The hidden danger of cookies.
Ok, in addition to your waistline, computer style cookies are ready to invade your personal space.

Case in point …

The National Security Agency’s Internet site has been placing files on visitors’ computers that can track their Web surfing activity despite strict federal rules banning most files of that type.

The files, known as cookies, disappeared after a privacy activist complained and The Associated Press made inquiries this week. Agency officials acknowledged yesterday that they had made a mistake.

Nonetheless, the issue raised questions about privacy at the agency, which is on the defensive over reports of an eavesdropping program.

“Considering the surveillance power the N.S.A. has, cookies are not exactly a major concern,” said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington. “But it does show a general lack of understanding about privacy rules when they are not even following the government’s very basic rules for Web privacy.”

Until Tuesday, the N.S.A. site created two cookie files that do not expire until 2035.

Don Weber, an agency spokesman, said in a statement yesterday that the use of the so-called persistent cookies resulted from a recent software upgrade.

Normally, Mr. Weber said, the site uses temporary cookies that are automatically deleted when users close their Web browsers, which is legally permissible. But he said the software in use was shipped with the persistent cookies turned on.

“After being tipped to the issue, we immediately disabled the cookies,” Mr. Weber said.

Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences. For example, visitors would not have to repeatedly enter passwords at sites that require them.

As of late, there has appeared to be a political polarization revolving around the topic of information gathering capabilities and application.

So, is this an example of a nefarious plot to usurp personal rights and establish a “Big Brother-like” world or an honest oversight of software setup?

The stage upon which we define ourselves has been reset by technological innovations and the emphasis needs to be upon redefining boundaries, regardless of political party in office.

Some questions to ponder …

– Is this a partisian political issue?

– Where should the lines be drawn in regards to information gathering?

– Should software companies be held accountable for matters such as insuring personal rights of their users?

Now, to munch on that last tollhouse cookie!

  • I’m sure the NSA excuse is completely true. These days, stored cookies are pretty much the norm, and non-expiring cookies are convenient (although frequently protested by the privacy nuts). If they’re using vendor software, it was probably configured to drop a cookie by default, just as they said. And the legality of it quite possibly wasn’t even something the person who set it up was aware of.

    Which brings me to two issues.

    First, this is a rediculous story. The headlines especially. “AHHHHHHHHH, the NSA is installing illegal tracking systems on your computer, ZOMGWTF!?!” Good grief, it’s a cookie. It’s a useless cookie. I mean, utterly and completely useless. They can basically track your movement on their own site with it, and not much else. If they wanted to, they could just as easily track you by IP address, though obviously much less reliably.

    And second, the legality of it. Ok, so yeah, a security whistle-blower type called them out about it. Great. Incidentally, he apparently did the same for several CIA-run sites awhile back. So we’re talking about someone who spends significant amounts of time being paranoid, visiting various federal intellegence agency websites, and hitting “View Source” a lot. A colossal waste of time of course, but as a “privacy advocate,” it does mean that he’s going to be a lot more familiar with what the agencies are, and are not, allowed to do on their websites. And I would guess, probably also a lot more familiar with that stuff than even the contractors who probably set the site up in the first place. Which of course brings me to the very interesting point that 95% of all Americans have, at some point in their lives, done something illegal enough to land them in jail, and of course, 95% of the population is not in jail. Just because a law has been broken does not mean it’s a big deal. And in this case, the law is silly. I mean, really, really silly. Do I think there should be guidelines in place suggesting that permanent cookies are a bad idea? Oh, absolutely. Permanent cookies have all sorts of undesirable side-effects, not the least of which is misidentification due to shared terminals. (For example, ever had a family member accidentally buy something off Amazon using your account and credit card instead of their own before?) But having a stupid law like this, that will inevitably get broken, is a terrible mistake. If the government, especially, cannot help but break its own laws, it will only serve to bring the law into contempt:

    “A very wise father once remarked, that in the government of his children, he forbade as few things as possible; a wise legislation would do the same. It is folly to make laws on subjects beyond human prerogative, knowing that in the very nature of things they must be set aside. To make laws that man can not and will not obey, serves to bring all law into contempt. It is very important in a republic, that the people should respect the laws, for if we throw them to the winds, what becomes of civil government?”

    — Elizabeth Cady Stanton

    As for the partisan question, I think this may be a classic case of people (media/bloggers) smelling blood in the water and trying to go in for the kill. Except that they are, in this case, either incompetant (the NSA screwed up — hot story!), ignorant (illegal scary orwellian tracking system installed on your computer by the NSA!), or deceitful (well, this isn’t a real story, but publish it anyways, see if we can get some sensationalism going).

    To the extent that people will try to link this incident in with the much more dangerous issue of the illegal wiretaps, yeah, I suppose it could be partisan. But privacy seems to be a privilege that most people on both sides of the argument believe that they are entitled to. So, as always, take what you hear with a grain of salt and be careful about making noise when technological subjects come up, because the Internet’s full of “experts” on the subject matter who love to disagree with you.

    This question though, is the one that really concerned me:

    “Should software companies be held accountable for matters such as insuring personal rights of their users?”

    Absolutely, positively, holy frikken cow, NO!!!!!!!!!!!! The legal landscape for software companies is bad enough as it is already. If you erect a law like that you’ll put at least half the small guys (like myself — grain of salt time) out of business from shear overhead. It’s bad enough we have to do retarded things like ask people for their birthdays to make sure they’re not under 13. “Hi, are you under 13? Please be honest, because I’m supposed to boot you from my website if you’re not actually 13 yet.” I personally consider privacy policies to be a particularly bad idea when over-applied. It is my opinion that the false impression of anonymity so prevalent on the Internet is the single thing most likely to accomplish its early demise. People should know that every action they make on the Internet can be traced back to them unless they take deliberate measures to prevent it (for example, Tor). Instead of constantly trying to guarantee people’s privacy, we should be more clearly demonstrating the distinction between what should be private (e.g. Credit Cards) and what usually should not (real names). And all things not explicitly marked as private should always be assumed public.