Thursday, December 29, 2005

Mistakes Happen

(And if you believe that, I've got a bridge in Alaska I'd be happy to sell you.)

The NSA can't buy a break these days. Plenty of ink and electrons have been spilled the last two weeks about the agency's warrantless spying on residents of the US. Now it's been discovered in further illegal activity. An AP article in the NY Times details the 'innocent mistake.'

The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most files of that type.

The files, known as cookies, disappeared after a privacy activist complained and The Associated Press made inquiries this week. Agency officials acknowledged yesterday that they had made a mistake.

"Considering the surveillance power the N.S.A. has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."

Until Tuesday, the N.S.A. site created two cookie files that do not expire until 2035.

Don Weber, an agency spokesman, said in a statement yesterday that the use of the so-called persistent cookies resulted from a recent software upgrade.

Normally, Mr. Weber said, the site uses temporary cookies that are automatically deleted when users close their Web browsers, which is legally permissible. But he said the software in use was shipped with the persistent cookies turned on.

"After being tipped to the issue, we immediately disabled the cookies," Mr. Weber said.

...In a 2003 memorandum, the Office of Management and Budget at the White House prohibited federal agencies from using persistent cookies - those that are not automatically deleted right away - unless there is a "compelling need."

A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.

Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said that clear notice was a must, and that "vague assertions of national security, such as exist in the N.S.A. policy, are not sufficient."

Daniel Brandt, a privacy activist who discovered the N.S.A. cookies, said mistakes happen, "but in any case, it's illegal."
[Emphasis added]

The cookies persist until 2035? Are they trying to tell us something?

Chilling.

0 Comments:

Post a Comment

<< Home