Fed Cookie Policy Details Emerge

Three-Tiered Approach Presented
Fed Cookie Policy Details Emerge
A month after the Office of Management and Budget announced plans to reconsider the federal government nine-year restriction on the use of cookies - small pieces of browser software that tracks and authenticates web viewing activities by users - two top OMB officials provided details on how cookies could be used by federal agencies.

OMB is considering a three-tiered approach to use web tracking technologies on federal government websites.

According to a blog written by Federal CIO Vivek Kundra and Michael Fitzpatrick, associate administrator of OMB's Office of Information and Regulatory Affairs, the three tiers are:

1. Single-session technologies, which track users over a single session and do not maintain tracking data over multiple sessions or visits;
2. Multi-session technologies for use in analytics, which track users over multiple sessions purely to gather data to analyze web traffic statistics; and<
3. Multi-session technologies for use as persistent identifiers, which track users over multiple visits with the intent of remembering data, settings, or preferences unique to that visitor for purposes beyond what is needed for web analytics.

"We expect that there would be more stringent restrictions or review of the technologies within the tiers that might have higher privacy risks," Fitzpatrick and Kundra, who's official title is OMB administrator of e-government and IT, wrote on the blog posted on the website of the White House Office of Science and Technology Policy.

Last month, in another blog, the two OMB officials outlined ways to enhance citizen participation in government through basic policy changes, including revisions to the current policy cookies.

"We heard a lot of informal comments on that blog, so we decided to pursue the more formal comment route through the Federal Register," they wrote. "The goal of this review is to develop a new policy that allows the federal government to continue to protect the privacy of people who visit federal websites while, at the same time, making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics."

In a blog posted on the White House website this past week, Bev Godwin, director of USA.gov, explained how citizens using the Internet provide their views on the proposed change in federal government cookie policy.

In 2000, during the waning days of the Clinton administration, the OMB director issued a memorandum to ban federal agencies from using certain web-tracking technologies, primarily persistent cookies, due to privacy concerns, unless the agency head approved of these technologies because of a compelling need. "In the ensuing time," the two OMB officials wrote in their most recent blog, "cookies have become a staple of most commercial websites with widespread public acceptance of their use. For example, every time you use a 'shopping cart' at an online store, or have a website remember customized settings and preferences, cookies are being used."

Under the framework OMB is exploring, any federal agency using web tracking technologies on a government website would be subject to basic principles governing the use of such technologies and would be required to:

  • Adhere to all existing laws and policies (including those designed to protect privacy) governing the collection, use, retention, and safeguarding of any data gathered from users;
  • Post clear and conspicuous notice on the website of the use of web tracking technologies;
  • Provide a clear and understandable means for a user to opt-out of being tracked; and
  • Not discriminate against those users who decide to opt-out, in terms of their access to information.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.