NationStates Jolt Archive


NSA Web Site Puts 'Cookies' on Computers

NYCT
29-12-2005, 02:10
NEW YORK - The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them.




These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake. Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.

"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."

Until Tuesday, the NSA site created two cookie files that do not expire until 2035 — likely beyond the life of any computer in use today.

Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.

"After being tipped to the issue, we immediately disabled the cookies," he said.

Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences. For instance, visitors would not have to repeatedly enter passwords at sites that require them.

But privacy advocates complain that cookies can also track Web surfing, even if no personal information is actually collected.

In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies — those that aren't automatically deleted right away — unless there is a "compelling need."

A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.

Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said clear notice is a must, and `vague assertions of national security, such as exist in the NSA policy, are not sufficient."

Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The (guideline) doesn't say anything about doing it accidentally."

The Bush administration has come under fire recently over reports it authorized NSA to secretly spy on e-mail and phone calls without court orders.

Since The New York Times disclosed the domestic spying program earlier this month, President Bush has stressed that his executive order allowing the eavesdropping was limited to people with known links to al-Qaida.

But on its Web site Friday, the Times reported that the NSA, with help from American telecommunications companies, obtained broader access to streams of domestic and international communications.

The NSA's cookie use is unrelated, and Weber said it was strictly to improve the surfing experience "and not to collect personal user data."

Richard M. Smith, a security consultant in Cambridge, Mass., questions whether persistent cookies would even be of much use to the NSA. They are great for news and other sites with repeat visitors, he said, but the NSA's site does not appear to have enough fresh content to warrant more than occasional visits.

The government first issued strict rules on cookies in 2000 after disclosures that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. Even a year later, a congressional study found 300 cookies still on the Web sites of 23 agencies.

In 2002, the CIA removed cookies it had inadvertently placed at one of its sites after Brandt called it to the agency's attention.

http://news.yahoo.com/s/ap/20051228/ap_on_hi_te/spy_agency_privacy
Eutrusca
29-12-2005, 02:18
Almost every site out there puts "cookies" on visitors' computers. The NSA doing so doesn't disturb me in the slightest. Now if they tried to put "spyware" on my PC, as Jolt tries to do, that would be a bit more noteworthy.
Neu Leonstein
29-12-2005, 02:24
Now if they tried to put "spyware" on my PC, as Jolt tries to do, that would be a bit more noteworthy.
Seconded.

I got myself a McAffee trial version recently...I couldn't believe my eyes. :mad:
Colodia
29-12-2005, 02:28
What kinda jerk named these things "cookies" anyway? Everytime I have to deal with these things I crave a chocolate chip!
Eutrusca
29-12-2005, 02:28
Seconded.

I got myself a McAffee trial version recently...I couldn't believe my eyes. :mad:
Heh! It's a frakking epidemic! Jolt will back off occasionally, then hit us with several attempts to install spyware everytime we click on a new thread or post. I suspect it at least partially accounts for some of the periods of slowness on here.
The Black Forrest
29-12-2005, 02:31
Seconded.

I got myself a McAffee trial version recently...I couldn't believe my eyes. :mad:

Dump that puppy. It's pretty whimpy since their lawyers define what is spyware(ie what would get them sued if they removed it).

Counterspy much better!
Eutrusca
29-12-2005, 02:31
What kinda jerk named these things "cookies" anyway? Everytime I have to deal with these things I crave a chocolate chip!
LOL! Have a bit of a craving problem do we? :D

I first heard of cookies back in the early 90s. I have no idea who coined the term though. In all fairness, quite a few sites use them to identify returning visitors in order to guide them to new material or otherwise improve the visitor's surfing experience. But many sites are somewhat less ... shall we say "noble" in their intent? :D
Fraternity and Liberty
29-12-2005, 02:32
No big deal. The NSA cookies are inoffensive and put there by accident anyways.

...But since when do people visit the NSA's web site? 0_o Online terror alert or something?
Eutrusca
29-12-2005, 02:32
Dump that puppy. It's pretty whimpy since their lawyers define what is spyware(ie what would get them sued if they removed it).

Counterspy much better!
I've used Spybot for several years now. Seems to work just fine for me.
Eutrusca
29-12-2005, 02:33
No big deal. The NSA cookies are inoffensive and put there by accident anyways.

...But since when do people visit the NSA's web site? 0_o Online terror alert or something?
"Keep your friends close and keep your enemies even closer." Take your pick. :)
The Black Forrest
29-12-2005, 02:35
I've used Spybot for several years now. Seems to work just fine for me.

It's a good product for a small shop. Don't know if he added more people to help him out.

We had to get a commercial solution as managing spybot for 600 computers got to be a pain.

If you don't have money, spybot for sure.

If you do, counterspy!
Liverbreath
29-12-2005, 02:38
The NSA doesn't need cookies to track you. Microsoft kindly provided them with their own keys as far back as Win98. If the NSA is tracking your system, you would never know it until the day after your conviction.
Monkeypimp
29-12-2005, 02:56
I use ad-aware and spybot. They both miss things.
Lights Blessing
29-12-2005, 02:57
*Eating cookies* Damn this topic. Mmm home baked christmas cookies mmm.
Eutrusca
29-12-2005, 03:01
*Eating cookies* Damn this topic. Mmm home baked christmas cookies mmm.
Hehehe! GIMME dat! :D
Sel Appa
29-12-2005, 04:28
Almost every site out there puts "cookies" on visitors' computers. The NSA doing so doesn't disturb me in the slightest. Now if they tried to put "spyware" on my PC, as Jolt tries to do, that would be a bit more noteworthy.
Jolt puts spyware? Nooooooooooooooooooooooooooooooo
The Soviet Americas
29-12-2005, 04:31
Do you know anything about cookie technology? They don't do anything pertaining to privacy.

Sorry to burst your bubble.
Liverbreath
29-12-2005, 04:58
Do you know anything about cookie technology? They don't do anything pertaining to privacy.

Sorry to burst your bubble.

Yes, I know a great deal about cookie technology and it is actually your bubble that will burst. One need only go back to the Double Click settlement for an illustration as to one method they can be used for illicit purposes. Like anything else in the IT world, cookie technology, can, has been and will be abused by some.
Nyuujaku
29-12-2005, 05:29
Heh, anyone who allows cookies by default is just asking for it. I always set my browser(s) to ask permission for each cookie, and 99.99% of them get perma-denied.

That said, having our security agencies acting like data-mining companies is kinda creepy...