Boston Blotter: Rehoboth Baby Died, Springfield Girl Almost Shot, Granny Driving Drunk
Sports Redux: Does A Win Mean Anything?
Sports Redux: Rumors of the Celtics' Death Were Greatly Exaggerated
Bostonist is never surprised by revelations about the current administration, so when we learned from local internet security expert Richard Smith that the White House web site uses cookies to keep track of the internet browsing activities of people who visit the site and other programs to keep possibly past content from being archived, well, we weren't like, "OMG!" (Full disclosure: In addition to his web sleuthing duties, Smith is our mother-in-law's husband.) But we were excited to have a proper Boston connection to let us post about the President's snooping proclivities (Smith lives in the South End).
Smith, who spends his days working as a consultant on internet security matters, prowling the web for interesting information, and urging Bostonist to get a better job, made his cookies discovery today and promptly reported it to Bostonist (and the Associated Press). Why is this a big deal? Well, to privacy experts like Smith, cookies are the very essence of what's wrong with the internet, because they let web site operators know where you've been and what you've been doing. The Clinton administration apparently felt this way too, since the Director of the Office of Management and Budget established a no-cookies policy for government web sites in 2000. And the Bush administration has lately had some problems following federal laws regulating electronic snooping.
The "Privacy Policy" page at whitehouse.gov says that the site "will gather and store certain information about your visit automatically. This information does not identify you personally." However, the site then goes on to say that the information gathered includes, among other things, your IP address and "the pages you visit." Now, Bostonist is no interweb genius, but we know how to look stuff up on Wikipedia, and they say that "the unique nature of IP addresses makes it possible in many situations to track which computer — and by extension, which person — has sent a message or engaged in some other activity on the Internet. This information has been used by law enforcement authorities to identify criminal suspects." Smith adds that the cookies on the White House site are actually provided by Web Trends, a company that specializes in this sort of thing, and that they aggregate information from the web sites of other Web Trends customers. In other words, a visit to www.whitehouse.gov might pass on information from previous visits to the web sites of T-Mobile, H&R Block, and, most dangerous of all, the city of Calgary.
Smith also discovered that the White House web site is employing certain programs to prevent search engines from archiving some sections of the site's content. That suggests that there are certain things that used to be on www.whitehouse.gov that the White House would prefer no one looked at ever again. Of course, these might just be embarrassingly wrong Final Four picks and catty e-mail conversations about contestants on last year's Apprentice, but Bostonist isn't so sure, given the President's inclination to say things he later regrets. Some of the sites are still up on the whitehouse.gov server, like this one, which links to a speech in which the President urged Congress not to "micro-manage" the administration, and to give it "managerial flexibility to get the job done right." Some are there but contain no information or have been cleansed of pictures, leaving only captions. And some just lead to an error message. Perhaps the content from all these sites is still available elsewhere, but the White House felt a little sheepish about the fact that all the blocked sites have "911" and "iraq" in the same URL. These are questions that Bostonist has neither the time nor resources to investigate, but since Smith also spoke to someone at the Associated Press, the real-life journalists may soon provide some real-life journalism on this matter. Stay tuned.
add to stumble upon
add to reddit
tweet this
post to facebook
Two things. When a public site that you do not log into uses cookies, there is no harm really. They typically assign a generic "user/session" id to you anonymously and simply use this id to add to their web logs. This enhances their logging ability so that they can know not only which pages were viewed by their visitors, but which pages tend to be viewed together, how long a visitor stays on their site, what page is typically the last page a viewer sees before they abandon the site to go elsewhere. This is all basic site usage and traffic analysis that departments can use to make decisions about how to manage their site. Should we add more sports content? Should we go after advertisers in a specific market? Etc... No harm no foul.
Second, I bounced around the White House site a bit (10 minutes worth) and could not get it to drop a cookie on my browser. Not that I'd mind that though...
Fair enough - I can't pretend to be anything near an expert in this area, so I depend heavily on Richard Smith, who is. He says there's the potential here for significant data-gathering, which goes to Web Trends and can then be used by their clients (in this case, the White House, presumably). For what it's worth, and the cookie is definitely there - you can see it (in Explorer, anyway) under "Privacy Report" in the "View" menu.
I'll concede, too, that cookies aren't necessarily so pernicious, but I am inclined to wonder what sort of site management the folks at whitehouse.gov would do with information gleaned from these cookies. "Add more sports content"? "Go after advertisers in a specific market"? That stuff might fall under the category of opinion polling with an eye toward electoral strategy, but if so, it isn't really the province of a site that uses federal money. I'm not saying anything illegal is going on here (although there is an interesting law review article waiting to be written about whether the government's placement of cookies on people's computers is a violation of the Fourth Amendment), just that it's a little questionable in light of the administration's recent record on privacy and snooping.
Yeah, the whole panic over the cookie thing is utterly idiotic. I thought this story died in 1998 or so.
Sending an HTTP request, that is, just going to their site with your browser, sends them your IP address; otherwise, their server couldn't send the page back to your machine. Any reasonably smart log crunching software can give you pretty much the same information as cookies in most cases.
Cookies are really mostly pernicious from a privacy angle if they are third party cookies (like the ones that Bostonist sets, for example), and then it's sort of arguable.
Wait - aren't these Webtrends cookies the third-party sort? (I'm not being facetious, I'm really asking because this whole thing isn't my area of expertise.)