Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

NSA Web Site Places 'Cookies' on Computers
Excite News ^ | 29 December 2005 | ANICK JESDANUN

Posted on 12/29/2005 8:00:16 AM PST by ShadowAce

NEW YORK (AP) - The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them.

These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake. Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.

"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."

Until Tuesday, the NSA site created two cookie files that do not expire until 2035 - likely beyond the life of any computer in use today.

Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.

"After being tipped to the issue, we immediately disabled the cookies," he said.

Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences. For instance, visitors would not have to repeatedly enter passwords at sites that require them.

But privacy advocates complain that cookies can also track Web surfing, even if no personal information is actually collected.

In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies - those that aren't automatically deleted right away - unless there is a "compelling need."

A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.

Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said clear notice is a must, and 'vague assertions of national security, such as exist in the NSA policy, are not sufficient."

Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The (guideline) doesn't say anything about doing it accidentally."

The Bush administration has come under fire recently over reports it authorized NSA to secretly spy on e-mail and phone calls without court orders.

Since The New York Times disclosed the domestic spying program earlier this month, President Bush has stressed that his executive order allowing the eavesdropping was limited to people with known links to al-Qaida.

But on its Web site Friday, the Times reported that the NSA, with help from American telecommunications companies, obtained broader access to streams of domestic and international communications.

The NSA's cookie use is unrelated, and Weber said it was strictly to improve the surfing experience "and not to collect personal user data."

Richard M. Smith, a security consultant in Cambridge, Mass., questions whether persistent cookies would even be of much use to the NSA. They are great for news and other sites with repeat visitors, he said, but the NSA's site does not appear to have enough fresh content to warrant more than occasional visits.

The government first issued strict rules on cookies in 2000 after disclosures that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. Even a year later, a congressional study found 300 cookies still on the Web sites of 23 agencies.

In 2002, the CIA removed cookies it had inadvertently placed at one of its sites after Brandt called it to the agency's attention.


TOPICS: Constitution/Conservatism; Culture/Society; Government; Technical
KEYWORDS: cookies; notagain; nsa; website
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-82 next last
To: Grampa Dave
What can I say....the vermin are everywhere....

Here is something to be concerned about:

Potential new unpatched IE exploit ? ~ Yes...may affect other Browsers also...

61 posted on 12/29/2005 10:01:18 AM PST by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 59 | View Replies]

To: smith288
Do you have some intimate knowledge of their web dept or something?

I do .NET too, but I have experience in Cold Fusion. You know they're running Cold Fusion because of the ".cfm" file extension on their pages.

62 posted on 12/29/2005 10:18:55 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 56 | View Replies]

To: antiRepublicrat
I do .NET too, but I have experience in Cold Fusion. You know they're running Cold Fusion because of the ".cfm" file extension on their pages.

Lol...never browsed their pages...just landed on their homepage then did a "javascript: alert(document.cookie)"

63 posted on 12/29/2005 10:22:30 AM PST by smith288 (Peace at all cost makes for tyranny free of charge...)
[ Post Reply | Private Reply | To 62 | View Replies]

To: Grampa Dave
Twice a day, I use SBC/Yahoo's new cookie spotter and remove all new cookies. My computer runs much better.

I juse Firefox and every once in a while go through and remove cookies from those places I don't want (Tools:Options:Privacy:Cookies), checking the box "unless I have removed cookies set by the site" for when to allow cookies. By now, most of the MSM can't set cookies at all, while cookies from Free Republic and others I want remain.

64 posted on 12/29/2005 10:23:03 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 57 | View Replies]

To: ShadowAce

I delete all cache, history, and cookies several times daily. If you want to stay safe in cyberspace, you will too.


65 posted on 12/29/2005 10:24:21 AM PST by devane617 (An Alley-Cat mind is a terrible thing to waste)
[ Post Reply | Private Reply | To 1 | View Replies]

To: smith288
That statute is somewhat illogical however. Cookies are largely harmless and can serve a fine purpose. To limit a web site from using them limits the user's possible experience

While the general presumption is that agencies will not use persistent cookies (better safe than sorry), agencies aren't completely prevented from using them. Persistent cookies are allowed under the conditions that the agency:

In addition, any site must comply with COPPA (Children's Online Privacy Protection Act), which limits the amount of and how information can be gathered about children. COPPA is why on a BBS you usually see a checkbox to state you are over 13. A general-audience site legally doesn't have to bother with COPPA if it requires that be checked before gathering any data.

IOW, any agency that thinks persistent cookies could be useful for business can use them, but they have to take steps to ensure the public's right to privacy is not infringed and that any resulting information will not be abused.

Yes, I have worked as a webmaster for a federal agency.

66 posted on 12/29/2005 10:43:11 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 58 | View Replies]

To: smith288
Lol...never browsed their pages...just landed on their homepage then did a "javascript: alert(document.cookie)"

I'm lazy. I just use Firefox's Web Developer toolbar to show me the cookies.

67 posted on 12/29/2005 10:48:17 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 63 | View Replies]

To: ShadowAce
These files, known as "cookies," disappeared after a privacy activist complained ...

Either this guy is a total ignoramus and doesn't know what a "cookie" is, or he's being deliberately disingenuous.

68 posted on 12/29/2005 12:37:14 PM PST by Publius6961 (The IQ of California voters is about 420........... .............cumulatively)
[ Post Reply | Private Reply | To 1 | View Replies]

To: smith288

I have Time Warner's Road Runner cable service, with IE6 - and Incredimail. With cable service, I get email even when my browser is not open.


69 posted on 12/29/2005 2:14:34 PM PST by CyberAnt ( I believe Congressman Curt Weldon re Able Danger)
[ Post Reply | Private Reply | To 50 | View Replies]

To: Grampa Dave

Snort---by their agendas shall ye know them.

Thanks for the link.


70 posted on 12/29/2005 3:28:49 PM PST by Liz (You may not be interested in politics; doesn't mean politics isn't interested in you. Pericles)
[ Post Reply | Private Reply | To 59 | View Replies]

To: angkor

Are they claiming CNN doesn't do that?


71 posted on 12/29/2005 3:31:07 PM PST by Howlin (Defeatism may have its partisan uses, but it is not justified by the facts. - GWB, 12/18/05)
[ Post Reply | Private Reply | To 9 | View Replies]

To: smith288; Grampa Dave; John Robinson; Jim Robinson; potlatch; ntnychik; Interesting Times; ...


Aha - a pro

I use a dinky circa 2000 RCA WebTV Plus

No hard drive - no "mouseover & save-as" (no mouse either!) wireless keyboard + backup handheld remote (I use two keyboards)

(I keep it extra-cool with plenty of airflow at all times - This helps a lot)

WebTV/MSN-TVs have a quick & dirty "cookie-viewing" page & "delete cookies" gizmo

Cookies used to slow my connections speeds a tad but MSN's periodic software, plugins, and new features appears to have now got my dinky WebTV cookin' so I not only get no viruses, bugs, worms, Trojans (DNA hint for Slick Willie & Monica) - and I have to use independent website hosts (and imagehosts) and websites to create webpages and store my audios, graphic images, source material, and webpages on.

I have a 15 websites now on many different webhosts & servers. I backup all of my images, audios, and webpages on separate servers - I have been burned by webhosts that "updated to new better servers" and lost much or all of my files and webpages.

"Cookies" must be enabled for me to access about seven Transloaders and .ftp Edit sites I use (no software programs on WebTV) and I have multiple websites, account usernames, passwords - with cookies set to expire usually in 365 days - if there is a longer option I select "900 days".

It would take me forever to reset all of my websites info and Transloader info to what they are - I use some "simple" memorable passwords and some "backup site" passwords that would take a long time for computers to crack.

But by then I already know and change those passwords or delete the complete (copied) website.

During the 2004 Presidential campaign I found my "cookie bin" viewer page WebTV has let me see who and when anyone viewed my images or linked my audios or webpages.

I found that some of the media were actually stupid enough to "hotlink" some of my parody &/or authentic audio and image URLs on their online websites.

So as I always make copies of most all of my files under different file names - and at different servers - I simply "overwrote" new images and audios and webpages that the media's readers would click on.

Nothing obscene or illegal - but not what the media wanted on their permanent online website page archives.

Cookies are a 2-edged sword.

All of these MSM sites put "cookies" on my sites and IP.

I could tell from the dates and times and the URLs exactly what they had visited here on FR or on my webpages and what they "hotlinked".

Journalists are not to smart.

Tim Russert cried on MSNBC that "Newspapers are laying of staff - I depend on them for show-prep."

Timmy Boy - If you do that you will get burned just like Rather, Mapes, NYT, CBS, LAT, WaPo, Newsweek (they hotlinked my .mp3s) etc.

Cookies do not bother me a bit.

My WebTV is not slowed down by them anymore - I have tested connection times - before & after deleting my cookies.

Bill Gates & MSFT may be hated by lots of people - but he sure made an El Cheapo gadget that is immune to viruses, needs no firewalls, software purchases, and appears to be bulletproof - and never any popups either.

AND IT'S AS CHEAP AS DIRT!

I had one (1) receiver go out in 2001 - WebTV Fed-Ex Expressed me by the next day no charge - with a another brand new wireless keyboard, cables, remote (controls my WebTV if walking or sitting - controls 2 TVs, PIP, my huge vintage Marantz stereo receiver/tuner/amp, my VCR/DVD, my speakers - as does my keyboard)

WebTV sent an enclosed note -

"Sorry your WebTV 'Plus' reciever let you down - Please accept a complete new WebTV and use all of the enclosed accessories as spares." - Almost embarrassing - but 2 keyboards, 2 remotes, and miles of cable was handy.

Gates is a real SOB I guess.

Enyhoo - When he bought out WebTV about 1997 he revamped and updated everything and constantly gives us free automatic updates -

Viruses? We don't need no stinkin' viruses!

Popups? We don't need bo stinkin' popups!


My liberal NYC sister was in recently and saw the website and a few webpages I set up for her to email out as Christmas Card "E-Cards" -

She uses a DELL at her office in NYC and could not believe how my dinky WebTV (with my sound system & DirecTV on 2 big TVs at once) performed

Only thing is my 56K dialup makes loading my .mp3s & .wavs and some image-heavy webpages (like my parody FR homepage) slow to load compared to her PC and IP connection speeds.

I was amazed how many PC users in businesses know so little about HTML, codes, writing scripts, etc.

A prisoner of software.

No thanks.


Your comment:

"Cookies are largely harmless and can serve a fine purpose. To limit a web site from using them limits the user's possible experience (if they desire to have one of course)."

Is dead-on.


As Seinfeld might say "He re-cookies (re-gifts) the MSM!"

-



- Just an amateur who learns more every day -



Now if I could get get Charlie Brown's face/head animated like I did Linus & Lucy's......



-


72 posted on 12/29/2005 6:37:24 PM PST by devolve (<-- (-in a manner reminiscent of Senator Gasbag F. Kohnman-)
[ Post Reply | Private Reply | To 58 | View Replies]

To: devolve

Well, there goes my civil internet liberties. Time to go to court. Only the Bush administration would sink this low.

:) HA!


73 posted on 12/29/2005 7:47:07 PM PST by writer33 (Rush Limbaugh walks in the footsteps of giants: George Washington, Thomas Paine and Ronald Reagan.)
[ Post Reply | Private Reply | To 72 | View Replies]

To: devolve
I have no idea if Weatherbug....which came with my xp is evil.
What I do know is that getting RIP of weatherbug from your computer is like going toe to toe with Satan.
Was reading on the net how geek techs where freaking out...as weatherbug rewrote keys after removal and was back for start up.

Weatherbug incidentally...is part of Homeland security.

so ya......me and weatherbug wrestled in the night like a biblical tale.

Its gone.....and my hip is fine : )

Weatherbug was putting junk onto my computer when its not supposed to be spyware...but has Gator tracks everywhere.
Who knows what Homeland security might have been up too.

74 posted on 12/29/2005 9:14:41 PM PST by Light Speed
[ Post Reply | Private Reply | To 72 | View Replies]

To: antiRepublicrat
I'm betting what they did is upgrade Cold Fusion, and the new install turned cookies on.

Well you'd think that if anyone would be obsessive about the very last detail of their web site, spooks would be.

75 posted on 12/29/2005 9:20:18 PM PST by HiTech RedNeck
[ Post Reply | Private Reply | To 55 | View Replies]

To: ShadowAce
http://www.raaow.com/Pictures/120702/Got%20Milk.jpg
76 posted on 12/29/2005 9:37:46 PM PST by MilleniumBug (Pattycake, Pattycake, Wilson's the man...Bake me a yellowboy fast as you can.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MilleniumBug


A great graphic!

--

"Got cream cheese?"



Makes a lot more sense than cattle mutilations



But where do they get the English muffins & bagels?





77 posted on 12/29/2005 10:14:37 PM PST by devolve (<-- (-in a manner reminiscent of Senator Gasbag F. Kohnman-)
[ Post Reply | Private Reply | To 76 | View Replies]

To: devolve

Thanks for the ping!


78 posted on 12/29/2005 10:53:25 PM PST by Alamo-Girl
[ Post Reply | Private Reply | To 72 | View Replies]

To: smith288; antiRepublicrat
its a Sun os. ;) Sun and their evil ways... lol

Sun? Looks like Windoze from here:

http://toolbar.netcraft.com/site_report?url=www.nsa.gov

79 posted on 12/30/2005 5:07:22 AM PST by angkor
[ Post Reply | Private Reply | To 42 | View Replies]

To: devane617; ShadowAce
I delete all cache, history, and cookies several times daily. If you want to stay safe in cyberspace, you will too.

If you have Norton Internet Security you can configure it to ask you every time a cookie is about to be set. Your answer is persistent, meaning that if you say "no", that site will forever be denied the ability to set a cookie in your browser.

There's also a lot of good freeware for these kinds of problems here:

http://www.rickmaybury.com/profile.html

80 posted on 12/30/2005 5:17:15 AM PST by angkor
[ Post Reply | Private Reply | To 65 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-82 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson