NSA Caught With The Cookies

zardo writes "The associated press is reporting that the NSA is putting cookies on visiting computers. Apparently it is unlawful for the government to put anything but a session cookie out unless it's expressed in the site's privacy policy." From the article: "Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on. ... In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies _ those that aren't automatically deleted right away _ unless there is a 'compelling need.' A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy."

I call shenanigans.

[TripMaster+Monkey]

From TFA:

Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.

"After being tipped to the issue, we immediately disabled the cookies," he said.

Honest enough mistake, right? Not, really, as it's happened before.

Here's a snippet from a 2002 Associated Press article (available here):

WASHINGTON (AP) - The CIA got caught with a hand in the Internet cookie jar.

The agency removed tracking software known as a "cookie" from one of its Web sites this week after a private group discovered the banned practice, said Mike Stepp, who manages the CIA's public Web site.

"It was a mistake on our part. It was not intentional," Stepp said Tuesday. "The public does not need to be concerned that the CIA is tracking them. We're a bit busy to be doing that."

Stepp said an outside company had redesigned the reading room Web site, which was posted to the Internet on Jan. 29.

"Unbeknownst to us, it was loaded with some software, commercial off-the-shelf software used for Web analysis," Stepp said. The software included a cookie that tracked repeat visitors to the site.

(Disclaimer: Yes, I am aware that the CIA and the NSA are different agencies. However, that shouldn't preclude one learning from the other's foul-ups.)

So either one or both agencies in question are simply incompetent, or lying to us. Which do you think is more plausible?

Re:I call shenanigans.

[Belseth]

Got to say people are getting too casual about cutting government employees slack for invading rights out of ignorance. They are american citizens and should be aware of those basic rights. Planting a 30 year cookie isn't an oops. No matter what is said I'd be more shocked if the information wasn't scanned for hot websites. Remember back in the day you could be labelled a commie for subscribing to Mother Earth News. They should know that the governemnt can't legally monitor US citizens without a court order but the President doesn't seem to know that one. What qualifications does a governemnt official have to have? Breathing? Yes they were building a website but they were working for the bloody NSA which should hold a higher standard. If it was a goof it's the kind that gets people fired. If no one was fired I'd tend to believe it was officially sanctioned. People are starting to think of basic rights as no big deal. Take away those rights and we get police state. Bush has got us half way there and hardly anyone has taken notice which is terrifying. In England cameras are starting to monitor your every move and in Japan the police don't need a warrant to search your house. We take a lot for granted in this country. It's sad to see our basic rights given up without a fight much less being noticed by the average person.

The Priorities Are Right Here

[TubeSteak]

Your analogy is wrong.

On its face, your point may seem 'interesting' or 'insightful', but that is only because you are ignoring the fact that U.S. government websites are not like every other website. Government websites are extensions of the state.

We don't want the NSA/CIA/government websites to contain persistent cookies,
IN THE EXACT SAME WAY THAT WE DON'T WANT THE NSA WIRETEAPPING US.

Instead of comparing this to "every other website in the world", try comparing the behavior to every other government in the world.

The issue isn't necessarily about cookies, it is about principles. The principle being that the U.S. Government does not track or snoop on its citizens.