The White House Web site privacy policy acknowledges that the site collects some browser information and uses Web analytics, but it does not discuss WebTrends' role, responsibilities, or limitations.
A spokesperson for the White House media team wasn't available to discuss whether WebTrends' use of a Web bug, or beacon, might violate OMB guidelines. Those guidelines that state "agencies are prohibited from using persistent cookies or any other means (e.g., Web beacons) to track visitors' activity on the Internet [with certain exceptions]." (Those guidelines, coincidentally, can no longer be found at the URL on the White House site where they used to be.)
YouTube has been granted an exemption; WebTrends maintains its activities are innocuous and permissible under current guidelines. The question then is whether WebTrends tracking data qualifies as personal, whether there's a compelling need for WebTrends' analytics, and whether the current privacy policy adequately discloses what's going on.
More broadly, the incoming administration should consider whether it, like previous administrations, wants outsourcing to serve as the universal solvent for federal legal restraints. At the same time, it may be worth revisiting federal guidelines about online privacy practices, given that technology has changed in the years since those guidelines were written.
Auerbach worries that as budgets remain tight, the government will be increasingly willing to outsource technical functions to companies like Google or WebTrends that may be tempted to mine government data.
"It doesn't take much to elevate this kind of thing out of privacy and into security," he said. "For example, if you want to know where an army battalion is about to be sent, one can get a good indication by looking at the queries to Google Maps from browsers that are linkable to solders and their families. The bits and pieces of all of this are, in themselves, tiny and often pretty innocent looking. But they aggregate quickly."