Thursday, December 29, 2005

The Cookie Monsters

If you haven't seen it yet, here's the Associated Press story in the New York Times about the cookies in the NSA web site.
The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most files of that type.

The files, known as cookies, disappeared after a privacy activist complained and The Associated Press made inquiries this week. Agency officials acknowledged yesterday that they had made a mistake.

Nonetheless, the issue raised questions about privacy at the agency, which is on the defensive over reports of an eavesdropping program.

"Considering the surveillance power the N.S.A. has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."

Until Tuesday, the N.S.A. site created two cookie files that do not expire until 2035.

Don Weber, an agency spokesman, said in a statement yesterday that the use of the so-called persistent cookies resulted from a recent software upgrade.

This begs a pair of questions. If NSA is being careless about features in their software, how careless are they being in all the other aspects of their operations? Moreover, what does it say about government oversight when it takes a privacy advocacy group to catch a secret government agency breaking the law?

But there may be an even more important question. Who's making up the rules?
In a 2003 memorandum, the Office of Management and Budget at the White House prohibited federal agencies from using persistent cookies - those that are not automatically deleted right away - unless there is a "compelling need."

A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.

Are rules for use of persistent cookies by federal agencies really being made by the executive branch's Office of Management and Budget? And what senior official has to sign off for their use? Whatever GS-12 happens to be around?

14 comments:

  1. As lurch says, and this from an insider, there are no accidents at the NSA especially with respect to software and how the technology they are using works and is implemented.
    Note also that in my years with the NSA I never saw anyone concerned very much with "rules" such as the no persistent cookie prohibition. The attitude in these rarefied groups is that they are above rules or rather that rules are for the peons. The working hypothesis was that everything we are doing is Top Secret and therefore nobody will know if we follow the rules or not.

    ReplyDelete
  2. Guys,

    Thanks for pitching in on this issue. I too strongly believe that the only accident was getting caught, and have seen too much of the "rules are for peons" in other branches of government.

    As always, power is not to be trusted.

    ReplyDelete
  3. Anonymous10:24 AM

    Can anyone explain to me what exactly is wrong here (except for a minor breach of OMB recommendations)?

    Cookies are harmless. You can't "track ... Web surfing activity" except for explicit visits to the NSA website.

    I'm all for reining in the NSA, but let's focus on the real threats (eg Carnivore or Magic Lantern), not cookies.

    ReplyDelete
  4. What's wrong?

    1) These things are being regulated by the White House budget office.

    2) Agencies like NSA don't even follow the rules of their own branch of government.

    ReplyDelete
  5. I think we agree on this. A low fever is a minor symptom, but it can be a symptom of a life threatening disease.

    ReplyDelete
  6. Tom,

    Yeah. But it makes me wonder what's happening at the big spy in the sky headquarters when I browse the Al Jazirra site to see what's being said there.

    Do I get marked as a terrorist sympathizer?

    ReplyDelete
  7. In any case, what's actually happened to change the polling numbers?

    And yeah, Cap will keep you honest on that kind of stuff.

    ReplyDelete
  8. Scott,

    I'd be surprised if the numbers weren't climbing. After that all out media campaign, I'm surprised they're not better. As to consipiracy theories, there's nothing I'd discount with this crowd.

    Fuzzflash,

    Uh, Kool Aid, maybe.

    ReplyDelete
  9. Anonymous3:03 PM

    Who would be the most admired man? As bad as Bush is, there are still about 35% of the people in America who love him no matter what he does. Who would be more admired that the other 65% of the people in the country can all agree on one person to admire? Some might choose Bono, others might choose Warren Buffett, still others Bill Gates. Him being the most admired person only shows that the 35% who support him are completely and utterly monolithic in their views.

    ReplyDelete
  10. Anonymous6:42 AM

    I have to agree that this is a trivial issue. I doubt the NSA puts much effort into the administration of an unclassified web site.

    You're welcome to piss into the wind if you want, but it makes you look like a fool who's unable to distinguish between a trivial invasion of privacy that occurs when you visit nearly any web site, and a constitution crisis provoked when the President of the United States puts himself above the law and assumes unlimited and unreviewed security powers.

    ReplyDelete
  11. Anonymous,

    I think monolithic is a good term for it: massive, slow to change.

    pghmike,

    Pissing in the wind is what we used to refer to as a German Shower (I'm German, fill in your own ethnicity).

    The cookie caper is indeed just a minor sidebar in a much larter issue, which I think you aptly identify as a constitutional crisis. If you look around this site for long, you'll find that's been the major subject covered here in the past month or so.

    ReplyDelete
  12. Uh, guys.

    Gallup says that Bush's disapproval number is 53%. His approval number is 43%, which is about where it's been since Katrina. Life is hard enough without you granting Bush an extra 10 points.

    ReplyDelete
  13. Imagine where Bush would be without his obediant followers distorting facts for him.

    ReplyDelete