informa
/
Risk
News

White House Web Site Revisits Privacy Policy

Staffers address privacy concerns after a 1-by-1-pixel image file loaded by Web page code for tracking purposes is revealed.
Changes made to the White House site later that day at least in part addressed his complaint. But the issue of cookies remains a complicated one. For instance, the WhiteHouse.gov privacy policy states, "You can remove or block cookies by changing the settings of your browser." But video sites that make use of Adobe Flash may deposited Flash Cookies, which aren't as easily accessed or deleted as standard HTTP cookies.

The White House Web site privacy policy acknowledges that the site collects some browser information and uses Web analytics, but it does not discuss WebTrends' role, responsibilities, or limitations.

A spokesperson for the White House media team wasn't available to discuss whether WebTrends' use of a Web bug, or beacon, might violate OMB guidelines. Those guidelines that state "agencies are prohibited from using persistent cookies or any other means (e.g., Web beacons) to track visitors' activity on the Internet [with certain exceptions]." (Those guidelines, coincidentally, can no longer be found at the URL on the White House site where they used to be.)

YouTube has been granted an exemption; WebTrends maintains its activities are innocuous and permissible under current guidelines. The question then is whether WebTrends tracking data qualifies as personal, whether there's a compelling need for WebTrends' analytics, and whether the current privacy policy adequately discloses what's going on.

More broadly, the incoming administration should consider whether it, like previous administrations, wants outsourcing to serve as the universal solvent for federal legal restraints. At the same time, it may be worth revisiting federal guidelines about online privacy practices, given that technology has changed in the years since those guidelines were written.

Auerbach worries that as budgets remain tight, the government will be increasingly willing to outsource technical functions to companies like Google or WebTrends that may be tempted to mine government data.

"It doesn't take much to elevate this kind of thing out of privacy and into security," he said. "For example, if you want to know where an army battalion is about to be sent, one can get a good indication by looking at the queries to Google Maps from browsers that are linkable to solders and their families. The bits and pieces of all of this are, in themselves, tiny and often pretty innocent looking. But they aggregate quickly."

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5