[Clips] White House Investigates Contractor's Web Tracking

R. A. Hettinga rah at shipwright.com
Sun Jan 1 05:20:50 PST 2006 

--- begin forwarded text


 Delivered-To: clips at philodox.com
 Date: Sun, 1 Jan 2006 08:19:48 -0500
 To: Philodox Clips List <clips at philodox.com>
 From: "R. A. Hettinga" <rah at shipwright.com>
 Subject: [Clips] White House Investigates Contractor's Web Tracking
 Reply-To: rah at philodox.com
 Sender: clips-bounces at philodox.com

 <http://online.wsj.com/article_print/SB113591186547934467.html>

 The Wall Street Journal


 White House Investigates
 Contractor's Web Tracking

 Associated Press

 December 29, 2005 10:27 p.m.

 NEW YORK -- Unbeknown to the Bush administration, an outside contractor has
 been using Internet tracking technologies that may be prohibited to analyze
 usage and traffic patterns at the White House's Web site, an official said
 Thursday.

 David Almacy, the White House's Internet director, promised an
 investigation into whether the practice is consistent with a 2003 policy
 from the White House's Office of Management and Budget banning the use of
 most such technologies at government sites.

 "No one even knew it was happening," Mr. Almacy said. "We're going to work
 with the contractor to ensure that it's consistent with the OMB policy."

 An official with the contractor, WebTrends Inc., said later Thursday,
 however, that although a cookie may be used, no data from it is actually
 sent back to the company.

 The development came a day after the National Security Agency admitted it
 had erred in using banned "cookies" at its Web site. Cookies are small data
 files that can be used to track Internet users. The acknowledgments
 followed inquiries by The Associated Press.

 The White House's Web site uses what's known as a Web bug to anonymously
 keep track of who's visiting and when. A Web bug is essentially a tiny
 graphic image -- a dot, really -- that's virtually invisible. In this case,
 the bug is pulled from a server maintained by WebTrends and lets the
 traffic analytic company know that another person has visited a specific
 page on the site.

 Web bugs themselves are not prohibited.

 But when these bugs are linked to a cookie -- so that a site can tell if
 the same person has visited again -- a federal agency using them must
 demonstrate a "compelling need," get a senior official's signoff and
 disclose such usage, said Peter Swire, a Clinton administration official
 who helped draft the original rules.

 The White House's privacy policy does not specifically mention cookies or
 Web bugs, and Mr. Almacy said the signoff was never sought because one was
 not thought to be required. He said his team was first informed of the
 cookie use by the AP.

 But Jason Palmer, vice president of product management for Portland,
 Ore.-based WebTrends, insisted the cookies are not used in such manner.

 Cookies from the White House site are not generated simply by visiting it,
 according to analyses by the AP and by Richard M. Smith, a security
 consultant in Cambridge, Mass., who first noticed the Web bug this week.

 Rather, WebTrends cookies are sometimes created when visiting other
 WebTrends clients. Mr. Smith said his analysis of network traffic shows
 such preexisting cookies have then been used to recognize visitors to the
 White House site.

 But WebTrends officials say they do not aggregate information about
 visitors across multiple sites. Mr. Almacy said it's possible the cookie
 resulted from the White House visit, adding he was awaiting further details
 from WebTrends.

 Mr. Palmer said the browsers are designed to pull pre-existing cookies
 automatically, and that the company has no choice in the matter. But he
 insisted the company doesn't use the information.

 In any case, Mr. Almacy said, no personal data are collected.

 In a statement, WebTrends added that the analysis performed at the White
 House site is typical among organizations for improving user experience.

 The Clinton administration first issued the strict rules on cookies in 2000
 after its Office of National Drug Control Policy, through a contractor, had
 used the technology to track computer users viewing its online antidrug
 advertising. The rules were updated in 2003 by the Bush administration.

 Although no personal information was collected at the time, Mr. Swire said,
 concerns were raised that one site's data could be linked later with those
 from the contractor's other clients.

 "It all could be linked up after the fact, and that was enough to lead to
 the federal policy," Mr. Swire said.

 Nonetheless, agencies occasionally violate the rules inadvertently. The CIA
 did in 2002, and the NSA more recently. The NSA disabled the cookies this
 week and blamed a recent upgrade to software that shipped with cookie
 settings already on.

 --
 -----------------
 R. A. Hettinga <mailto: rah at ibuc.com>
 The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 _______________________________________________
 Clips mailing list
 Clips at philodox.com
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list