[Clips] NSA Web Site Puts 'Cookies' on Computers

R. A. Hettinga rah at shipwright.com
Wed Dec 28 19:29:06 PST 2005


Shock. Horror. The NSA leaves cookies.

Exactly what part of "spook" do people not understand at this stage?

Cheers,
RAH
-------
--- begin forwarded text


 Delivered-To: clips at philodox.com
 Date: Wed, 28 Dec 2005 22:25:34 -0500
 To: Philodox Clips List <clips at philodox.com>
 From: "R. A. Hettinga" <rah at shipwright.com>
 Subject: [Clips] NSA Web Site Puts 'Cookies' on Computers
 Reply-To: rah at philodox.com
 Sender: clips-bounces at philodox.com

 <http://www.breitbart.com/news/2005/12/28/D8EPGENO2.html>


 BREITBART.COM


 NSA Web Site Puts 'Cookies' on Computers

 By ANICK JESDANUN

 AP Internet Writer

 Dec 28 4:44 PM US/Eastern

 NEW YORK - The National Security Agency's Internet site has been placing
 files on visitors' computers that can track their Web surfing activity
 despite strict federal rules banning most of them. These files, known as
 "cookies," disappeared after a privacy activist complained and The
 Associated Press made inquiries this week, and agency officials
 acknowledged Wednesday they had made a mistake. Nonetheless, the issue
 raises questions about privacy at a spy agency already on the defensive
 amid reports of a secretive eavesdropping program in the United States.

 "Considering the surveillance power the NSA has, cookies are not exactly a
 major concern," said Ari Schwartz, associate director at the Center for
 Democracy and Technology, a privacy advocacy group in Washington, D.C. "But
 it does show a general lack of understanding about privacy rules when they
 are not even following the government's very basic rules for Web privacy."


 Until Tuesday, the NSA site created two cookie files that do not expire
 until 2035 _ likely beyond the life of any computer in use today.

 Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie
 use resulted from a recent software upgrade. Normally, the site uses
 temporary, permissible cookies that are automatically deleted when users
 close their Web browsers, he said, but the software in use shipped with
 persistent cookies already on.

 "After being tipped to the issue, we immediately disabled the cookies," he
 said.

 Cookies are widely used at commercial Web sites and can make Internet
 browsing more convenient by letting sites remember user preferences. For
 instance, visitors would not have to repeatedly enter passwords at sites
 that require them.

 But privacy advocates complain that cookies can also track Web surfing,
 even if no personal information is actually collected.

 In a 2003 memo, the White House's Office of Management and Budget prohibits
 federal agencies from using persistent cookies _ those that aren't
 automatically deleted right away _ unless there is a "compelling need."

 A senior official must sign off on any such use, and an agency that uses
 them must disclose and detail their use in its privacy policy.

 Peter Swire, a Clinton administration official who had drafted an earlier
 version of the cookie guidelines, said clear notice is a must, and `vague
 assertions of national security, such as exist in the NSA policy, are not
 sufficient."

 Daniel Brandt, a privacy activist who discovered the NSA cookies, said
 mistakes happen, "but in any case, it's illegal. The (guideline) doesn't
 say anything about doing it accidentally."

 The Bush administration has come under fire recently over reports it
 authorized NSA to secretly spy on e-mail and phone calls without court
 orders.

 Since The New York Times disclosed the domestic spying program earlier this
 month, President Bush has stressed that his executive order allowing the
 eavesdropping was limited to people with known links to al-Qaida.

 But on its Web site Friday, the Times reported that the NSA, with help from
 American telecommunications companies, obtained broader access to streams
 of domestic and international communications.

 The NSA's cookie use is unrelated, and Weber said it was strictly to
 improve the surfing experience "and not to collect personal user data."

 Richard M. Smith, a security consultant in Cambridge, Mass., questions
 whether persistent cookies would even be of much use to the NSA. They are
 great for news and other sites with repeat visitors, he said, but the NSA's
 site does not appear to have enough fresh content to warrant more than
 occasional visits.

 The government first issued strict rules on cookies in 2000 after
 disclosures that the White House drug policy office had used the technology
 to track computer users viewing its online anti-drug advertising. Even a
 year later, a congressional study found 300 cookies still on the Web sites
 of 23 agencies.

 In 2002, the CIA removed cookies it had inadvertently placed at one of its
 sites after Brandt called it to the agency's attention.

 --
 -----------------
 R. A. Hettinga <mailto: rah at ibuc.com>
 The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 _______________________________________________
 Clips mailing list
 Clips at philodox.com
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





More information about the cypherpunks-legacy mailing list