NSA Web Site Puts 'Cookies' on Computers


PDA






dasmi
December 29, 2005, 03:04 PM
http://www.breitbart.com/news/2005/12/28/D8EPGENO2.html
Clear your cookies.
Yes, I know, most every website leaves a cookie of some sort, but read the article.

By ANICK JESDANUN
AP Internet Writer
Dec 28 4:44 PM US/Eastern

NEW YORK - The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them. These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake. Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.

"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."

ADVERTISEMENT

Until Tuesday, the NSA site created two cookie files that do not expire until 2035 _ likely beyond the life of any computer in use today.

Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.

"After being tipped to the issue, we immediately disabled the cookies," he said.

Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences. For instance, visitors would not have to repeatedly enter passwords at sites that require them.

But privacy advocates complain that cookies can also track Web surfing, even if no personal information is actually collected.

In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies _ those that aren't automatically deleted right away _ unless there is a "compelling need."

A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.

Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said clear notice is a must, and `vague assertions of national security, such as exist in the NSA policy, are not sufficient."

Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The (guideline) doesn't say anything about doing it accidentally."

The Bush administration has come under fire recently over reports it authorized NSA to secretly spy on e-mail and phone calls without court orders.

Since The New York Times disclosed the domestic spying program earlier this month, President Bush has stressed that his executive order allowing the eavesdropping was limited to people with known links to al-Qaida.

But on its Web site Friday, the Times reported that the NSA, with help from American telecommunications companies, obtained broader access to streams of domestic and international communications.

The NSA's cookie use is unrelated, and Weber said it was strictly to improve the surfing experience "and not to collect personal user data."

Richard M. Smith, a security consultant in Cambridge, Mass., questions whether persistent cookies would even be of much use to the NSA. They are great for news and other sites with repeat visitors, he said, but the NSA's site does not appear to have enough fresh content to warrant more than occasional visits.

The government first issued strict rules on cookies in 2000 after disclosures that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. Even a year later, a congressional study found 300 cookies still on the Web sites of 23 agencies.

In 2002, the CIA removed cookies it had inadvertently placed at one of its sites after Brandt called it to the agency's attention.

If you enjoyed reading about "NSA Web Site Puts 'Cookies' on Computers" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!
Manedwolf
December 29, 2005, 03:23 PM
"Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on."

I do work for corporate sites. And THAT is a collosal load of BS of "get out the hip waders" depth.

McCall911
December 29, 2005, 03:37 PM
Uh-oh! Watch the supply of aluminum foil shrink!

:D

JohnKSa
December 29, 2005, 05:05 PM
I've got a few cookies on my machine that don't expire until 2105.

SIGarmed
December 29, 2005, 07:00 PM
That is so not news. Of course this is the current administrations fault.

Puppy
December 29, 2005, 07:20 PM
Are there any websites on the intarweb that dont use cookies?

If anyone is concerned about "cookies" just disable them in your browser settings.

This is such a non-issue, that I am unsure why the AP would run this on the wire as some sort of *cough* "NEWS" *cough* story.

Flyboy
December 29, 2005, 07:53 PM
Just as a data point, I looked at my cookies from THR; most don't expire until 6 Nov 2006, but one goes until 2019.

Sounds rather like a non-story to me.

rick_reno
December 29, 2005, 08:09 PM
They made a mistake. Right. One of my Senators put one on my system too, it expires in 2035 - just like the one NSA is/was using.

Mal H
December 29, 2005, 08:21 PM
Rick - maybe your Senator is on the Intelligence Committee. Hey, wait a second, is that an oxymoron?? :)

A government internet site using cookies?!
Stop the presses!!
Oh, uh, never mind - start up the presses again.

GigaBuist
December 29, 2005, 08:24 PM
Okay, I'm a card carrying member of the "Tin Foil Hat Brigade." I say that to put this into perspective.

This is such a non issue I can't believe it made any papers at all.

Minor config problem with an NSA website and now we're all worried? Looks like a reporting went trolling for a non-story to get in on the NSA hype.

I'm a tech dork. I was on the Internet before the WWW was considered a viable medium. Here's how cookies work:

A 'cookie' can be set, if you permit it, by a website, like nsa.gov

Can thehighroad.org read that cookie? Not unless there's a SERIOUS flaw in your browser, which hasn't happened for a while.

Can anything but nsa.gov read that cookie? No! Again, not unless there's a serious flaw in your browser.

The only way the NSA could use this to track you on the web is if they had their own ad agency of sorts that would feed up NSA content on various websites. Once that's done THEN they can read their own cookie back and figure out where you're going on the web. However, without that activity there's zero story behind this.

I'd think we'd know if the NSA started pulling that crap. There's enough IT geeks out there that constantly keep track of such things.

Somebody violated a "feel good" policy by installing a software update and not verifying that the "cookie" lifetime was within federal guidelines. Big freaking whoop.

It's not an issue... and this is coming from a guy that sometimes puts an ear plug in his peephole for privacy reasons. If I'm not worried I don't see much reason for concern.

The only thing can do is tell them how often you visit the nsa.gov website. Big whoop.

cosine
December 29, 2005, 09:03 PM
And also, if I'm not mistaken, you can delete cookies. (In IE, go to Tools, click Internet Options, click Delete Cookies.)

This really is no deal at all.

dolanp
December 29, 2005, 11:20 PM
Are there any websites on the intarweb that dont use cookies?

If anyone is concerned about "cookies" just disable them in your browser settings.

This is such a non-issue, that I am unsure why the AP would run this on the wire as some sort of *cough* "NEWS" *cough* story.

It's kind of like when they talk about guns. A clueless keyboard jockey pretending to know what they're talking about.

Geno
December 29, 2005, 11:34 PM
What Puppy said +1

Doc2005

shermacman
December 29, 2005, 11:39 PM
Well, I know for a fact that this is all George W. Bush's attempt to take over the world for Haliburton. No agency in the Carter administration ever put cookies in a web browser.

Freakin' moonbats.

mountainclmbr
December 29, 2005, 11:51 PM
The Democrats have asked the "People's Liberation Army" of China to help them "liberate' us from GWB's oppression. John Kerry stated " so what, they were not free people here anyway". This made it perfectly legal for the NSA or any other government entity to spy on US citizens and the Democrats claimed victory for solving this difficult problem. (humor off, but not really).

LAK
December 30, 2005, 05:48 AM
Well, people and organizations like Ari Schwartz and his "Center for Democracy and Technology", are mock "watchdogs" and on somebody's payroll. Be interesting to see who funds them and the actual money trail in all directions.

See, if Ari was up front - and I am sure he knows - he would mention that intelligence agencies routinely operate behind private individuals, front businesses and corporations. Their website cookies and other software have and no doubt will continue to do what they do, and the NSA will no doubt continue compiling such information on everyone surfing the web. The rest is a big show.

Some one give Ari Schwartz a real job.
-------------------------------------------------

http://ussliberty.org
http://ssunitedtstates.org

Firethorn
December 30, 2005, 05:56 AM
"Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on."

I do work for corporate sites. And THAT is a collosal load of BS of "get out the hip waders" depth.

And I work for a government IT center, and I find it believable.

artherd
December 30, 2005, 06:58 AM
Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.

"After being tipped to the issue, we immediately disabled the cookies," he said.


This is actually plauseable, entire chunks of code just get re-used wholesale.

Dave Markowitz
December 30, 2005, 10:43 AM
Welcome to 1997. Yawn.

Hawkmoon
December 30, 2005, 10:48 AM
That is so not news. Of course this is the current administrations fault.
Ummm ... who else might be responsible?

k_dawg
December 30, 2005, 12:12 PM
When I go to www.dnc.org, I get 14 notices that it wants to play a cookie on my computer!! :what: :what: :what: :what:

Guy B. Meredith
December 30, 2005, 02:16 PM
I suggest that we all send messages of outrage to the Times listing the politicos that have been leaving cookies. Uh, don't forget to put the Times cookie the list.

dasmi
December 30, 2005, 02:29 PM
This is such a non-issue, that I am unsure why the AP would run this on the wire as some sort of *cough* "NEWS" *cough* story.
I agree, but I felt like posting anyway, just to see peoples' reactions.

Ryder
January 1, 2006, 06:35 AM
I think the FBI does it too! ;)

I got an e-mail from them that said my computer was browsing illegal websites. :what: They wanted me to fill out the attached questionaire.

The zipped questionaire scanned out with an trojan worm.

Funny guys those hackers. They've got some real brass ones to impersonate that agency.

Lupinus
January 1, 2006, 01:26 PM
Dang near every site you visit stores cookies or some sort of files in your computer. Heck even good old THR does, esspecialy if you check the little auto log in box. The majority of cookies do nothing.

Non-Issue move along and please leave your tin foil hat in the box near the door as you exit the theater.

If you enjoyed reading about "NSA Web Site Puts 'Cookies' on Computers" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!