Complaint Prompts CIA to Curb Cookies

March 20, 2002

WASHINGTON (AP) -- The CIA got caught with a hand in the Internet cookie jar.

The agency removed software from one of its Web sites this week after a private group discovered that the CIA was using banned Internet tracking technology called "cookies," said Mike Stepp, who manages the CIA's public Web site.

"It was a mistake on our part. It was not intentional," Stepp said Tuesday. "The public does not need to be concerned that the CIA is tracking them. We're a bit busy to be doing that."

Cookies are small software files often placed on computers without a person's knowledge. The files can make Internet browsing more convenient by letting sites distinguish user preferences, but they have been criticized for violating privacy because they can track Web surfing.

The government issued strict rules for how federal agencies may use cookies in 2000 after it was discovered that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. The rules ban the use of "persistent" cookies, which track Web habits over years.

eBay modifies controversial privacy policy 

Daniel Brandt discovered on Thursday that a CIA site had placed one of those long-lasting cookies on his computer. Brandt is president of Public Information Research, a private San Antonio-based group that preserves publications related to intelligence and business.

Brandt said he discovered the cookie, which keeps working until 2010, when he was looking at the Web site for the CIA's Electronic Reading Room, which provides access to previously released agency documents.

"They're not supposed to be doing this," Brandt said. He said he was particularly concerned because the reading room site allows users seeking documents to search for particular words.

Redesign blamed, log files destroyed

"The keywords you put in reveal an incredible amount about what you're looking for and what your interests are," Brandt said. "It would be very, very tempting to track that kind of information."

A notice on the CIA Web site states, "The Central Intelligence Agency Web site does NOT use the 'cookies' that some Web sites use to gather and store information about your visits to their sites."

Brandt sent e-mail to the CIA with his concerns and the agency responded on Monday, removing the cookie software and some other temporary cookies that were discovered.

Stepp said an outside company had redesigned the reading room Web site, which was posted to the Internet on January 29.

"Unbeknownst to us, it was loaded with some software, commercial off-the-shelf software used for Web analysis," Stepp said. The software included a cookie that tracked repeat visitors to the site.

To make sure no improper information about site visitors had been recorded, Stepp said two sets of log files would be destroyed.

Congress issued a study last summer that found 300 cookies still on the Web sites of 23 agencies despite the government ban.

Copyright 2002 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.