Lately it seems that any policy put forward by the Administration is immediately suspected of carrying some kind of hidden agenda. When President Obama asked supporters of health care reform to forward emails to him, which made outlandish claims about the pending bills, the wing nuts were out in force, claiming that a Nixon-era enemies list was in the offing, while other opponents decried the practice as having a chilling effect on free speech. Now comes a similar ill-informed outcry, from friend and foe alike, in response to proposed changes in the government's "cookie policy."
The Obama Administration has made a strong commitment to making the government more open and transparent and to better engage citizens in key decisions. Upgrading government web sites is key to that agenda. The White House Office of Management and Budget is retooling the current federal policy that governs how federal agencies are allowed to place "cookies" on citizens' computers to track their visits to agency web sites. These small cookie files can be used to identify all sorts of information about you to whoever placed the cookie there in the first place. Under the current policy, cookies are banned unless a head of an agency signs off on their use. That makes it all but impossible for government websites to incorporate Web 2.0 technologies that have been developed in the last decade.
The Obama Administration understood that it could not simply lift the ban on cookies; the use of these tools must be deployed within a context that would ensure the privacy of citizens. And any new policy must continue to cover all web tracking technologies, not just cookies.
The irony here is that while the new policy is likely to build in new privacy protections and give citizens choices about the use of cookies, the policy that it will replace had no such safeguards. Under the current policy, once an agency head approves the use of cookies, it's all you can eat. By contrast the recently proposed framework sets out general principles governing agency website use of tracking technologies and contemplates an escalating set of privacy protections based on the potential privacy impact.
It's a good start. But as my organization, the Center for Democracy & Technology, outlined in comments to the OMB, together with the Electronic Frontier Foundation, there is still room for improvement. Among our recommendations to make sure the new policy has the best privacy protections: requiring agencies to provide detailed disclosures about their web tracking intentions in the form of a Privacy Impact Assessment that must be verified by the agency privacy office prior to deploying a tracking technology; requiring that agencies retain tracking data only as long as necessary for the purpose for which it was collected, and deleting certain information (such as IP addresses) immediately; and giving citizens choices about whether to allow cookies for a range of purposes.
So now that the cookie policy is in the oven, let's concentrate on making sure this Administration makes good on its promises to make government more open, transparent and accessible to each of us and that in doing so, privacy is fully protected.