Should Cookies Be Used on Federal Web Sites?

David Badertscher*

The Office of Management and Budget (OMB) within the White House is considering whether federal web sites should be permitted to use cookies and other web tracking technologies and is asking for input from the public.

According to Michael Fitzpatrick, an associate administrator with the OMB Office of Information and Regulatory Affairs, “the goal of this review is to develop a new policy that allows the Federal government to continue to protect privacy of people who visit Federa(s)l websites while, at the same time, making these websites more user-friendly, providing better customer service, and allowing for more enhanced analytics”.To read this entire discussion about cookies policy for Federal websites go to the posting by Mr. Fitzpatrick and Vivek Kundra of the Office of Science & Technology Policy Blog To share your comments on the approach outlined in their posting, you can post a comment on the OSTP blog, submit comments directly in response to the Federal Register notice mentioned in the posting, or email them to: oira_submission@omb.eop.gov. Comments submitted by August 10, 2009 in one of these three ways, will be taken into consideration. Responding to this posting directly from the OSTP blog requires registration and other authentication routines before posting.

Questions about whether use of cookies and similar tracking devices should be permitted on federal web sites have been raised before. By the late 1990s these questions were being discussed and debated especially in terms of the impact of their use on privacy resulting in various actions. The Children’s Online Privacy Protection Act of 1998 set forth various standards regarding the collection of personal information online at websites devoted to children. On June 2, 1999, Jacob Lew, then Director of the Office of Management and Budget issued a memorandum “Privacy Policies on Federal Web Sites” which stated that “agencies are to post clear privacy policies on agency principal web sites, as well as at any other known, major entry points to sites, and at any web page where substantial amounts of personal information are posted. Privacy policies must be clearly labeled and easily accessed when someone visits a web site”. That memorandum also provided that “…agencies could only use ‘cookies’ or other automatic means of collecting information if they gave clear notice of those activities”.

The OMB Memorandum from that period which relates most directly to the cookies and tracking devices issues as currently being discussed is Memorandum M-00-13 “Privacy Policies and Data Collection Federal Web Sites” also issued by Mr. Lew on June 22, 2000. In this Memorandum, which I understand is usually considered as the underlying authority for current guidelines regarding the use of cookies and other tracking devices on Federal websites, Mr. Lew writes::” Because of the unique laws and traditions about government access to citizens’ personal information, the presumption should be that “cookies” will not be used at Federal web sites.” The key word here is “presumption” and Mr. Lew goes ahead to specify conditions: “.. unless, in addition to clear and conspicuous notice, the following conditions are met: a compelling need to gather the data on the site; appropriate and publicly disclosed privacy safeguards for handling of information derived from ‘cookies’; and personal approval by the head of the agency”

Looking at some of the current comments on the Office of Science and Technology blog, it appears that although privacy issues are certainly a concern, there is considerably more emphasis on such issues as information security, ease of access, ease of use, using cookies to create more options for automating user-related processes on the web, etc. Clearly there is a division of opinion and all perspectives need to be considered very carefully.

One of my concerns as a law librarian relates whether the greater accessibility of cookies and other web tracking devices on Federal website could have any significant impact on the authenticity and integrity over time of knowledge based information accessed through Federal website. After all ,there is a real probability that in the future we will become increasingly dependant on Federal website as the ultimate authority and repository for primary source information originating from federal agencies. Ultimately, it seems to me that we should be thinking primarily of the concerns of the American people when considering these questions. With that in mind, given the various, sometimes conflicting concerns being expressed, I am wondering if it is feasible to consider creating a system that would enable each individual using a Federal website for either entering or retrieving data to determine at the outset whether he or she wants to use a cookies/tracking enabled version or a non-cookies version of the same Federal website and proceed accordingly. If such an arrangement is not feasible due to technology issues and overall social benefits I would tend to advocate a system which emphasizes privacy, authenticity, and security over convenience of use and immediate gratification, even though it would be nice to have it all. I agree that cookies as such are not bad; it depends on how they are used and how that use is controlled or regulated.

Vivek Kundra, Michael Fitzpatrick, and others are to be commended for their efforts to publicly reach out to others regarding these important issues.
________________________________ *David Badertscher is the Principal Law Librarian at the New York Supreme Court Criminal Term Library, First J D in New York, NY. All opinions expressed in the above posting are strictly his own personal opinions and are not associated in any way with the New York Supreme Court Criminal Term or the State of New York Unified Court System.

Contact Information