Congress' hands caught in the cookie jar

(continued from previous page)

Neither the House nor the Senate regulates whether its members may employ Web bugs or cookies, and neither requires privacy policies. Instead, the internal rules tend to cover topics such as restrictions on content and campaigning, design suggestions and guidelines for file names.

In general, it's up to individual Webmasters for senators' sites to set appropriate policies, said Senate Webmaster Cheri Allen.

"If there's a question as to whether something is appropriate, they would take that to the Rules Committee, which would then rule on each individual issue," Allen said.

The House also has no formal privacy requirements or cookie limitations for the sites it hosts.

"The statutes that require sites to have privacy policies or that put restrictions on the use of cookies--the E-Government Act of 2002 and the Children's Online Privacy Protection Act--do not apply to House offices," said Brian Walsh, spokesman for the House Administration Committee, which sets the Web rules.

The committee does, however, suggest that House sites post some version of a

Inadvertent cookie invocation
The most common breed of cookie returned by the legislative sites is generated by ColdFusion, a popular Adobe Systems Web-authoring program. Many Senate Webmasters rely on the program for their Web scripting, and the central Senate.gov servers run ColdFusion, said Allen, the Senate Webmaster.

Some versions of ColdFusion appear to set certain cookies to a default "persistent" setting that causes them to expire 30 years later. But Web developers can alter the expiration date or entirely stop the use of cookies.

Another variant appeared on the site of Rep. Jim Nussle, R-Iowa, who published a chunk of JavaScript on his site that lets people click to translate the page in Altavista.com. But in doing so, it automatically sets a cookie for Altavista.com.

Some congressional staffers defended Web tracking as benign or essential to their sites' operations. (Besides Nussle's example, no third-party tracking cookies or Web bugs appeared on congressional Web sites.)

A two-year cookie lives at the home page of Sen. Ted Stevens, the Alaska Republican who presides over the Commerce Committee. The device appears to remember a visitor's screen font-size preferences, ranging from 10 point to 14 point, for subsequent visits. Spokeswoman Courtney Boone said any information collected is not used to monitor hits or visitors to the site.

"It probably was written in by a programmer unintentionally," she said. "We don't use anything from the Web site to collect information on people that use our Web site."

Federal agencies also tended to express surprise that they were using permanent cookies. A 2003 rule generally prohibits federal agencies from doing so.

"They are very old applications that have been around a long time," Janet Barnes, chief information officer for the Office of Personnel Management, said Thursday. Removing the cookies is "what we're going to do directly now that we know that they're there."

Barnes said, however, that "we don't believe we are in any way violating the intent of the policy"--and that because the information collected was never subjected to data-mining, "this is more of a technical correction" to come into compliance.

A representative of the International Broadcasting Bureau, known for its Voice of America service, also said its use of cookies was inadvertent and "the issue has been fixed."

When it comes to Congress, however, the Cato Institute's Harper said there is a lesson to learn.

"Members of Congress committed themselves to information policies that are unworkable given (anti-cookie) phobias in the past," Harper said. "The phobic response to cookies mirrors the phobic response to spam and the spyware problem. We simply can't rely on Congress to deal with difficult technology problems."

[aabcdefghij987654321]

Cookies not necessarily "online tracking"

Cookies are a basic web technology used for many purposes. Of
course, you can "track" people with cookies, but most cookies
these days are to allow session tracking, for internal navigation
of sites, remembering preferences between pages, and other
purposes.

You'd think C|Net would be more sophisticated than the normal
media in this regard. Are they advocating the elimination of
cookies? How can web sites of any sophistication be made
without cookies these days. Anti-cookie hysteria is so 1995.

[lewissalem]

I know...

...Cnet is drifting away.. off into the land of scare reporting.. pandering to mainstream for pagehits... bye...bye...

[skepticoverlord]

Cookie confusion?

Reporting on cookies as "user tracking" is simply misleading the
public, and reads more like something from main consumer
media, than the more sophisticated CNET.

This, and the AP story about cookies from the NSA website,
promote the idea that "cookies are bad". This line of reasoning
seems to be perpetuated by the "security scanning" software
firms that classify the Alexa cookie as a potential malicious MS-
DOS application (as an example).

Confusing the public about the reality of Internet technology
doesn't seem to be a good place for CNET to be.

[fafafooey]

Utterly ridiculous

This article is utterly ridiculous. Blindly linking cookies to something nefarious is silly.

Does the author really think John McCain or Dirty Harry Reid know if or why their sites use cookies? Does the author really think they are being used for some type of "spying" or being sold to spammers? Come on! I'm no fan of big government and look at government with a wary eye, but even I don't think they are doing this. What type of useful information would they even get out of it?

It's getting to the point where CNet news.com is becoming totally irrelevent to me - a bunch of uninformed, media-hype, fear mongering articles.

[Mortimer14]

Pay Attention Now

The point of the article is NOT that cookies are or may be used to track people accessing a web site.
The POINT of the article is that McCain and others are slamming those who use cookies and claiming that they don't when in fact the DO use them.
Personally, I value information such as this, if I ever get a chance to vote for or against McCain or one of the others, I will remember that he/she lies through their teeth. I know that all politicians do that, but I now have proof of it in this case.

[mmichaels]

Pretty silly

Ohhh....18 Republicans and 5 Democrats.....guess it's just a "culture of cookie corruption" here! I'm sure glad you to made that point clear.

By the way, I noticed this suspicious cookie on my computer called "Cookie:marc@cnet.com" that expires on 12/30/2037. I guess CNET may be part of this vast right-wing conspiracy.

[arluthier]

C-NET has put a probe in my computer!

<SARCASM>
I always wondered how C-NET was figuring out what articles would get me riled up... must be this cookie-probe they stuck on my computer... reading my thoughts through the keyboard.

I need to invest in thicker aluminium foil, and glue it to my finger tips.
</SARCASM>

[nopieinthesky]

C-NET monitoring?

I wonder if C-Net place cookies for the same purposes?
Is it a crime with malice or just good marketing strategy?
www.nopieinthesky.net

[zaznet]

You fell victim...

The alluminum foil trick actually enhances mind-scanning technologies by focusing the brain wave activity and in so doing making it a stronger signal to read.

The entire idea of using foil to protect yourself from mind-readers was put out by those agencies who employ the practice of reading minds.

You have played right into their hands...

[DaClyde]

perfectly legitimate and very common practice

There's nothing sneaky about the service WebTrends offers, it's primarily a way to see how users are using a website to help the site owners better maintain and design the site. It's not about clandestinely watching a users every move to use against them later, it's about seeing what they use, how often they use it and how they got there in an effort to improve site navigation and content.

Now if they were installing some sort of tracking cookie that was reporting all the users' activities OFF the government sites, THAT would be a concern.

[casper2004]

I thought cookies were something we ate

It is a tracking cookie. All cookies probably are. Why else would someone shove one up somebody elses computer?

[cristianodiaz]

Talk about FUD and fear mongering

I am really disappointed that c|net would post such a technically inaccurate, incendiary article. The presence of a cookie does not mean the user is being tracked. There are all kinds of legitimate, beneficial uses of them, and it is ridiculous tripe like this story that just causes confusion and fear about them. The authors of the article don't have the first clue what they are talking about, and have decided just to make lurid and vague statements to make it seem like Congress members are doing something nefarious. If c|net has any integrity, they will revise the article and the cheap, cliched title and can the authors.

[chance1298]

I don't think this was the intent of the article

At least, I hope that the intent of the article was not to misconstrue the purpose of cookies. I believe that it was more of an intent to point out that Congress is all for passing laws to try to control technology uses, but often has little understanding of the technology, or even compliance with their own set technology policies. Yet Congress has no problem with nailing corporations to the wall with ill-conceived technology laws. That's my interpretation of this article anyway.

[Bennet_McGovern]

You dont seem to get it

<rant>
C-NET IS NOT SAYING THE COOKIES ARE TRACKING YOU.

Please for the love of whatever God you subscribe to, read the artical with a incling of inteligence, please. The point of the artical is that these senators said they wouldn't use persistant cookies, and these government agencies are legally not allowed to, but yet they do. It doesn't say they are using these tracking cookies to actually track you, but they could.

I am not an American, but i always thought that law was law, thats it, maybe i am nieve in thinking that a government that went to war for no particular reason and allowed a illeterate retard like G.W.B into the whitehouse would even resemble a real goverment, not the Fisher Price "My First Government" it does now, where the guy who owns it can change the rules half way through because they are losing.

Grow up america, realise that not everyone thinks the same as you and not every artical is merely taking shots at the government

</rant>

[Akakadak]

Much ado about nothing

Why is this even on the front page?? This is just as dumb as saying that God has smitten Sharone...

The privacy policies state that cookies aren't used to track visitiors, not that cookies aren't used.

Rest assured, no one is using cold fusion session cookies to track users!

[BobVila]

Silly c|net, cookies are your friend and you are the enemy

Dear c|net,

How could you? I thought you were better than this. How much longer must cookies endure the bad rap. Your article is irresponsible and inflammatory, but I'll forgive you if you can step out of the pre-2000 cookie phobic timewarp you are living in.

Stop being an anti-cookite. The existence of a persistant cookie in your browser's cache does not mean you are being tracked. Period.

Embrace technology and educate the masses, instead of trying to send them into hysteria. No longer shall cookies share the plight of the spam burger, let the cookies live free of harassment and prejudice!

And if you don't want cookies set, disable them in your browser. Maybe you could have even included a helpful link?

In the meantime, please post more intelligent, informed, and earnest articles that I might actually enjoy reading.

PS: You need to take your "News of Change" slogan to heart and let's start by changing the name and/or existence of this article and replacing the author with someone who actually gives a damn about technology and your readers.

[jeffmar]

Not Enough Homework

"Although they have promised to abstain from using cookies to
track visits to their Web sites, at least 23 U.S. senators do so."

-Had this been a true statement there might be need for
concern!

When I read this article I had to wonder if c|net and/or the
authors were trying to build up the "cookie fear" or raise
negative hype for Senators and Congress by writing a catchy
headline.

Unfortunately the quoted statement above is completely
inaccurate. There is a difference between malicious and non-
malicious cookies. The cookies used here do NOT store user
information, do NOT track visits, and do NOT intrude on the
user's privacy. The porpose of the cookies used here is to
improve site navigation and usabilty while browsing the site.

I personally am not concerned, nor do I believe that my Senator
is being malicious to me through cookies.

[rightturnclyde]

Whale of an issue

While this may not have been the porpose of the article, cnet is doing a great job of making a whale of an issue.

[rightturnclyde]

Holy mackerel! Have you no sole?

I think the moral here is that you can tune a piano but you can't tuna fish. But all of this floundering around is getting ridiculous. In fact, the whole article smells fishy to me.

[PaulMann]

Are you guys real journalists?

I'm just curious if you understand grammer or anything about cookies?

First, on the privacy statement, as I read it, it says that they are not putting cookies or other means to track visits. I assume if you are a journalist, you took an english class? I'll help you out here. This is a compound statement, making the point that they do not use cookies to track or other means to track. Come on now, are you just acting stupid so you can create an issue? If so, then you are a GOOD journalist!

On the cookies themselves, did you even take the time to look at the content? If so, and you continue to call it a "tracking cookie" then you are dishonest and VERY GOOD journalist.

Seriously though, go take a grammer class and a basic webmaster class. Your reporting will improve ten fold (that means a lot).

[Michael Grogan]

How do you know they're not tracking?

The point of this story was that government agencies were violating rules by using cookies at all. The rule was made so they coulcn't deploy cookies that could be used for tracking because government entities have a very extensive track record of abusing every thing they can. I wouldn't be a bit surprised if the NSA and the CIA, in particular, were using them for tracking.

[skepticoverlord]

How?

In what way could they use cookies for "tracking"?

[Bennet_McGovern]

Thank you...there is light in this tunnel

Exactly, exactly, exactly. All these anti C-Net people are looking at this from the wrong direction. It is like looking at gun laws from the point of the bullets, please, READ, if you still dont get it READ again, and stop posting your "C-net is scaremongering" and "maybe then you will be a GOOD journalist" etc. Another tip is to read the whole artical, not the big bold by-line and then form an opinion. I know you have a short attention span but give it a go, maybe your should try taking a day to read it or something. Think people, think

I thought CNET was a tech site?

First off, let me say that the CNET Asia site leaves a cookie on your machine which expires in 2010.

Secondly, this article is just plain irresponsible on the part of CNET. There is a HUGE difference between tracking users and session management. Coldfusion servers default to using cookies for session management. Of course, I shouldn't have to explain this to CNET. I do remember hearing this short of dialog about cookies before...it was 1995. Well done CNET.

[ErvServer]

Congressional Cookies

Congress people lie about most everything why wouldn't they be expected to lie about cookies on their websites? I don't visit their sites so they can cookie all they want to.

[BenForta]

Get the facts

I have blogged responses to both parts of this story:

Part 1: http://www.forta.com/blog/index.cfm/2006/1/5/CNet-Newscom-Writers-Demonstrate-Desire-For-Sensationalism-And-Poor-Technical-Understanding

Part 2: http://www.forta.com/blog/index.cfm/2006/1/6/CNet-Newscom-Sensationalism-And-Fearmongering-Part-II

Nail on the head

I think you've hit the nail right on the head with those blog entries. Maybe you should start a tech news site!

[fafafooey]

I can't look at your blog...

It uses cookies and Cnet said they are very bad. Why are you trying to track me on the Internet! Are you a spy? :-)

CNET becoming a joke?

Not that I've ever believed CNET's reporting was first rate, but c'mon, this is getting rediculous even for them.

Why has this topic now gotten TWO articles? This is a totally fabricated, irrelevant 'issue'. Is CNET so desperate for ad views that they feel they have to start making up 'controversial' stories? Or is there some sort of jealosy involved with the CNET 'journalists' (term used loosely) being envious of the the mainstream media and wanting to come up with a scoop of their own?

[David Arbogast]

Yes - they are

CNet is obviously a left-leaning liberal pseudo-news wannabe organization. They have correctly associated the majority of open-source proponents with left-wing liberalism, and they are catering to their base.

[genericbrandx]

reasons for this story?

Are the cookie stories being used to help sell more anti-spyware/ anti-cookie software listed on Download.com or sponsoring C|Net?

[n3td3v]

CNET Editor shouldnt let this story run

The people you interviewed aren't people who even know what cookies are. The people you've questioned in asking about whats used on a website isn't the person the site is representing, but the people who have designed the site. It's probably the same people designing all of these web sites. Those are the guys you should be questioning, not unsavy members of congress. On another note, corporations using cookies is a whole different ball game from a member of congress's website. I'm anti the U.S gov for the war on Iraq and I am the last person to stick up for them, but on a technical basis, this story is unfair to all parties mentioned. Including that of the way corporate web sites use cookies in comparison to whats going on with congressional sites. Have a good day CNET. Your editor has alot to answer for. I just hope this doesn't turn into another Google, where CNET get snubbed from future press interviews. We'll see I agree congressional websites are wrong to use certain cookie based tactics, but this story is poking at all the wrong angles. Take care next time if you want to win over public opinion on gov site technical affairs.

[n3td3v]

CNET's investigative journalism

The more I review the structure of this story the poorer the whole thing sounds. This is a valid story and important subject, but the arguments and quotes used don't give the topic the justice it deserves. I don't know whats going on at CNET HQ, but you should be hiring "I.T and Security Advisors" to help you with your stories to fight a story on a technical side. This story requires more information into what the cookies are doing in comparison to corporate cookies. Both are completely different. Present your story with technical knowledge next time. This is all just heresay from whats been said in your article. I hope CNET hires some technical advisors next time. Maybe people who have analyised all sites, and researched the people who implemented the cookie functionality, and take them to task over it, not members of congress!

[jsamland]

Cookies != Tracking

--- McCain assures visitors that "I do not use 'cookies' or other means on my Web site to track your visit in any way." But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035. ---

McCain here says the cookies aren't being used for tracking, he doesn't say that cookies aren't being used. Read the quotes before trying to point fingers, McCullagh. Between this and yesterday's article, you're trying to uncover some cookie tracking conspiracy without any evidence other than to say cookies are present. If the overall point is to say that no government site should set any cookies at all, then that should be it. Say "cookies are being created, they can't do that" rather than "they're setting cookies, so they must be tracking everything we do". But I'll agree, reporting that sites are setting cookies would be very boring, so putting a antitrust spin on it will generate more page clicks.

[Bennet_McGovern]

trying to sound smart are we

the point is, and i dont know how many times i am going to have to expalin this to you people, he said he wouldnt use cookies to track, how do you know what his cookies do, how do you know what information they collect, how do you know what that information is used for, maybe the other side put those cookies on there to see how many people were against them, maybe some script kiddie put it there to have a laugh, who knows. they shouldn't be there, and if they are, people should be informed. as far as i am concerned, anything that installs or copies without your consent is at the leaset spyware and at worst a virus