NSA Web Site Plants 'Cookies' on Computers

By ANICK JESDANUN
AP Internet Writer

December 29, 2005, 5:18 AM EST


NEW YORK -- The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them.

These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake. Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.

"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."

Until Tuesday, the NSA site created two cookie files that do not expire until 2035 -- likely beyond the life of any computer in use today.

Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.

"After being tipped to the issue, we immediately disabled the cookies," he said.



Keith’s Barbeque Central

The rule or law discouraging them on federal websites is silly.

COOKIES SUCK. They are a pain in the ass. When I enter a site that tries to set numerous cookies I click out of all the cookies and leave. Many cookies are tracking cookies. They are of no use to the web surfer they are only important to the lame ass webmaster for gathering information about you and his site. The only cookies that are of any use is if you use internet banking or are lazy and don't want to type your user name and password into your favorite forum. http://directory.google.com/Top/Computers/Security/Internet/Privacy/Cookies/

Yes, they allow most DUers use their personalized forums without logging in.

It's a pain in the butt for us developers to give the user any kind of personalized experience without cookies, and if you do, it makes it more difficult for your website users to share links with others.

How do you see cookies as bad?

biggest law breaker around, isn't it.

home computers, story at 11.

nice job

For all kinds of things. They are not a real privacy threat and are probably a total non-issue here. I could probably set a cookie on your computer from a post at DU.

as opposed to private corporations, who can do whatever the hell they want

when folks complained about it, if I recall correctly.

Any coincidence that media apparently get all excited telling us about the "threat" to privacy posed by website cookies while trying to portray the issue of the gov't spying on communications without warrants or even FISA review in contravention of the Consitution and Fed law as a mere political issue?

In the range of illegal acts perpetrated by this Administration, persistent cookies on websites isn't even a gnat compared to what else they're up to. It's a distraction with which the MSM is happy to provide us.

whether great or small.

spying on citizens' communications and activities without due process a tad more significant than violations of Fed regulations on persistent cookie use on Fed websites.

Compare and contrast the harm of one vs the other. They're simply not at all in the same league although by some responses it appears people think they are part and parcel of the same bag. They really aren't, not even by a stretch. Persistent cookies do not pose a threat to the Republic or even to website visitors, despite people's apparent fear of cookies. Bush's actions in regards to surveillance and the Constitution do.

Which is why of course the media jumped on the cookies story as a "threat" and presents the surveillance issue as a relativistic matter based on political bent rather than a clear and present danger to our liberties.

the spying without due process is more egregious than breaking the law by putting a persistent cookie on a machine. However, from a broader level, they are both evidences of the callous disregard the government has for following the law. At some point, it will be sheer overload of all the various things this administration has done to break the law, but I prefer to keep it as yet another string in a handful of strings to the point that they are lawbreakers... period.

screwup as they said it was since, as noted internet privacy advocate Richard Smith remarked in an article yesterday, persistent cookies don't really serve much of a purpose for the NSA. The NSA's weblogs will tell them far more about a user than their cookies.

People outraged by cookies should recognize a basic fact of net use: just visiting a site provides the site with more info than a mere cookie can give them. (BrowserSpy, if anyone's interested, can give people an idea of what info is available just by visiting a site: http://gemal.dk/browserspy/ )

So I don't view the use of persistent cookies as an intentionally nefarious act. It doesn't have much utility as a purposeful act. Hence I suspect it was likely the result of an oversight rather than a criminal enterprise.

Whereas there is no question that the Administration's warrantless surveillance of US citizens was intentional and they knew it was wrong simply by the attempts they've made to justify it by quasilegal voodoo bullshit perpetrated by their hack lawyers.

the use of persistent cookies was brought to their attention, they protested that they have a team of privacy experts who look out for things like that. And yet, they didn't comply with the law until it was brought to their attention.

cookie they received? A mere glance shows the name of site and the date of expiration. I suggest they were full of it or need new "experts." Check out the cookies in your browser's cookie folder and see the info available without even opening the cookie itself.

And what law was broken? This is repeatedly stated but so far can anyone cite the specific law?

I've only found policy docs at the OMB http://www.whitehouse.gov/omb/privacy/website_privacy.html that appear to form the basis for Fed policy regarding use of cookies on Fed websites. If there was a law specfically addressing the use of cookies one would have thought they would have cited it as the governing authority. Instead they adopted a policy. Which is not a law.

"The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them."

Cookies don't "track" anything. Cookies just store bits of information that have no relevance once you leave a site. If you never return to that site, the cookie is useless.

... of the website, but the same can be accomplished by tracking the visitor's IP instead of cookie.

Cookies store information, but are a poor mechanism for gathering it. And they can't trace the ID of a computer, just check whether or not a computer has been to the site before.

If you really want to snoop, cookies are not the way to go.

too
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=104x5712455

Keith’s Barbeque Central

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=104&topic_id=5709218&mesg_id=5709218

I think it is more like they were doing it until caught by someone.

Does Homer Simpson work at the NSA... Talk about your bad publicity...


Doug D.