NSA Caught With The Cookies 329
zardo writes "The associated press is reporting that the NSA is putting cookies on visiting computers. Apparently it is unlawful for the government to put anything but a session cookie out unless it's expressed in the site's privacy policy." From the article: "Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on. ... In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies _ those that aren't automatically deleted right away _ unless there is a 'compelling need.' A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy."
Re:I call shenanigans. (Score:3, Informative)
This is just a mistake.
Re:So what? (Score:4, Informative)
Re:So what? (Score:3, Informative)
http://yro.slashdot.org/article.pl?sid=05/12/28/2
Here is something more important about this issue (Score:2, Informative)
All I care about is any govt or company taking the necessary precautions with my personal info so that crooks cannot abuse it. And by crooks, I include those rare cases where employees/leaders of said entities might be the abuser.
What we should be talking about is:
1. what precautions are taken so that any personal info collected about US citizens cannot be abused by corrupt politicians or corrupt employees?
2. what precautions are taken so that said personal info cannot be stolen from the collecting agency by data thieves?
3. what are the auditing procedures and laws that can help quickly identify abuses and punish the abusers with at least a felony?
The abuse of non-public information about US citizen(s) for politically motivated retaliation is probably the most important reason anyone can specify about this issue.
Why isn't there a law that makes it illegal for an elected official or government employee to misuse or publicly dislose NON-PUBLIC information they collected about a US citizen?
If such legal and procedural protections were in place, I would feel much better about any info our govt collects about me and my fellow US citizens if the collection was actually done for justifiable reasons.
Another reason for concern about this is that there has been an active weakening of the separation of church and state over the past several years which is a radical departure. I happen to believe in God as well as the separation of church and state.
If a future US president was Muslim, would you feel comfortable being a Christian or Jew if the government knows that about you? Perhaps helping keep the separation of church and state would be prudent. After all, nobody has the magical power to predict what religion other people/strangers may choose in future generations.
Consider the words of the people responsible for risking their lives and founding the United States of America and other heroes in the US history (in their own words rather than how they are characterized by popular media):
"They who would give up an essential liberty for temporary security, deserve neither libery or security." -Ben Franklin.
"The United States of America should have a foundation free from the influence of clergy."
-George Washington.
"In every country and in every age, the priest has been hostile to liberty. He is always in alliance with the despot, abetting his abuses in return for protection to his own"
-Thomas Jefferson
"One day the dawn of reason and freedom of thought in the United States will tear down the artificial scaffolding of Christianity. And the day will come when the mystical generation of Jesus, by the Supreme Being as His father, in the womb of a virgin will be classed with the fable of the generation of Minerva in the brain of Jupiter."
-Thomas Jefferson (in a letter to John Adams)
"The question before the human race is, whether the God of nature shall govern the world by his own laws, or whether priests and kings shall rule it by fictitious miracles."
-John Adams, 2nd US President
"Religious bondage shackles and debilitates the mind and unfits it for every noble enterprise."
-James Madison, US President and known as "father of the Constitution"
"The government of the United States is not, in any sense, founded on the Christian religion."
-Treaty of Tripoly, article 11 (drafted during G. Washington, signed during John Adams presidency)
"My earlier views of the unsoundness of the Christian scheme of salvation and the human origin of the scriptures have become clearer and stronger with advancing years, and I see no reason for thinking I shall ever change them."
- Abraham Lincoln in a letter to Judge J.S. Wakefield
"Leave the matter of religion to the family altar, the church, and the private schools,
Re:No big deal (Score:3, Informative)
You recently learned that the government has been conducting warrantless wiretaps on people whom the Attorney General signs a sworn statement are agents of foreign powers, and that they've been doing it since 1978, and that it's been upheld by the Supreme Court and even the FISA court; either that, or you read a New York Times headline and thought you were reading the news. Unless you've done something to make the Attorney General willing to stick his neck out that far that you're a foreign agent, such as talk to Al Qaeda goons so often that you show up in their speed dial when we catch them, "our" is the wrong term.
Besides, this is insignificant without a comparison.
Re:OMG! Run for the hills! (Score:3, Informative)
No, you're thinking of the FBI. The NSA's job is to monitor communications to/from and between foreign entities that might expose potential threats to US security. Sure, some people physically sitting in the US may be party to those foreign communications, but the NSA is definitely not a domestic law enforcement agency.
but they can't be bothered to keep themselves in compliance with the law
I think we can pretty much guarantee that whatever contractor or team at the NSA's public relations office responsible for their public-facing web site has little (and probably nothing) to do with their actual operational mission. They, like all security agencies, are highly compartmentalized.
they can't just ignore it while they go about their business of monitoring other peoples' compliance with the laws
Well, they certainly shouldn't ignore the government's own rules about persistent cookies (silly as that is), but it's not like you're talking about traffic cops who don't put change in the parking meter. NSA spooks and analysts (and the thousands of IT people who make that agency work) probably don't give the operations of their public web site much thought at all. Can you imagine the hits they get from all the idiots of the world? The people they're really concerned about are smarter than to leave a trail from their PR site all the way back to some hotel room in Karachi.
Re:I call shenanigans. (Score:1, Informative)
Re:I call shenanigans. (Score:3, Informative)
Re:Penny wise pound foolish (Score:3, Informative)
How do you know they never complained before? No, you just want to point the blame for this to Clinton, and you chose this as your soapbox.
BTW, while not apologizing for Clintons behaviour, I feel it should be noted that the rules for who rendition applies to has expanded dramatically under the Bush administration.
Pointing at Clinton and saying 'he did bad things' is NO excuse for Bush to do the same, and worse.
Re:I call shenanigans. (Score:5, Informative)
As a federal webmaster (not NSA or CIA), let me be the first to say "Thanks a pantload." Now, if I miss a configuration setting in IIS, I could go to federal prison!
Sometimes somebody screws up. Sometimes they screw up and nobody notices. Technical oversight of my work is thin on a good day, and my boss' boss sure as HELL doesn't know if I'm serving persistent cookies. For the record, I'm not, because I follow OMB memos to the best of my ability and I double-checked this one.
It's not always a conspiracy. Sometimes it's just some server jock who was mentally elsewhere and didn't uncheck a box in Windows. Bugs in web apps I write are not intended to catch you surfing pr0n. I'm just not as good a programmer as you are. Worst case scenario at your work, you screw up, get fired, and get another job. I don't have "company policy", I have "federal statute". My coworkers and I do our best, and we do a pretty good job, but nobody's perfect. If I forget to put an "alt" tag on an image on a page linked seven deep that gets three hits a year, not only am I not doing my job correctly, but I'm in violation of 29 U.S.C. 794d [cornell.edu]. Don't think that that's the only law telling me how to do the job, either.
I'm not complaining. I signed up for the job knowing full well how it works, and I'm proud of what I do. Your vigilance is commendable, but I'm not sure that putting big nasty penalties on cookies is the right way to go about solving this one. If you and a majority of Members of Congress agree that placing persistent cookies is worth going to prison over, so be it. God knows there aren't any killers who couldn't use that cell more than me.