- Related Stories
-
Government Web sites are keeping an eye on you
January 5, 2006 -
Study: Cookies in security crosshairs
March 15, 2005
Dozens of U.S. senators are quietly tracking visits to their Web sites even though they have publicly pledged not to do so.
Sixty-six politicians in the U.S. Senate and House of Representatives are setting permanent Web cookies even though at least 23 of them have promised not to use the online tracking technique, a CNET News.com investigation shows.
Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites' data collection practices. In a statement posted on his own Web site, McCain assures visitors that "I do not use 'cookies' or other means on my Web site to track your visit in any way."
What's new:
Although they have promised to abstain from using cookies to track visits to their Web sites, at least 23 U.S. senators do so. Overall, 66 members of Congress use the tracking devices.
Bottom line:
Although there is no rule prohibiting members of Congress from using cookies, such practices have come under fire from privacy advocates, including from politicians who continue to employ cookie ID devices on their Web sites.
But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035.
"ColdFusion was used to design the site by a third-party vendor, and we were not aware of any cookies," McCain's office said in a statement sent to CNET News.com, referring to Adobe Systems' popular Web design software. "The information collected is not used by our office for any purpose, and we are currently in the process of deleting them."
All House members who use cookies either acknowledge it or have privacy policies that are silent on the topic. Of the 23 senators who pledged not to employ cookies but do anyway, 18 are Republicans and five are Democrats.
"It shows their lack of understanding of technology," said Sonia Arrison, director of technology studies at the Pacific Research Institute, a nonprofit group in San Francisco. "It's willful ignorance. They're complete hypocrites. How can they accuse companies of poor data management when they're not doing it on their own Web sites?"
No rule prohibits the use of Web monitoring techniques by Congress. But such a restriction does apply to executive branch agencies. The Pentagon and others scrambled this week to eliminate so-called Web bugs and cookies after inquiries from CNET News.com.
The practice of tracking Web visitors came under fire last week when the National Security Agency was found to be using cookies to monitor visitors. It halted the practice after inquiries from the Associated Press. The White House also was criticized last week for employing a tracking mechanism, created by WebTrends, that used a tiny GIF image.
Cookies are unique ID numbers that a remote Web site hands a browser, which automatically regurgitates them upon subsequent visits. They can be used for something as innocuous as permitting someone to customize a Web site's default language for return visits. In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.
(Like most online media organizations, CNET Networks, the publisher of News.com, uses cookies. That use is detailed in a privacy policy.)
"The irony is rich"
It's ironic for senators to complain about private companies setting cookies and then go ahead and do it themselves, said Jim Harper, director of information studies at the Cato Institute, a free-market think tank.
"They should definitely abide by their privacy policies," Harper said. "The irony is rich."
McCain, for instance, spent years warning that cookies were a problem when used by corporations. "Through the use of cookies and other technologies, network advertisers have the ability to collect and store a great deal of information about individual consumers," McCain said in 2000 (click here for PDF). "This information is collected without the consumer's knowledge or consent."
Similarly, the Senate's Governmental Affairs Committee prepared a report in 2001 saying that 64 federal agency Web sites used permanent cookies. Today, so does the Governmental Affairs Committee.
One bill was even introduced in February 2000 to target corporations' use of cookies. It died in a Senate committee.
In many cases, politicians seemed to be unaware of their use of Web tracking technology until being contacted this week.
A representative for the Senate's top Democrat, Harry Reid of Nevada, said the office's Webmaster had no idea that reid.senate.gov set two cookies scheduled to expire in 2035. After CNET News.com asked about it, the Webmaster started to dig through the code.
"Obviously our office has no idea what we're using these cookies for, because we don't even know they existed," said Ari Rabin-Havt, Reid's director of Internet communications.
One version of Reid's privacy policy is silent about cookie use, but a Spanish-language version pledged not to employ them.
See more CNET content tagged:
cookie, visit, senator, online media, NSA
course, you can "track" people with cookies, but most cookies
these days are to allow session tracking, for internal navigation
of sites, remembering preferences between pages, and other
purposes.
You'd think C|Net would be more sophisticated than the normal
media in this regard. Are they advocating the elimination of
cookies? How can web sites of any sophistication be made
without cookies these days. Anti-cookie hysteria is so 1995.
public, and reads more like something from main consumer
media, than the more sophisticated CNET.
This, and the AP story about cookies from the NSA website,
promote the idea that "cookies are bad". This line of reasoning
seems to be perpetuated by the "security scanning" software
firms that classify the Alexa cookie as a potential malicious MS-
DOS application (as an example).
Confusing the public about the reality of Internet technology
doesn't seem to be a good place for CNET to be.
Does the author really think John McCain or Dirty Harry Reid know if or why their sites use cookies? Does the author really think they are being used for some type of "spying" or being sold to spammers? Come on! I'm no fan of big government and look at government with a wary eye, but even I don't think they are doing this. What type of useful information would they even get out of it?
It's getting to the point where CNet news.com is becoming totally irrelevent to me - a bunch of uninformed, media-hype, fear mongering articles.
The POINT of the article is that McCain and others are slamming those who use cookies and claiming that they don't when in fact the DO use them.
Personally, I value information such as this, if I ever get a chance to vote for or against McCain or one of the others, I will remember that he/she lies through their teeth. I know that all politicians do that, but I now have proof of it in this case.
By the way, I noticed this suspicious cookie on my computer called "Cookie:marc@cnet.com" that expires on 12/30/2037. I guess CNET may be part of this vast right-wing conspiracy.
I always wondered how C-NET was figuring out what articles would get me riled up... must be this cookie-probe they stuck on my computer... reading my thoughts through the keyboard.
I need to invest in thicker aluminium foil, and glue it to my finger tips.
</SARCASM>
Is it a crime with malice or just good marketing strategy?
www.nopieinthesky.net
The entire idea of using foil to protect yourself from mind-readers was put out by those agencies who employ the practice of reading minds.
You have played right into their hands...
Now if they were installing some sort of tracking cookie that was reporting all the users' activities OFF the government sites, THAT would be a concern.
C-NET IS NOT SAYING THE COOKIES ARE TRACKING YOU.
Please for the love of whatever God you subscribe to, read the artical with a incling of inteligence, please. The point of the artical is that these senators said they wouldn't use persistant cookies, and these government agencies are legally not allowed to, but yet they do. It doesn't say they are using these tracking cookies to actually track you, but they could.
I am not an American, but i always thought that law was law, thats it, maybe i am nieve in thinking that a government that went to war for no particular reason and allowed a illeterate retard like G.W.B into the whitehouse would even resemble a real goverment, not the Fisher Price "My First Government" it does now, where the guy who owns it can change the rules half way through because they are losing.
Grow up america, realise that not everyone thinks the same as you and not every artical is merely taking shots at the government
</rant>
The privacy policies state that cookies aren't used to track visitiors, not that cookies aren't used.
Rest assured, no one is using cold fusion session cookies to track users!
How could you? I thought you were better than this. How much longer must cookies endure the bad rap. Your article is irresponsible and inflammatory, but I'll forgive you if you can step out of the pre-2000 cookie phobic timewarp you are living in.
Stop being an anti-cookite. The existence of a persistant cookie in your browser's cache does not mean you are being tracked. Period.
Embrace technology and educate the masses, instead of trying to send them into hysteria. No longer shall cookies share the plight of the spam burger, let the cookies live free of harassment and prejudice!
And if you don't want cookies set, disable them in your browser. Maybe you could have even included a helpful link?
In the meantime, please post more intelligent, informed, and earnest articles that I might actually enjoy reading.
PS: You need to take your "News of Change" slogan to heart and let's start by changing the name and/or existence of this article and replacing the author with someone who actually gives a damn about technology and your readers.
track visits to their Web sites, at least 23 U.S. senators do so."
-Had this been a true statement there might be need for
concern!
When I read this article I had to wonder if c|net and/or the
authors were trying to build up the "cookie fear" or raise
negative hype for Senators and Congress by writing a catchy
headline.
Unfortunately the quoted statement above is completely
inaccurate. There is a difference between malicious and non-
malicious cookies. The cookies used here do NOT store user
information, do NOT track visits, and do NOT intrude on the
user's privacy. The porpose of the cookies used here is to
improve site navigation and usabilty while browsing the site.
I personally am not concerned, nor do I believe that my Senator
is being malicious to me through cookies.
First, on the privacy statement, as I read it, it says that they are not putting cookies or other means to track visits. I assume if you are a journalist, you took an english class? I'll help you out here. This is a compound statement, making the point that they do not use cookies to track or other means to track. Come on now, are you just acting stupid so you can create an issue? If so, then you are a GOOD journalist!
On the cookies themselves, did you even take the time to look at the content? If so, and you continue to call it a "tracking cookie" then you are dishonest and VERY GOOD journalist.
Seriously though, go take a grammer class and a basic webmaster class. Your reporting will improve ten fold (that means a lot).
Secondly, this article is just plain irresponsible on the part of CNET. There is a HUGE difference between tracking users and session management. Coldfusion servers default to using cookies for session management. Of course, I shouldn't have to explain this to CNET. I do remember hearing this short of dialog about cookies before...it was 1995. Well done CNET.
Part 1: http://www.forta.com/blog/index.cfm/2006/1/5/CNet-Newscom-Writers-Demonstrate-Desire-For-Sensationalism-And-Poor-Technical-Understanding
Part 2: http://www.forta.com/blog/index.cfm/2006/1/6/CNet-Newscom-Sensationalism-And-Fearmongering-Part-II
Why has this topic now gotten TWO articles? This is a totally fabricated, irrelevant 'issue'. Is CNET so desperate for ad views that they feel they have to start making up 'controversial' stories? Or is there some sort of jealosy involved with the CNET 'journalists' (term used loosely) being envious of the the mainstream media and wanting to come up with a scoop of their own?
- Cookies != Tracking
- by jsamland January 6, 2006 12:30 PM PST
- --- McCain assures visitors that "I do not use 'cookies' or other means on my Web site to track your visit in any way." But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035. ---
- Reply to this comment
-
-
- trying to sound smart are we
- by Bennet_McGovern January 8, 2006 8:27 PM PST
- the point is, and i dont know how many times i am going to have to expalin this to you people, he said he wouldnt use cookies to track, how do you know what his cookies do, how do you know what information they collect, how do you know what that information is used for, maybe the other side put those cookies on there to see how many people were against them, maybe some script kiddie put it there to have a laugh, who knows. they shouldn't be there, and if they are, people should be informed. as far as i am concerned, anything that installs or copies without your consent is at the leaset spyware and at worst a virus
- View all 2 replies
Processing -
Showing 1 of 2 pages (56 Comments)McCain here says the cookies aren't being used for tracking, he doesn't say that cookies aren't being used. Read the quotes before trying to point fingers, McCullagh. Between this and yesterday's article, you're trying to uncover some cookie tracking conspiracy without any evidence other than to say cookies are present. If the overall point is to say that no government site should set any cookies at all, then that should be it. Say "cookies are being created, they can't do that" rather than "they're setting cookies, so they must be tracking everything we do". But I'll agree, reporting that sites are setting cookies would be very boring, so putting a antitrust spin on it will generate more page clicks.