On Friday, June 25, the White House Office of Management and the Budget changed the rules for federal Internet sites. Memorandum m-10-22 “establishes new procedures and provides updated guidance and requirements for agency use of Web measurement and customization technologies.” In issuing the new guidelines, OMB Director Peter Orzag wrote, “The central goal is to respect and safeguard the privacy of the American public while also increasing the federal government’s ability to serve the public by improving and modernizing its activities online. Any use of such technologies must be respectful of privacy, open, and transparent, and solely for the purposes of improving the federal government’s services and activities online.”
You can find the full text of the Memorandum at www.whitehouse.gov/omb/assets/memoranda_2010/m10-22.pdf.
A well-thought-out move
To understand the implications of this change, some background is helpful.
For the past year, the OMB has been revaluating the use of “persistent cookies” by federal websites. In contrast to “session cookies” which expire when you close your browser, a “persistent cookie” consists of a software code that stays on your computer. A site can store the cookie until it reaches its expiration date or you delete it. Each time you return to the site, it can recognize “you”, tracking your behavior and noting your preferences.
In the commercial world, most of us have taken persistent cookies for granted. We like the fact that we don’t have to re-enter our information every time we enter a familiar website. We appreciate turning off our computer and still find the items we put in our shopping cart a few days later. We may even enjoy the customer service of finding recommended items and previous shopping lists.
For 10 years, however, since the advent of this technology, government privacy concerns have kept them at bay. Meanwhile, citizens know that they can easily manage cookies: get warnings, block them one-by-one or even turn them off entirely. Yet since the vast majority of web consumers prefer to leave them on, they can get nonplussed at government sites, which never learn who they are. In fact, a cookie-less government has reinforced that bureaucratic image most agencies would like to shed.
The current administration, championing transparency and closer ties to citizens, is changing this situation. Consequently TMP Government feels that agencies should understand the implications of this change and how to use persistent cookies for mission needs.
Government’s Cookie History
The term “cookie,” referring to a data package that identifies a user, derives from the idea of an unopened “fortune cookie” with hidden information. Cookies date back to the earliest days of e-commerce on the World Wide Web. In 1994, Netscape’s Lou Montulli, a Web browser pioneer, created “cookies” to secure online shopping carts. Shortly afterwards, Netscape began using cookies to track the number of visitors. The use quickly gathered steam among sellers and buyers.
In the real world, shopkeepers identify patrons by sight; in the virtual world cookies became the only way that stores could recognize repeat visitors. The burden was on consumers in selecting customer service (e.g. “Amazon’s recommendations for you...”) or choosing anonymity. If they opted for the latter, they could simply turn off the cookies.
Government, on the other hand, felt a special responsibility to protect citizen privacy from persistent cookies versus the less controversial “session cookies.” Not too long after online merchants began using persistent cookies, the federal government restricted their deployment.
On June 22, 2000, OMB made its cookie policy clear: “Because of the unique laws and traditions about government access to citizens' personal information, the presumption should be that ‘cookies’ will not be used at Federal web sites.” Although some agencies have obtained cookie waivers in the ensuing years, for the most part government sites remain cookie-less.
A decade later, however, even some staunch privacy advocates are recognizing that government websites would benefit from accurate tracking and a more citizen-friendly interface.
A “sea change” in policy
In 2009, as part of the Open Government Initiative, the White House Office of Science and Technology (OST) and OMB began reconsidering the trade-offs of persistent cookies: Should we hold back a beneficial mainstream Web application, based upon issues about aggregating personal information? How important are restrictions if sites are transparent, giving users the choice of turning off persistent cookies or enjoying industry-standard functionality?
OMB began receiving citizen opinions about changing the cookie policy. Proponents as well as privacy advocates expressed concerns. For example, an IRS senior analyst posted, “There are many applications which require the use of cookies and our external stakeholders need these applications.” A Department of Energy Web manager stated, “If permitted, persistent cookies will enable government websites to move to the next level in offering our patrons increased customization instead of one-size-fits-all websites.”
There were also notes of caution. OMB wants to ensure transparency in all cookie usage. Under the revised guidelines, agencies could use cookie analytics provided that they allowed site visitors an obvious opt-out mechanism. Aliya Sternstein, who writes the Tech Insider blog on Nextgov.com, notes that Google Analytics (www.google.com/analytics) provides an excellent model. Google Analytics providers offer a choice whether they want their information to be sent to a server.
Some privacy advocates have called the impending policy revision a “sea change” in Internet usage. TMP Government believes that while the Open Government change will indeed improve citizen experience, agencies should approach cookie implementation with caution. We seek to help our clients use cookies in a safe manner that keeps sites and users from being vulnerable.
Empowering “We the People”
Since the government’s latest cookie policy revision in 2003, the private sector has pushed far ahead in enhancing end user experience. By understanding traffic patterns to provide more relevant information, commercial sites save time for millions of users each day. Allowing stored cookies can increase usage on government websites for users who thrive on industry standards: Customization of personal interests, “remember me” features and improved customer service.
In fact, personalizing federal sites can empower the American people to both benefit from and contribute to their government.
For more information and updates, visit our blog at www.meshworking.com/home/author/ellisppines.
Back