particular Web site to each computer that visits the site. The identifier lets Web sites tailor the browsing experience to your preferences. If you visit an international Web site that's available in many languages, you'd want to read it in a language you know. Using an Internet cookie, the Web site can remember this information. The next time you visit that site, you'll go straight to the appropriate version because the cookie on your hard drive told the site which language you prefer.

If you fill out an online form on a Web site, the site may store that information in the cookie on your hard drive. The personal information can't get into the cookie file unless you choose to provide that information. There's no way for the cookie to search your computer for identification information. In other words, if you're worried about personal information hitting the Web, just don't share it.

A small number of major Web companies provide most of the cookies on the Internet. These companies use the same format for all their cookies, so it's possible for these companies to see when a computer visits different Web sites that use their cookies. For example, Web advertising giant DoubleClick provides cookies for thousands of Web sites. DoubleClick can see if a computer visits different Web sites using their cookies, but it can't see if the computer visits a site that either uses a different Internet cookie or doesn't use cookies at all.

Currently, the U.S. Congress is considering an act that would require Internet Service Providers (ISPs) to retain personal data for all its subscribers that the government could then use in investigations. The act is called H.R. 837: Internet Stopping Adults Facilitating the Exploitation of Today's Youth (SAFETY) of 2007 [source: GovTrack]. If this becomes law, ISPs will have to save personal information like names, postal addresses and Internet Protocol (IP) addresses for all its subscribers. While the government wouldn't be able to track a user's browsing in real time, it could request records from an ISP showing all Internet activities on a particular user's account. People who use public computer accounts (like a computer lab in a public library) would be harder to track.

Republican Rep. Lamar Smith of Texas introduced the bill on Feb. 6, 2007. On March 1, 2007, the Subcommittee on Crime, Terrorism and Homeland Security received the bill for deliberation. As of February 2008, the bill is still in the legislative process.

What's the government's policy on tracking Web activity? Find out in our next section -- if you dare.

Government Policy on Internet Tracking

Scott J. Ferrell/Congressional Quarterly/Getty Images Sens. George Allen and Ernest F. Hollings discuss Internet privacy bills at a Senate Commerce meeting.

While it's not efficient to try to track a person's Web activities with cookies, it's still a concern for privacy advocates. A government Web page could hire a corporation like DoubleClick to provide Internet cookies. In theory, DoubleClick could search its database to see if the visitor had been to any other Web site that also used DoubleClick cookies. The government could try to gather information about a user by cross-referencing all the DoubleClick cookie sites he or she visits.

Some Internet privacy advocates don't like the idea of a governmental agency keeping information files about Web site visitors. Whether the government intends to use that information for tracking purposes is beside the point. The advocates argue that the government shouldn't keep tabs on people using cookies at all.

It may come as a surprise to conspiracy theorists, but the government more or less agrees with this perspective. In 2003, the White House's Office of Management and Budget issued a memo regarding the federal government's Internet privacy policies. The memo said that all federal government sites must post their privacy policies on an easily accessible Web page. The memo also forbids the use of persistent cookies in most cases. These are Internet cookies that remain on your hard drive even after you close your browser program [source: Office of Management and Budget].

There are some exceptions to the rule. The memo says that a federal government Web site can use persistent cookies if:

  • There is a "compelling need," although the memo doesn't define what makes a need compelling
  • The agency provides a clear posting in the privacy policy that alerts the user that the site has persistent cookies
  • The agency explains in the privacy policy how the information in the cookie will be used

Cookies that expire once the user closes his or her browser program are exempt from these rules. Web bugs, which are images one pixel wide by one pixel tall that have many of the same properties as persistent Internet cookies, are not explicitly addressed, meaning some agencies may consider them exempt.

Despite this memo, several people have reported the use of persistent cookies on governmental Web sites. For example, the New York Times reported in 2005 that the National Security Agency (NSA) used persistent Internet cookies on its Web site that wouldn't expire until 2035. An NSA spokesperson said that the inclusion of the persistent cookies was an accident caused by a software upgrade [source: New York Times].

Many of the exposé reports about government Web sites and persistent cookies seem to be due to such accidents. Some Web page development software includes persistent cookies as a standard option. If the Web administrator doesn't know about the option, he or she might create a Web page that includes persistent cookies without being aware of it. Considering the amount of work necessary to track someone using cookies, it's likely that most of these incidents are, in fact, accidents.

To learn more about tracking activities on the Internet and related topics, follow the links on the next page.

Related HowStuffWorks Articles

More Great Links

Sources

  • Bolten, Joshua B. "Memorandum for Heads of Executive Departments and Agencies." Office of Management and Budget. Executive Office of the President. September 26, 2003. http://www.whitehouse.gov/omb/memoranda/text/m03-22.html
  • Gay, Lance. "White House drug office tracks computer visitors." Scripps Howard News Service. June 20, 2000. http://shns.scripps.com/shns/story.cfm?pk=COOKIES-06-20-00&cat=AN
  • "Government Cookies Show Up Even When Prohibited." Tech Law Prof Blog. January 6, 2006. http://lawprofessors.typepad.com/tech_law_prof/2006/01/government_cook.html
  • "H.R. 837: Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act (SAFETY) of 2007." GovTrack.us. Updated January 26, 2008. http://www.govtrack.us/congress/bill.xpd?bill=h110-837
  • McCullagh, Declan and Broache, Anne. "Government Web sites are keeping an eye on you." CNET News. January 5, 2006. http://www.news.com/2100-1028_3-6018702.html
  • Olsen, Stefanie. "Nearly undetectable tracking device raises concern." CNET News. July 12, 2000. http://www.news.com/Nearly-undetectable-tracking-device-raises-concern/2100-1017_3-243077.html?tag=st.nl
  • Rankin, Bob. "A Closer Look at Cookies." The Internet Tourbus. http://www.internettourbus.com/cookies.htm
  • Singel, Ryan. "Are TSA's Tracking Cookies Legal?" Wired. February 14, 2007. http://blog.wired.com/27bstroke6/2007/02/are_tsas_tracki.html
  • "Spy Agency Removes Illegal Tracking Files." New York Times. December 29, 2005. http://www.nytimes.com/2005/12/29/national/29cookies.html?_r=1&adxnnl=1&oref=slogin&adxnnlx=1203374103-RXeNedoeBrDHiVw/w2avjQ