Friday, December 30, 2005

More Shady Shit at the NSA: Agency used banned data-tracking on Web site

First of all, to my regular readers, I hope you have a wonderful New Year. I probably won't be updating for the next few days due to other commitments, so I wanted to make sure everyone had a safe and happy holiday.

Now then, it just keeps getting worse for the NSA. First the wiretaps, and now this (have to love the "it was an accident!" defense):

NEW YORK - The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them.

These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake.

Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.

"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."

Until Tuesday, the NSA site created two cookie files that do not expire until 2035 — likely beyond the life of any computer in use today.

Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.

"After being tipped to the issue, we immediately disabled the cookies," he said.

Strict federal rules
Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences. For instance, visitors would not have to repeatedly enter passwords at sites that require them.

But privacy advocates complain that cookies can also track Web surfing, even if no personal information is actually collected.

In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies — those that aren't automatically deleted right away — unless there is a "compelling need."

A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.

Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said clear notice is a must, and "vague assertions of national security, such as exist in the NSA policy, are not sufficient."

Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The (guideline) doesn't say anything about doing it accidentally."

Posted by crimnos @ 9:34 AM

Read or Post a Comment

I saw a report this morning, that the whitehouse site was also using nearly permanent cookies on it's site.

Sorry, don't have the link handy, but it was on another blog I hit through a couple of links, so if you do a blogger search, you should be able to find it pretty easily.


Posted by Blogger mikevotes @ 10:50 AM #

>ConcertTickets offer premium unique Irvine Bowl . Irvine Bowl may be purchased online through our guaranteed safe and secure server. For faster service please order tickets through our web site .

Posted by Anonymous Irvine Bowl @ 3:17 AM #
<< Home