Skip to comments.NSA Web Site Places 'Cookies' on Computers
Posted on 12/29/2005 8:00:16 AM PST by ShadowAce
NEW YORK (AP) - The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them.
These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake. Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.
"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."
Until Tuesday, the NSA site created two cookie files that do not expire until 2035 - likely beyond the life of any computer in use today.
Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.
"After being tipped to the issue, we immediately disabled the cookies," he said.
Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences. For instance, visitors would not have to repeatedly enter passwords at sites that require them.
But privacy advocates complain that cookies can also track Web surfing, even if no personal information is actually collected.
In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies - those that aren't automatically deleted right away - unless there is a "compelling need."
Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said clear notice is a must, and 'vague assertions of national security, such as exist in the NSA policy, are not sufficient."
Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The (guideline) doesn't say anything about doing it accidentally."
The Bush administration has come under fire recently over reports it authorized NSA to secretly spy on e-mail and phone calls without court orders.
Since The New York Times disclosed the domestic spying program earlier this month, President Bush has stressed that his executive order allowing the eavesdropping was limited to people with known links to al-Qaida.
But on its Web site Friday, the Times reported that the NSA, with help from American telecommunications companies, obtained broader access to streams of domestic and international communications.
The NSA's cookie use is unrelated, and Weber said it was strictly to improve the surfing experience "and not to collect personal user data."
Richard M. Smith, a security consultant in Cambridge, Mass., questions whether persistent cookies would even be of much use to the NSA. They are great for news and other sites with repeat visitors, he said, but the NSA's site does not appear to have enough fresh content to warrant more than occasional visits.
The government first issued strict rules on cookies in 2000 after disclosures that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. Even a year later, a congressional study found 300 cookies still on the Web sites of 23 agencies.
In 2002, the CIA removed cookies it had inadvertently placed at one of its sites after Brandt called it to the agency's attention.
It's the holiday season! Cookies are everywhere! I know I've eaten way too many this year!...........Those little Danish butter cookies are very addictive............
Name a website that doesn't put cookies on your computer. Now that would be news.
I'm not the biggest computer expert, but the story even says this is pretty darned common.
As far as I am concerned, this is a total non-story and, again, more Tokyo-Rose type bullsh*t. Forgive the language, but I'm sick of it.
If I'm wrong I'll thank anyone for the correction in advance.
Let me get this straight..The NYT,WP, ABC, NBC,CBS and the rest of the lame stream media can put cookies on your computer..but not the federal government trying to hunt down terrorists? I wonder if they realize how ridiculous they sound complaining about this?
The media is getting desperate for dirt.
They were probably planning to write a story on how hard
it was to navigate the NSA site, discovered it wasn't,
and decided to make that the story.
Every "outraged" liberal who reads this on any on-line
news site will be doing so on a site that not only uses
preference cookies, but runs ads with real tracking
cookies, not all benign.
A website that places cookies on your computer -- oh the horror of it.
CNN is cooking this up something fierce, telling its naive viewers that this a "tracking mechanism" to spy on web surfers.
Yep, but this slant of the story can make it seem as if Bush really is trying to keep his eye on us. No mention of how easy it is to delete cookies either.
Here go to my website and I'll give you a cookie too.
OH, The Horrors!
Exactly, the cookie monster is built into all computers.
Just delete them and put your history folder on 0.
What a load of malarky.
God Bless America!
At least they don't bombard us with pop-ups!
Ya mean the same ones used by every other site to track your computer? Run AD-AWARE SE [It's free], and I guarantee that many will be surprised by who is tracking their every move.
Most browsers can delete and block cookies, no biggie.
That's right. Now if the NSA starts putting pop-up ads on their site I might be a little miffed. No excuse for that! ;-p
If No Such Agency wanted to track you or me they wouldn't have to wait for us to vist their web page. Media idiots.
Macaroons are the bomb. Ooops better not say bomb.
If you hate it, don't go or get your security programs at work. It doesn't take but several steps to disable it. This shows how dumb the complaining liberals are. Cookies... let the cookie monster eat 'em.
This is very good news.......our security services need more 'cookie' factories......maybe they can make 'goodle' research a giant 'cookie' network....
Britain,....China and India.... Needs More Work.....
....and don't forget,....."Narnia" is surely the favorite false profit work of the Billy-goat Clintons and their Homo 'DNC'....support the 'DNC' filosophies and see 'their' Hollywood-Homo-Saypean politics....
/Bill Hybulls and Sick Warren,......not to forget Robert Schiller and other 'Narnia' gnostic-false-christian 'occults'...
The 'DNC' is C.S. Lewis' real KINGDOM.....
OH, NO! The NSA is putting COOKIES on computers that visit their WEBSITE!
There's a high crime and misdemeanor if I ever heard of one!
Big deal over nothing. Yes, government policy says not to do it, but anyone who has ever done server config knows that things can get turned back on automatically, especially in the Microsoft world. Mistakes happen, they fixed it. Forget it.
You wonder if they realize how stupid they will sound when the truth about session cookies is made known. Still, there will be some out there whose tin foil hats will be vibraing in harmonic resonance at this story...
They cant track that cookie when you are surfing away from their site. They cant even read it when you are away and the sites you visit cant be applied to any cookie outside the domain you are browsing.
Can we AT LEAST get some technical expertise to report on this type of stuff????
Vanilla wafer with sprinkles ....Ping.
Great now if my computer would only give me some fresh cold milk...that would be utterly great...
Journalists have the IQ of a rock.
I've visited the NSA's web site before.
Interesting site - especially the historical section where they talk about Enigma, Venona, etc.
Here's the site:
But there's nothing there that could be considered secret or sensitive.
Agreed. I thought I'd post it because it's getting radio air time locally. I thought it was funny when I heard it on the radio.
I already wrote to the author of the article ANICK JESDANUN and told him what an idiot he is .Liberals whining about nothing again
Good grief! Every email you get places cookies on your computer - and if you're so stupid you don't know how to erase them on a daily basis - then you deserve to be spied on!
Web browsers place cookies on a computer, not email.
"Journalists have the IQ of a rock."
No argument with that...lol
I'm going to run my Spybot Search & Destroy and AdWare SE, get rid of all 'malicious cookies' (sarcasm), go to a few different sites like AP, NY Times, Whitehouse, the NSA - run them again and see what gives.
Be back in a few......
What would the Christmas season be without some cookies ........... and milk?
Santa Claus is deeply saddened.
My ISP wanted to put on cookiesSo it's okay for newspapers and news organizations like AP to put tracking cookies on your 'puter but it's a crime when NSA did?
Drudge, puts on cookies
NY TIMES wanted to put on cookies.
Chicago Tribune - cookies
AP.org - COOKIES
Whitehouse - NO COOKIES
Thomas - Ditto
NSA - Same, NO Cookies now.
None of my websites do.
Too bad it wasnt Microsoft...its a Sun os. ;) Sun and their evil ways... lol
If your websites dont have cookies...then it doesnt do anything cool to necessitate them. ;)
Hmmmm?? Then why are there cookies from JCPenney on my computer when I haven't been to their website ..??
Umm... you may not have known it but websites have frames and other jazzy things going on. An iframe could have placed it when you were at some other marketplace.
Advertisements are famous for their iframes and such.
But none of the sites I went to had any connection to JCPenney .. but I suppose that may not matter ..??
But .. some days I don't go to any websites - I'm busy working on Word or Excel - then what .. where do the cookies come from then - because I check it everyday before I turn off my computer.
I haven't been "cool" since I was a teenager 40 years ago.
Big deal The MSM Web Site's have been placings 'Crockies' on Computers for years
The NSA has been running IIS for a while. And it seems a bit stupid to run Sun in the back and use IIS as a proxy.
Im a professional web developer, Im just telling you how cookies work. They arent set by emails unless you use an online email service such as Yahoo or hotmail and use your web browser to view them. Then the advertisements could set cookies.
If you have cookies popping up on your computer without EVER using the internet, you might want to run a scan using microsofts anti-spyware utility (works fantastic regardless of what haters say). Cookies dont just pop up out of nowhere and cant be set in an email client like outlook (unless you have security set to nonexistent).