White House Cookies: Proposed Practices For Government Agencies Seeking to Optimize Web sites while Ensuring Citizen Privacy

In January, the Future of Privacy Forum released a set of priorities for the new administration. Among the issues we raised was the need to update the old Office of Management and Budget policy which severely limits agencies from using permanent cookies to optimize Web sites. No “my.epa.gov” or “my.whitehouse.gov” unless you log in each time, no shopping carts that you can return to the next day, and no useful analytics that can be used to improve the Website structure or content – without significant hurdles such as the approval of the Secretary of the agency (or his designee). We raised some general principles for a new policy, but here try to present further detail. Thoughts on this draft are welcomed. We will provide the final version to the White House Office of Science and Tech Policy for input into their efforts related to the President’s Transparency and Open Government Memorandum.

Additional resources:Articles by Chris Soghoian, the original DoubleClickepisodeleading to the policy and commentary byAlissa Cooperof CDT.

Please comment or email with your ideas to improve the draft below.

DRAFT

Ensuring that Interactive Tools used by Government Provide Users with EnhancedTransparency and Controls for Data Collection and Retention Analytics, Research or Others Using Cookies, Tracking Pixels or Other Tools

1. Delete log-files after a defined period of time.
   1. Data rention periods for “non-personal” log-files vary widely across vendors, are not publicly disclosed and are rarely committed to contractually.
2. Cookies should have limited expiration periods and should not be used to store information unprotected.
3. IP addresses logged by vendors should be obscured or deleted as soon as possible.
   1. Some vendors can use and then immediately scramble IP addresses as they log them.
4. The use of the tools and user options should be transparent and prominently explained.
5. Consider implications of the use of “first party” White House domain for analytics, rather than “third party” domain, to avoid potential for unwanted correlation.
6. Contractual representations barring use of data for purposes other than services contracted, other than aggregate reporting/