January 6, 2006 4:00 AM PST
Congress' hands caught in the cookie jar
Dozens of U.S. senators are quietly tracking visits to their Web sites even though they have publicly pledged not to do so.
Sixty-six politicians in the U.S. Senate and House of Representatives are setting permanent Web cookies even though at least 23 of them have promised not to use the online tracking technique, a CNET News.com investigation shows.
Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites' data collection practices. In a statement posted on his own Web site, McCain assures visitors that "I do not use 'cookies' or other means on my Web site to track your visit in any way."
Although they have promised to abstain from using cookies to track visits to their Web sites, at least 23 U.S. senators do so. Overall, 66 members of Congress use the tracking devices.
Although there is no rule prohibiting members of Congress from using cookies, such practices have come under fire from privacy advocates, including from politicians who continue to employ cookie ID devices on their Web sites.
But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035.
"ColdFusion was used to design the site by a third-party vendor, and we were not aware of any cookies," McCain's office said in a statement sent to CNET News.com, referring to Adobe Systems' popular Web design software. "The information collected is not used by our office for any purpose, and we are currently in the process of deleting them."
"It shows their lack of understanding of technology," said Sonia Arrison, director of technology studies at the Pacific Research Institute, a nonprofit group in San Francisco. "It's willful ignorance. They're complete hypocrites. How can they accuse companies of poor data management when they're not doing it on their own Web sites?"
No rule prohibits the use of Web monitoring techniques by Congress. But such a restriction does apply to executive branch agencies. The Pentagon and others scrambled this week to eliminate so-called Web bugs and cookies after inquiries from CNET News.com.
The practice of tracking Web visitors came under fire last week when the National Security Agency was found to be using cookies to monitor visitors. It halted the practice after inquiries from the Associated Press. The White House also was criticized last week for employing a tracking mechanism, created by WebTrends, that used a tiny GIF image.
Cookies are unique ID numbers that a remote Web site hands a browser, which automatically regurgitates them upon subsequent visits. They can be used for something as innocuous as permitting someone to customize a Web site's default language for return visits. In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.
"The irony is rich"
It's ironic for senators to complain about private companies setting cookies and then go ahead and do it themselves, said Jim Harper, director of information studies at the Cato Institute, a free-market think tank.
"They should definitely abide by their privacy policies," Harper said. "The irony is rich."
Similarly, the Senate's Governmental Affairs Committee prepared a report in 2001 saying that 64 federal agency Web sites used permanent cookies. Today, so does the Governmental Affairs Committee.
In many cases, politicians seemed to be unaware of their use of Web tracking technology until being contacted this week.
A representative for the Senate's top Democrat, Harry Reid of Nevada, said the office's Webmaster had no idea that reid.senate.gov set two cookies scheduled to expire in 2035. After CNET News.com asked about it, the Webmaster started to dig through the code.
"Obviously our office has no idea what we're using these cookies for, because we don't even know they existed," said Ari Rabin-Havt, Reid's director of Internet communications.
51 commentsJoin the conversation! Add your comment