It’s one thing to say that the government’s cookie policy needs to change to offer users more control, as we did in Part I of this post. But it’s another thing to create a policy that both protects user privacy and allows for the use of cookies on federal Web sites. The internal and external controls for cookies and state management technologies should be focused on the use of the data they allow to be collected, rather than merely how the data is collected.

Since the creation of the Web, state management tools like cookies have had a wide range of uses. In some cases they’ve provided users with added functionality, but in others, particularly when deployed by third parties, they can be used to track individuals with almost no direct user benefit. Because of the latter category and other concerns about misuse of data collected through user tracking, operators of federal Web sites are currently not allowed to use persistent cookies unless four conditions are met: they provide clear and conspicuous notice of the use of cookies; they demonstrate a compelling need to gather data through cookies; they publicly disclose the privacy safeguards in place for handling any information derived from the use of the cookies; and they obtain personal approval of the use of cookies by the head of the agency.

Because the first three conditions are all essential to the protection of user privacy where cookies are deployed, they should continue to be requirements for operators of federal Web sites that use persistent identifiers of any sort. However, the government cookie policy should be updated so that top agency officials do not need to be involved in technical decisions about cookies or other tracking technologies. Instead, visitors to federal Web sites should be given direct control over whether or not their activities on the sites are tracked using any sort of tracking technology.

It is common today to see “remember me” and “remember my choices” buttons on the Web, federal Web site operators should be allowed to offer these options, too, as long as it is an affirmative choice about whether to participate (an opt-in) with sufficient notice explaining the use of the data collected and the fact that persistent identifiers will be set on their computers. Web site operators should also provide a link to information about the specific state management mechanism being used. However, access to information on a federal Web site shouldn’t depend on whether or not users allow their information to be collected or identifiers placed on their computer.

Federal Web sites offering services that would normally use tracking technologies should find ways of delivering those same services without the tracking. For example, while many popular video services set cookies on any computer that loads a Web page with embedded video, there are many that do not; tracking cookies aren’t needed to actually deliver the video to the user. Federal Web sites could choose to exclusively use a video service that is more protective of user privacy or they could offer users the choice between a video service that uses tracking technology and one that does not. In cases where a persistent identifier such as a cookie ID is used for a single function, such as retaining login information across site visits, users could be offered an explicit choice of either storing the identifier or logging in each time.

More Study Needed

While privacy controls in browsers are improving, industry could be much more innovative than it has been to date in developing state management mechanisms that make privacy controls easier to use. Meanwhile, the government should be creating policies to encourage this innovation, rather than railroading the issue with an inflexible mandate (i.e., the current policy) or eliminating the government-wide policy altogether (a possible alternative).

There are a couple of other areas where more study may be needed:

1) There are a growing number of cases where information about an individual may not be directly personally identifiable, but where the individual has a privacy interest based on the use of the information. IDs of all kinds (including those used in state management mechanisms) and location information are two prominent examples. Today, there are few privacy rules in government to cover these kinds of information.

2) There are clearly some instances where federal Web sites could be greatly improved through the use of monitoring aggregate and individual usage for diagnostic and analytical use. The feasibility of conducting such analysis in a privacy-protective manner deserves further exploration.

A study panel should consider what the appropriate policy guidelines should be for these situations. This panel should assess how policies specific to federal Web sites can allow beneficial uses of cookies and other state management mechanisms while protecting privacy, taking the differences between the types of data commonly collected online into account.

We’d like to thank the Sunlight Labs Team for allowing us to bounce these ideas off of them. Let us know what you think.

CDT’s Alissa Cooper and Heather West also contributed to this piece.

This entry was posted on Friday, January 9th, 2009 at 3:51 pm and is filed under CDT, Consumer Privacy, Open Government. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.