New Photos:

  New Ramblings:

  New Links:


Last Updated


Previous Posts

About the Blog

The thoughts and theories of a guy who basically should have gone to bed hours ago.

I know, I know - what's the point? But look at it this way - I stayed up late writing it, but you're reading it...

Let's call ourselves even & move on, OK?

Powered by Blogger

Tuesday, January 03, 2006

I Hear They're Considering Using Computers Too...

InternetWeek is reporting that the NSA's website has been caught "placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them." These insidious little files are called "cookies."

All together now....<forehead smack>

Six paragraphs in, the article mentions that "Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences." Of course, it then goes on to mention the recent New York Times flack regarding the NSA and the warantless phone call tapping. How many millions of people do you think will read this somewhere and take it as absolute proof that the government is spying on us through their websites?

Now, to be fair, persistent cookies on federal websites were made illegal in 2003 (session cookies are not). The NSA got a software upgrade and the software installed with persistent cookies defaulted on. When alerted to the problem, they turned them off. Sounds legit to me. But Daniel Brandt, the privacy activist who found the cookies says, "mistakes happen, 'but in any case, it's illegal. The (guideline) doesn't say anything about doing it accidentally.'" That's right Daniel - let's throw 'em all in jail for persistent cookies. Maybe they'll even start calling it "cookie-gate." Sheesh...

posted by Brian at 10:04 PM


  • It's your turn to deliberately misread the activists. Read Ari's quote. Cookies are not a major concern for us, but if they screw this up, it doesn't make us feel comfortable that they're following other rules.

    Let me rephrase your "sounds legit to me" assessment. Congress passes a law that NSA (or any other government body) doesn't like. NSA decides to break that law in a way still provides CYA until they get caught (if that ever happens), and *then* they comply.

    Hmm -- so you're proposing that it's okay to break the law until they get caught, so long as they stop the first time. Does this strike you as patently untenable if applied to, oh, any other kind of law?

    Leaving aside that this is the government we're talking about, which is *made of* law. If they break it, then what exactly are its limits?

    By Anonymous jeff Porten, at 2:18 PM, January 26, 2006  

  • OK, time for the ever popular, "Aw, come on..." defense:

    They got a software upgrade from a vendor and installed it. The upgrade had persistent cookies turned on and they didn't notice. As soon as someone pointed it out, they turned them off.

    Of course, this could be a surreptitious plot to spy on people for as long as they can get away with it, but it strikes me as much more likely that they just didn't check all the various settings in the software upgrade.

    It also strikes me as a game of "gotcha" by the privacy activist who, of course, is rewarded in his job for the number of "gotchas" he finds. I say this because of the "mistakes happen, but they're still illegal" crack. I think this guy knew it was an innocent mistake, but has no desire to let them off the hook.

    This, of course, is all conjecture. Your mileage may vary...

    By Blogger Brian, at 10:44 AM, January 27, 2006  

  • Someday I want to convince you that the goal of every activist is to obsolesce his own job. We do *not* get rewarded for finding problems, except insofar that if we don't find them, they'd be continuing problems. What we want is to not find problems.

    My argument is that, yes, mistakes happen, but they point of making certain mistakes *illegal* is that you're then supposed to take great care in not letting mistakes happen. Because then if you make a mistake, you can be penalized.

    Congress says, "the NSA may not use cookies". NSA used cookies. You say, "whoops". So now we can pick and choose which laws are enforceable and which laws are acceptable to break? Might work for speeding and marijuana, not exactly how I want to see constitutional rights treated.

    By Anonymous jeff Porten, at 11:42 AM, January 28, 2006  

  • Jeff:
    the goal of every activist is to obsolesce his own job. We do *not* get rewarded for finding problems

    Anthony Romero, the executive director of the ACLU, made $363,335 in 2003. His "non-profit" organization took in $48.4 million in 2004, and reported expenses of $31.3 million. The ACLU reported net assets in 2004 of just under $176 million.

    Googling around about him, you find him defining his success in terms of ACLU membership (record levels in each of his three years in office - currently ~400,000), donations raised (also records), and lawsuits filed. (Source: ACLU Annual Report).

    This man is clearly rewarded for finding problems. The more problems he finds, the more money he raises and the more people join his organization. He doesn't want to obsolesce his job - he wants to expand it. Heck - last year he trumpeted a reorganization of the ACLU's pension plan for its long time employees.

    I realize not every activist group is the ACLU. Most are on a much smaller scale. But the point is the same: many of these folks aren't doing this for love of country - they're doing it because it's their full time jobs. The more they can get in the paper, the more accusatory they can be, the more "buzz" they can generate, the more successfull they can be. You're not one of these folks, but then again, you're not the one they're quoting in the news article.

    As to the specific case - sure: if they aren't supposed to use cookies and they did, there should be a penalty. Fine them, fire someone, whatever. That's what the law is there for.

    You'll notice, though, that no one (not the privacy activist, a court, nor InternetWeek) had anything to say about the penalty. They're only message was about the inherent evil of this big, bad government agency.

    My original comment was directed at the intent of those who broke this law. It still sounds to me like an innocent mistake. Maybe I'm wrong, maybe I'm right. Either way, no one's arguing they shouldn't pay the piper, but if I'm right, they shouldn't be publicly crucified along the way.

    By Blogger Brian, at 2:02 AM, January 29, 2006  

Post a Comment

<< Home