hands in the cookie jar

Looks like the NSA has been caught with their hands in the cookie jar--the electronic sort. Now, most sites use cookies to remember info and it comes in handy, oftentimes. However, the NSA has these things called "rules" that they're supposed to follow when it comes to cookies on computers and privacy. Surprise, surprise--they didn't. Of course, it was "an accident". From the NYT:

The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most files of that type.

The files, known as cookies, disappeared after a privacy activist complained and The Associated Press made inquiries this week. Agency officials acknowledged yesterday that they had made a mistake.

Sure. Sure it was a mistake. Uh-huh.

Ari Schwartz, associate director at the Center for Democracy and Technology (a privacy advocacy group in Washington) put it well when he said:

"Considering the surveillance power the N.S.A. has, cookies are not exactly a major concern but it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."

So just what caused this "ooopsie" that the NSA broke strict federal rules? Why, it was software!

Don Weber, an agency spokesman, said in a statement yesterday that the use of the so-called persistent cookies resulted from a recent software upgrade.

Normally, Mr. Weber said, the site uses temporary cookies that are automatically deleted when users close their Web browsers, which is legally permissible. But he said the software in use was shipped with the persistent cookies turned on.

Because the NSA doesn't employ software engineers that (a) build custom stuff; or (b) aren't smart enough to know to check the upgrade for such things? Really? Seriously?

But it gets more twisted in that:

In a 2003 memorandum, the Office of Management and Budget at the White House prohibited federal agencies from using persistent cookies - those that are not automatically deleted right away - unless there is a "compelling need."

A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.

Interesting, eh?

By the way, until Tuesday, the NSA site had created two cookies that don't expire until 2035. Damn software upgrades, they cause all sorts of "mistakes".

Shakesville is run as a safe space. First-time commenters: Please read Shakesville's Commenting Policy and Feminism 101 Section before commenting. We also do lots of in-thread moderation, so we ask that everyone read the entirety of any thread before commenting, to ensure compliance with any in-thread moderation. Thank you.

blog comments powered by Disqus