Potential gov't cookie policy change prompts concerns

IDG News Service - A potential change in the U.S. government's policy that would permit the broad use of Web cookies on government sites could "allow the mass collection of personal information," according to the American Civil Liberties Union.

The ACLU filed comments today on a proposal by the White House Office of Management and Budget to allow greater use of cookies on government Web sites. Since 2000, the OMB has permitted U.S. government Web sites to use cookies in limited cases, when there's a "compelling need" to gather the data, publicly disclosed privacy safeguards and personal approval by the head of the agency.

But the OMB and Vivek Kundra, the federal CIO, proposed late last month to broaden the use of cookies. Doing so would "create a more open and innovative government," Kundra and Michael Fitzpatrick, associate administrator of the OMB Office of Information and Regulatory Affairs, said in a blog post July 24.

Kundra and Fitzpatrick blogged about the potential use and rules of using multisession tracking cookies and persistent cookies. In their blog post, they asked for input on a new cookie policy.

"The implications of allowing the government to collect and store such information are staggering," wrote Christopher Calabrese, counsel for the ACLU's Technology & Liberty Project, in the comments filed on the cookie proposal. "As great as the privacy concerns are with the private use of cookies, their use by the government implicates privacy rights at a much more fundamental level. Americans use the Internet for everything. It is impossible to even summarize everything that the use of cookies might reveal to the government."

A spokesman with the White House Office of Science and Technology wasn't immediately available for comment on the ACLU concerns.

The ACLU isn't necessarily opposed to the U.S. government using cookies in some circumstances, but there need to be strong privacy safeguards in place, said Michael Macleod-Ball, acting director of the ACLU Washington Legislative Office.

"We'll have to put some very shielded boxes around the information that's being collected, retained and used," he said.

The Kundra and Fitzpatrick blog post also said the government shouldn't discriminate against Web surfers who opt out of government cookies. But Macleod-Ball suggested that the government should get opt-in permission before it assigns tracking cookies to visitors of government Web sites.

"I don't think the opt-out thing works for us in a government context," he said.

Many private Web sites allow users to opt out of tracking technologies, but few get opt-in permission before issuing tracking cookies.

While Macleod-Ball said he wasn't opposed to the government's use of some cookies, several people posting comments on OSTP's blog said they were opposed to the government collecting personal data.