January 6, 2006 4:00 AM PST

Congress' hands caught in the cookie jar

This is the second story in a two-part investigation. Read the first part here.

Dozens of U.S. senators are quietly tracking visits to their Web sites even though they have publicly pledged not to do so.

Sixty-six politicians in the U.S. Senate and House of Representatives are setting permanent Web cookies even though at least 23 of them have promised not to use the online tracking technique, a CNET News.com investigation shows.

Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites' data collection practices. In a statement posted on his own Web site, McCain assures visitors that "I do not use 'cookies' or other means on my Web site to track your visit in any way."


What's new:
Although they have promised to abstain from using cookies to track visits to their Web sites, at least 23 U.S. senators do so. Overall, 66 members of Congress use the tracking devices.

Bottom line:
Although there is no rule prohibiting members of Congress from using cookies, such practices have come under fire from privacy advocates, including from politicians who continue to employ cookie ID devices on their Web sites.

More stories on this topic

But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035.

"ColdFusion was used to design the site by a third-party vendor, and we were not aware of any cookies," McCain's office said in a statement sent to CNET News.com, referring to Adobe Systems' popular Web design software. "The information collected is not used by our office for any purpose, and we are currently in the process of deleting them."

All House members who use cookies either acknowledge it or have privacy policies that are silent on the topic. Of the 23 senators who pledged not to employ cookies but do anyway, 18 are Republicans and five are Democrats.

"It shows their lack of understanding of technology," said Sonia Arrison, director of technology studies at the Pacific Research Institute, a nonprofit group in San Francisco. "It's willful ignorance. They're complete hypocrites. How can they accuse companies of poor data management when they're not doing it on their own Web sites?"

No rule prohibits the use of Web monitoring techniques by Congress. But such a restriction does apply to executive branch agencies. The Pentagon and others scrambled this week to eliminate so-called Web bugs and cookies after inquiries from CNET News.com.

The practice of tracking Web visitors came under fire last week when the National Security Agency was found to be using cookies to monitor visitors. It halted the practice after inquiries from the Associated Press. The White House also was criticized last week for employing a tracking mechanism, created by WebTrends, that used a tiny GIF image.

Cookies are unique ID numbers that a remote Web site hands a browser, which automatically regurgitates them upon subsequent visits. They can be used for something as innocuous as permitting someone to customize a Web site's default language for return visits. In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.

(Like most online media organizations, CNET Networks, the publisher of News.com, uses cookies. That use is detailed in a privacy policy.)

"The irony is rich"
It's ironic for senators to complain about private companies setting cookies and then go ahead and do it themselves, said Jim Harper, director of information studies at the Cato Institute, a free-market think tank.

"They should definitely abide by their privacy policies," Harper said. "The irony is rich."

Cookie jar infographic

McCain, for instance, spent years warning that cookies were a problem when used by corporations. "Through the use of cookies and other technologies, network advertisers have the ability to collect and store a great deal of information about individual consumers," McCain said in 2000 (click here for PDF). "This information is collected without the consumer's knowledge or consent."

Similarly, the Senate's Governmental Affairs Committee prepared a report in 2001 saying that 64 federal agency Web sites used permanent cookies. Today, so does the Governmental Affairs Committee.

One bill was even introduced in February 2000 to target corporations' use of cookies. It died in a Senate committee.

In many cases, politicians seemed to be unaware of their use of Web tracking technology until being contacted this week.

A representative for the Senate's top Democrat, Harry Reid of Nevada, said the office's Webmaster had no idea that reid.senate.gov set two cookies scheduled to expire in 2035. After CNET News.com asked about it, the Webmaster started to dig through the code.

"Obviously our office has no idea what we're using these cookies for, because we don't even know they existed," said Ari Rabin-Havt, Reid's director of Internet communications.

One version of Reid's privacy policy is silent about cookie use, but a Spanish-language version pledged not to employ them.


Join the conversation!
Add your comment
Cookies not necessarily "online tracking"
Cookies are a basic web technology used for many purposes. Of
course, you can "track" people with cookies, but most cookies
these days are to allow session tracking, for internal navigation
of sites, remembering preferences between pages, and other

You'd think C|Net would be more sophisticated than the normal
media in this regard. Are they advocating the elimination of
cookies? How can web sites of any sophistication be made
without cookies these days. Anti-cookie hysteria is so 1995.
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
I know...
...Cnet is drifting away.. off into the land of scare reporting.. pandering to mainstream for pagehits... bye...bye...
Posted by lewissalem (167 comments )
Link Flag
Cookie confusion?
Reporting on cookies as "user tracking" is simply misleading the
public, and reads more like something from main consumer
media, than the more sophisticated CNET.

This, and the AP story about cookies from the NSA website,
promote the idea that "cookies are bad". This line of reasoning
seems to be perpetuated by the "security scanning" software
firms that classify the Alexa cookie as a potential malicious MS-
DOS application (as an example).

Confusing the public about the reality of Internet technology
doesn't seem to be a good place for CNET to be.
Posted by skepticoverlord (2 comments )
Reply Link Flag
Utterly ridiculous
This article is utterly ridiculous. Blindly linking cookies to something nefarious is silly.

Does the author really think John McCain or Dirty Harry Reid know if or why their sites use cookies? Does the author really think they are being used for some type of "spying" or being sold to spammers? Come on! I'm no fan of big government and look at government with a wary eye, but even I don't think they are doing this. What type of useful information would they even get out of it?

It's getting to the point where CNet news.com is becoming totally irrelevent to me - a bunch of uninformed, media-hype, fear mongering articles.
Posted by fafafooey (171 comments )
Reply Link Flag
Pay Attention Now
The point of the article is NOT that cookies are or may be used to track people accessing a web site.
The POINT of the article is that McCain and others are slamming those who use cookies and claiming that they don't when in fact the DO use them.
Personally, I value information such as this, if I ever get a chance to vote for or against McCain or one of the others, I will remember that he/she lies through their teeth. I know that all politicians do that, but I now have proof of it in this case.
Posted by Mortimer14 (6 comments )
Link Flag
Pretty silly
Ohhh....18 Republicans and 5 Democrats.....guess it's just a "culture of cookie corruption" here! I'm sure glad you to made that point clear.

By the way, I noticed this suspicious cookie on my computer called "Cookie:marc@cnet.com" that expires on 12/30/2037. I guess CNET may be part of this vast right-wing conspiracy.
Posted by mmichaels (85 comments )
Reply Link Flag
C-NET has put a probe in my computer!
I always wondered how C-NET was figuring out what articles would get me riled up... must be this cookie-probe they stuck on my computer... reading my thoughts through the keyboard.

I need to invest in thicker aluminium foil, and glue it to my finger tips.
Posted by arluthier (112 comments )
Reply Link Flag
C-NET monitoring?
I wonder if C-Net place cookies for the same purposes?
Is it a crime with malice or just good marketing strategy?
Posted by nopieinthesky (8 comments )
Link Flag
You fell victim...
The alluminum foil trick actually enhances mind-scanning technologies by focusing the brain wave activity and in so doing making it a stronger signal to read.

The entire idea of using foil to protect yourself from mind-readers was put out by those agencies who employ the practice of reading minds.

You have played right into their hands...
Posted by zaznet (1138 comments )
Link Flag
perfectly legitimate and very common practice
There's nothing sneaky about the service WebTrends offers, it's primarily a way to see how users are using a website to help the site owners better maintain and design the site. It's not about clandestinely watching a users every move to use against them later, it's about seeing what they use, how often they use it and how they got there in an effort to improve site navigation and content.

Now if they were installing some sort of tracking cookie that was reporting all the users' activities OFF the government sites, THAT would be a concern.
Posted by DaClyde (96 comments )
Reply Link Flag
I thought cookies were something we ate
It is a tracking cookie. All cookies probably are. Why else would someone shove one up somebody elses computer?
Posted by casper2004 (267 comments )
Link Flag
Talk about FUD and fear mongering
I am really disappointed that c|net would post such a technically inaccurate, incendiary article. The presence of a cookie does not mean the user is being tracked. There are all kinds of legitimate, beneficial uses of them, and it is ridiculous tripe like this story that just causes confusion and fear about them. The authors of the article don't have the first clue what they are talking about, and have decided just to make lurid and vague statements to make it seem like Congress members are doing something nefarious. If c|net has any integrity, they will revise the article and the cheap, cliched title and can the authors.
Posted by cristianodiaz (31 comments )
Reply Link Flag
I don't think this was the intent of the article
At least, I hope that the intent of the article was not to misconstrue the purpose of cookies. I believe that it was more of an intent to point out that Congress is all for passing laws to try to control technology uses, but often has little understanding of the technology, or even compliance with their own set technology policies. Yet Congress has no problem with nailing corporations to the wall with ill-conceived technology laws. That's my interpretation of this article anyway.
Posted by chance1298 (3 comments )
Link Flag
You dont seem to get it

Please for the love of whatever God you subscribe to, read the artical with a incling of inteligence, please. The point of the artical is that these senators said they wouldn't use persistant cookies, and these government agencies are legally not allowed to, but yet they do. It doesn't say they are using these tracking cookies to actually track you, but they could.

I am not an American, but i always thought that law was law, thats it, maybe i am nieve in thinking that a government that went to war for no particular reason and allowed a illeterate retard like G.W.B into the whitehouse would even resemble a real goverment, not the Fisher Price "My First Government" it does now, where the guy who owns it can change the rules half way through because they are losing.

Grow up america, realise that not everyone thinks the same as you and not every artical is merely taking shots at the government

Posted by Bennet_McGovern (23 comments )
Link Flag
Much ado about nothing
Why is this even on the front page?? This is just as dumb as saying that God has smitten Sharone...

The privacy policies state that cookies aren't used to track visitiors, not that cookies aren't used.

Rest assured, no one is using cold fusion session cookies to track users!
Posted by Akakadak (2 comments )
Reply Link Flag
Silly c|net, cookies are your friend and you are the enemy
Dear c|net,

How could you? I thought you were better than this. How much longer must cookies endure the bad rap. Your article is irresponsible and inflammatory, but I'll forgive you if you can step out of the pre-2000 cookie phobic timewarp you are living in.

Stop being an anti-cookite. The existence of a persistant cookie in your browser's cache does not mean you are being tracked. Period.

Embrace technology and educate the masses, instead of trying to send them into hysteria. No longer shall cookies share the plight of the spam burger, let the cookies live free of harassment and prejudice!

And if you don't want cookies set, disable them in your browser. Maybe you could have even included a helpful link?

In the meantime, please post more intelligent, informed, and earnest articles that I might actually enjoy reading.

PS: You need to take your "News of Change" slogan to heart and let's start by changing the name and/or existence of this article and replacing the author with someone who actually gives a damn about technology and your readers.
Posted by BobVila (1 comment )
Reply Link Flag
Not Enough Homework
"Although they have promised to abstain from using cookies to
track visits to their Web sites, at least 23 U.S. senators do so."

-Had this been a true statement there might be need for

When I read this article I had to wonder if c|net and/or the
authors were trying to build up the "cookie fear" or raise
negative hype for Senators and Congress by writing a catchy

Unfortunately the quoted statement above is completely
inaccurate. There is a difference between malicious and non-
malicious cookies. The cookies used here do NOT store user
information, do NOT track visits, and do NOT intrude on the
user's privacy. The porpose of the cookies used here is to
improve site navigation and usabilty while browsing the site.

I personally am not concerned, nor do I believe that my Senator
is being malicious to me through cookies.
Posted by jeffmar (1 comment )
Reply Link Flag
Whale of an issue
While this may not have been the porpose of the article, cnet is doing a great job of making a whale of an issue.
Posted by rightturnclyde (2 comments )
Link Flag
Holy mackerel! Have you no sole?
I think the moral here is that you can tune a piano but you can't tuna fish. But all of this floundering around is getting ridiculous. In fact, the whole article smells fishy to me.
Posted by rightturnclyde (2 comments )
Link Flag
Are you guys real journalists?
I'm just curious if you understand grammer or anything about cookies?

First, on the privacy statement, as I read it, it says that they are not putting cookies or other means to track visits. I assume if you are a journalist, you took an english class? I'll help you out here. This is a compound statement, making the point that they do not use cookies to track or other means to track. Come on now, are you just acting stupid so you can create an issue? If so, then you are a GOOD journalist!

On the cookies themselves, did you even take the time to look at the content? If so, and you continue to call it a "tracking cookie" then you are dishonest and VERY GOOD journalist.

Seriously though, go take a grammer class and a basic webmaster class. Your reporting will improve ten fold (that means a lot).
Posted by PaulMann (1 comment )
Reply Link Flag
How do you know they're not tracking?
The point of this story was that government agencies were violating rules by using cookies at all. The rule was made so they coulcn't deploy cookies that could be used for tracking because government entities have a very extensive track record of abusing every thing they can. I wouldn't be a bit surprised if the NSA and the CIA, in particular, were using them for tracking.
Posted by Michael Grogan (308 comments )
Reply Link Flag
In what way could they use cookies for "tracking"?
Posted by skepticoverlord (2 comments )
Link Flag
Thank you...there is light in this tunnel
Exactly, exactly, exactly. All these anti C-Net people are looking at this from the wrong direction. It is like looking at gun laws from the point of the bullets, please, READ, if you still dont get it READ again, and stop posting your "C-net is scaremongering" and "maybe then you will be a GOOD journalist" etc. Another tip is to read the whole artical, not the big bold by-line and then form an opinion. I know you have a short attention span but give it a go, maybe your should try taking a day to read it or something. Think people, think
Posted by Bennet_McGovern (23 comments )
Link Flag
I thought CNET was a tech site?
First off, let me say that the CNET Asia site leaves a cookie on your machine which expires in 2010.

Secondly, this article is just plain irresponsible on the part of CNET. There is a HUGE difference between tracking users and session management. Coldfusion servers default to using cookies for session management. Of course, I shouldn't have to explain this to CNET. I do remember hearing this short of dialog about cookies before...it was 1995. Well done CNET.
Posted by (1 comment )
Reply Link Flag
Congressional Cookies
Congress people lie about most everything why wouldn't they be expected to lie about cookies on their websites? I don't visit their sites so they can cookie all they want to.
Posted by ErvServer (25 comments )
Reply Link Flag
Get the facts
I have blogged responses to both parts of this story:

Part 1: <a class="jive-link-external" href="http://www.forta.com/blog/index.cfm/2006/1/5/CNet-Newscom-Writers-Demonstrate-Desire-For-Sensationalism-And-Poor-Technical-Understanding" target="_newWindow">http://www.forta.com/blog/index.cfm/2006/1/5/CNet-Newscom-Writers-Demonstrate-Desire-For-Sensationalism-And-Poor-Technical-Understanding</a>

Part 2: <a class="jive-link-external" href="http://www.forta.com/blog/index.cfm/2006/1/6/CNet-Newscom-Sensationalism-And-Fearmongering-Part-II" target="_newWindow">http://www.forta.com/blog/index.cfm/2006/1/6/CNet-Newscom-Sensationalism-And-Fearmongering-Part-II</a>
Posted by BenForta (2 comments )
Reply Link Flag
Nail on the head
I think you've hit the nail right on the head with those blog entries. Maybe you should start a tech news site!
Posted by (402 comments )
Link Flag
I can't look at your blog...
It uses cookies and Cnet said they are very bad. Why are you trying to track me on the Internet! Are you a spy? :-)
Posted by fafafooey (171 comments )
Link Flag
CNET becoming a joke?
Not that I've ever believed CNET's reporting was first rate, but c'mon, this is getting rediculous even for them.

Why has this topic now gotten TWO articles? This is a totally fabricated, irrelevant 'issue'. Is CNET so desperate for ad views that they feel they have to start making up 'controversial' stories? Or is there some sort of jealosy involved with the CNET 'journalists' (term used loosely) being envious of the the mainstream media and wanting to come up with a scoop of their own?
Posted by (402 comments )
Reply Link Flag
Yes - they are
CNet is obviously a left-leaning liberal pseudo-news wannabe organization. They have correctly associated the majority of open-source proponents with left-wing liberalism, and they are catering to their base.
Posted by David Arbogast (1709 comments )
Link Flag
reasons for this story?
Are the cookie stories being used to help sell more anti-spyware/ anti-cookie software listed on Download.com or sponsoring C|Net?
Posted by genericbrandx (3 comments )
Reply Link Flag
Cookies != Tracking
--- McCain assures visitors that "I do not use 'cookies' or other means on my Web site to track your visit in any way." But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035. ---

McCain here says the cookies aren't being used for tracking, he doesn't say that cookies aren't being used. Read the quotes before trying to point fingers, McCullagh. Between this and yesterday's article, you're trying to uncover some cookie tracking conspiracy without any evidence other than to say cookies are present. If the overall point is to say that no government site should set any cookies at all, then that should be it. Say "cookies are being created, they can't do that" rather than "they're setting cookies, so they must be tracking everything we do". But I'll agree, reporting that sites are setting cookies would be very boring, so putting a antitrust spin on it will generate more page clicks.
Posted by jsamland (3 comments )
Reply Link Flag
trying to sound smart are we
the point is, and i dont know how many times i am going to have to expalin this to you people, he said he wouldnt use cookies to track, how do you know what his cookies do, how do you know what information they collect, how do you know what that information is used for, maybe the other side put those cookies on there to see how many people were against them, maybe some script kiddie put it there to have a laugh, who knows. they shouldn't be there, and if they are, people should be informed. as far as i am concerned, anything that installs or copies without your consent is at the leaset spyware and at worst a virus
Posted by Bennet_McGovern (23 comments )
Link Flag
Nothing better to do?
Don't you have anything better to do in life?

Sad to see people wasting their lives pursuing such trivial matters!

Get a life.
Posted by Cardiakke (1 comment )
Reply Link Flag
I don't see what the big deal is...
I am a freelance web developer and have designed, created and maintained many many web pages. The fact that cookies are used in at least 99.9% of ALL web pages is a fact and reality.

Most web pages use these cookies not to "track" you but to save your settings and logon information to allow your computer to more quickly load their web page. this is just a hype or scare that is going around and will die with the next big scare.

This web site uses cookies. All web designers making large-scale webpages will design them using cookies. BWI's website uses cookies, Google uses cookies, CNN uses cookies. Why so hard on the government? I bet these senators did not even know that these pages that more than likely they did not design or manage themselves, were designed using cookies. So don't get all high and mighty or come down hard on these people. They do their jobs and thats enough, they shouldn't have to worry wether or not their webpage has a cookie or two on it.

The fact that some malicious websites use cookies to track your information is not a big issue, and has been going on for at least 15 years. If you don't go to www.questionablewebsite.com then you will not have to worry about getting bad cookies on your computer.

I can't wait until I hear people complaining and sueing places like Ebay and Paypal for their use of cookies. "Oh, their stealing our information about where we live and our banks and stuff!", duh.
Posted by neurotap (1 comment )
Reply Link Flag
Dial 9-11!!!!!!


Posted by gerhard_schroeder (311 comments )
Reply Link Flag
I caught the government AGAIN!
Check out this link. Some of their latest spying techniques.

<a class="jive-link-external" href="http://www.olg.cc/Rev/FBI/FBI.htm" target="_newWindow">http://www.olg.cc/Rev/FBI/FBI.htm</a>
Posted by mmichaels (85 comments )
Reply Link Flag
Bigger Issue Is IP Loging
The Cookies Controversy is a red herring for more serious visitor tracking. When visiting a government site I always assume that I am being fully tracked and logged. To maintain some sense of privacy, which is my Constitutional right as a citizen, I use anonymous proxy servers. Here is one such server that you may want to consider, and it is free. Note that the free version does not allow "posting" to visited sites. <a class="jive-link-external" href="http://www.the-cloak.com/anonymous-surfing-home.html" target="_newWindow">http://www.the-cloak.com/anonymous-surfing-home.html</a>

If you need posting capability, and want a more robust cloaking technology, you can use a product such as Anonymizer.
<a class="jive-link-external" href="http://www.anonymizer.com/consumer/products/anonymous_surfing/" target="_newWindow">http://www.anonymizer.com/consumer/products/anonymous_surfing/</a>
Posted by Stating (869 comments )
Reply Link Flag
Notice all the negative comments
I cannot believe they are continuing to push this pathetic excuse for journalism, even promoting it again on the weekend. My opinion of c|net has dropped substantially. What agenda do they have here? It obviously is not an agenda of competent journalism, as this story is a joke.
Posted by cristianodiaz (31 comments )
Reply Link Flag
Why even mention ColdFusion.
There isn't a web technology out there that can't set a cookie, from Java to JavaScript. I've just clicked "Post a comment" on this article and C|Net knows who I am? Ever heard of the statelessness of the web? Well, cookies are just about the last line of defense in a stateless www.
Posted by coldfury.us (2 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.