After 9-year cookie ban, US Government wants to start tracking you online again
Nine years ago, the Office of Management and Budget issued a directive banning Federal agencies from dropping cookies on visitors' computers. On Friday, the White House called for public discussion about whether that policy should continue. Whether you see that as a nod to improved privacy protections and a smarter userbase, or sigh at the encroachments tracking tech has made in a decade, is perhaps a matter of perspective.
The announcement, blogged on the White House site by federal CIO Vivek Kundra and OMB associate administrator for information and regulatory affairs Michael Fitzpatrick and reproduced nearly verbatim in the proposal's listing in the Federal Register (PDF available), says that the point of the policy review is "to develop a new policy that allows the Federal Government to continue to protect the privacy of people who visit Federal websites while, at the same time, making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics."
The proposal describes a three-tiered system for deploying Web tracking tech on Federal sites -- one single-session option and two multi-session options, one focused strictly on analytics and one with a broader scope. The proposal acknowledges that the more comprehensive option may have higher privacy risks and states that there would be other, more stringent restrictions on those tracking mechanisms.
On the OMB blog (where the piece is cross-posted) the high level of discourse indicate that someone's probably moderating (at least lightly) the comments on this proposal. That said, response there is varying.
Some commenters within government have questions about first- and third-party trackers. (Respondents seemed to be fairly negative about the latter possibility.) Other commenters want to know if the analytics data might be made public, in the spirit of transparency. One noted that opt-in, not the proposal's opt-out, is preferable to many privacy-conscious folk.
Commenter "Paul Kincaid," who identifies himself as a security professional, raises the question of authentication. Meanwhile "Jeffrey Chester," speaking for the Center for Digital Democracy, asks why the comment period is so short and calls for a "serious public debate" on the matter, and dismisses persistent cookies out of hand -- drawing some ultra-polite heat from respondent and federal consultant Kochukoshy Cheruvettolil, who suggests that perhaps "the Center for Digital Democracy can provide some positive input on this issue rather than raise the usual concerns which I admit are valid but for which solutions need to be found."
Comments will be accepted through August 10, and may be submitted via email or fax, or through either of two sites listed in the Federal Register.