Posted on 12/29/2005 8:00:16 AM PST by ShadowAce
NEW YORK (AP) - The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them.
These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake. Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.
"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."
Until Tuesday, the NSA site created two cookie files that do not expire until 2035 - likely beyond the life of any computer in use today.
Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.
"After being tipped to the issue, we immediately disabled the cookies," he said.
Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences. For instance, visitors would not have to repeatedly enter passwords at sites that require them.
But privacy advocates complain that cookies can also track Web surfing, even if no personal information is actually collected.
In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies - those that aren't automatically deleted right away - unless there is a "compelling need."
A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.
Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said clear notice is a must, and 'vague assertions of national security, such as exist in the NSA policy, are not sufficient."
Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The (guideline) doesn't say anything about doing it accidentally."
The Bush administration has come under fire recently over reports it authorized NSA to secretly spy on e-mail and phone calls without court orders.
Since The New York Times disclosed the domestic spying program earlier this month, President Bush has stressed that his executive order allowing the eavesdropping was limited to people with known links to al-Qaida.
But on its Web site Friday, the Times reported that the NSA, with help from American telecommunications companies, obtained broader access to streams of domestic and international communications.
The NSA's cookie use is unrelated, and Weber said it was strictly to improve the surfing experience "and not to collect personal user data."
Richard M. Smith, a security consultant in Cambridge, Mass., questions whether persistent cookies would even be of much use to the NSA. They are great for news and other sites with repeat visitors, he said, but the NSA's site does not appear to have enough fresh content to warrant more than occasional visits.
The government first issued strict rules on cookies in 2000 after disclosures that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. Even a year later, a congressional study found 300 cookies still on the Web sites of 23 agencies.
In 2002, the CIA removed cookies it had inadvertently placed at one of its sites after Brandt called it to the agency's attention.
Here is something to be concerned about:
Potential new unpatched IE exploit ? ~ Yes...may affect other Browsers also...
I do .NET too, but I have experience in Cold Fusion. You know they're running Cold Fusion because of the ".cfm" file extension on their pages.
Lol...never browsed their pages...just landed on their homepage then did a "javascript: alert(document.cookie)"
I juse Firefox and every once in a while go through and remove cookies from those places I don't want (Tools:Options:Privacy:Cookies), checking the box "unless I have removed cookies set by the site" for when to allow cookies. By now, most of the MSM can't set cookies at all, while cookies from Free Republic and others I want remain.
I delete all cache, history, and cookies several times daily. If you want to stay safe in cyberspace, you will too.
While the general presumption is that agencies will not use persistent cookies (better safe than sorry), agencies aren't completely prevented from using them. Persistent cookies are allowed under the conditions that the agency:
IOW, any agency that thinks persistent cookies could be useful for business can use them, but they have to take steps to ensure the public's right to privacy is not infringed and that any resulting information will not be abused.
Yes, I have worked as a webmaster for a federal agency.
I'm lazy. I just use Firefox's Web Developer toolbar to show me the cookies.
Either this guy is a total ignoramus and doesn't know what a "cookie" is, or he's being deliberately disingenuous.
I have Time Warner's Road Runner cable service, with IE6 - and Incredimail. With cable service, I get email even when my browser is not open.
Snort---by their agendas shall ye know them.
Thanks for the link.
Are they claiming CNN doesn't do that?
Aha - a pro
I use a dinky circa 2000 RCA WebTV Plus
No hard drive - no "mouseover & save-as" (no mouse either!) wireless keyboard + backup handheld remote (I use two keyboards)
(I keep it extra-cool with plenty of airflow at all times - This helps a lot)
WebTV/MSN-TVs have a quick & dirty "cookie-viewing" page & "delete cookies" gizmo
Cookies used to slow my connections speeds a tad but MSN's periodic software, plugins, and new features appears to have now got my dinky WebTV cookin' so I not only get no viruses, bugs, worms, Trojans (DNA hint for Slick Willie & Monica) - and I have to use independent website hosts (and imagehosts) and websites to create webpages and store my audios, graphic images, source material, and webpages on.
I have a 15 websites now on many different webhosts & servers. I backup all of my images, audios, and webpages on separate servers - I have been burned by webhosts that "updated to new better servers" and lost much or all of my files and webpages.
"Cookies" must be enabled for me to access about seven Transloaders and .ftp Edit sites I use (no software programs on WebTV) and I have multiple websites, account usernames, passwords - with cookies set to expire usually in 365 days - if there is a longer option I select "900 days".
It would take me forever to reset all of my websites info and Transloader info to what they are - I use some "simple" memorable passwords and some "backup site" passwords that would take a long time for computers to crack.
But by then I already know and change those passwords or delete the complete (copied) website.
During the 2004 Presidential campaign I found my "cookie bin" viewer page WebTV has let me see who and when anyone viewed my images or linked my audios or webpages.
I found that some of the media were actually stupid enough to "hotlink" some of my parody &/or authentic audio and image URLs on their online websites.
So as I always make copies of most all of my files under different file names - and at different servers - I simply "overwrote" new images and audios and webpages that the media's readers would click on.
Nothing obscene or illegal - but not what the media wanted on their permanent online website page archives.
Cookies are a 2-edged sword.
All of these MSM sites put "cookies" on my sites and IP.
I could tell from the dates and times and the URLs exactly what they had visited here on FR or on my webpages and what they "hotlinked".
Journalists are not to smart.
Tim Russert cried on MSNBC that "Newspapers are laying of staff - I depend on them for show-prep."
Timmy Boy - If you do that you will get burned just like Rather, Mapes, NYT, CBS, LAT, WaPo, Newsweek (they hotlinked my .mp3s) etc.
Cookies do not bother me a bit.
My WebTV is not slowed down by them anymore - I have tested connection times - before & after deleting my cookies.
Bill Gates & MSFT may be hated by lots of people - but he sure made an El Cheapo gadget that is immune to viruses, needs no firewalls, software purchases, and appears to be bulletproof - and never any popups either.
AND IT'S AS CHEAP AS DIRT!
I had one (1) receiver go out in 2001 - WebTV Fed-Ex Expressed me by the next day no charge - with a another brand new wireless keyboard, cables, remote (controls my WebTV if walking or sitting - controls 2 TVs, PIP, my huge vintage Marantz stereo receiver/tuner/amp, my VCR/DVD, my speakers - as does my keyboard)
WebTV sent an enclosed note -
"Sorry your WebTV 'Plus' reciever let you down - Please accept a complete new WebTV and use all of the enclosed accessories as spares." - Almost embarrassing - but 2 keyboards, 2 remotes, and miles of cable was handy.
Gates is a real SOB I guess.
Enyhoo - When he bought out WebTV about 1997 he revamped and updated everything and constantly gives us free automatic updates -
Viruses? We don't need no stinkin' viruses!
Popups? We don't need bo stinkin' popups!
My liberal NYC sister was in recently and saw the website and a few webpages I set up for her to email out as Christmas Card "E-Cards" -
She uses a DELL at her office in NYC and could not believe how my dinky WebTV (with my sound system & DirecTV on 2 big TVs at once) performed
Only thing is my 56K dialup makes loading my .mp3s & .wavs and some image-heavy webpages (like my parody FR homepage) slow to load compared to her PC and IP connection speeds.
I was amazed how many PC users in businesses know so little about HTML, codes, writing scripts, etc.
A prisoner of software.
No thanks.
Your comment:
"Cookies are largely harmless and can serve a fine purpose. To limit a web site from using them limits the user's possible experience (if they desire to have one of course)."
Is dead-on.
As Seinfeld might say "He re-cookies (re-gifts) the MSM!"
-
- Just an amateur who learns more every day -
Now if I could get get Charlie Brown's face/head animated like I did Linus & Lucy's......
-
Well, there goes my civil internet liberties. Time to go to court. Only the Bush administration would sink this low.
:) HA!
Weatherbug incidentally...is part of Homeland security.
so ya......me and weatherbug wrestled in the night like a biblical tale.
Its gone.....and my hip is fine : )
Weatherbug was putting junk onto my computer when its not supposed to be spyware...but has Gator tracks everywhere.
Who knows what Homeland security might have been up too.
Well you'd think that if anyone would be obsessive about the very last detail of their web site, spooks would be.
A great graphic!
--
"Got cream cheese?"
Makes a lot more sense than cattle mutilations
But where do they get the English muffins & bagels?
Thanks for the ping!
Sun? Looks like Windoze from here:
If you have Norton Internet Security you can configure it to ask you every time a cookie is about to be set. Your answer is persistent, meaning that if you say "no", that site will forever be denied the ability to set a cookie in your browser.
There's also a lot of good freeware for these kinds of problems here:
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.