The Great Cookie Debate

My colleague, Susan Miller, posts on FCW.com's other blog that this is and she points to a , who contends that "this is a nonstory born of ignorance and paranoia and now hype."With all due respect, this is much ado about nothing. Web sites do not need permanent cookies to count visitors. Most violations of the Web cookie policy -- and yes, these sites are violating a policy here -- are usually just organizations that do not change the defaults on some system, and yes, most sites ask for cookies. Agencies already can also use session cookies.Furthermore, the E-Government Act does make allowances for cookies, according to the Center for Democracy and Technology's Ari Schwartz. I will re-post Schwartz's comments from :The fact is that agencies are not every other Web site. Agencies have higher standards. We all understand that. And if these things are only to track numbers of visits and visitors, why not at least disclose? What additional data do permanent cookies provide?

The Web cookie and Web bug story seems to be making the rounds. Last week, I posted about other federal agencies that are also violating the no-cookie rule.

An update: This story from the Free Government Information blog that points to this AP story via ABCNews.com:

White House Says Web Site Counts Visitors [AP via ABCNews.com, 12. 30.2005]

The White House said Friday its Web tracking technology is consistent with federal rules because it only counts the number of visitors anonymously and doesn't record personal information.


much ado about nothingpost on Jeff Jarvis's Buzz Machine

not

my original post on this subject

I actually don't think that the current policy is overly onerous.

Agencies need only:

1) put a policy official in charge of cookies (this can be someone who is in charge of privacy, but it could also be a CIO or someone in the CIO's office) and
2) disclose their use of cookies in their privacy policy

and then they can use cookies however they want. Considering the history of agencies not realizing that they are (or purposely) allowing third-party commercial entities to set track visitors with no controls... this doesn't seem like too much to ask.