NSA Caught With The Cookies 329
zardo writes "The associated press is reporting that the NSA is putting cookies on visiting computers. Apparently it is unlawful for the government to put anything but a session cookie out unless it's expressed in the site's privacy policy." From the article: "Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on. ... In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies _ those that aren't automatically deleted right away _ unless there is a 'compelling need.' A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy."
Oh nos!!! NOT TEH COOKIES!!! (Score:3, Insightful)
How dare they? (Score:5, Insightful)
I know, how dare they place a cookie on my machine! No other site in the intarweb does!!
Don't you think you overreacted just a little??
Re:I call shenanigans. (Score:5, Insightful)
Never attribute malice to that which can be explained by stupidity.
I don't really think they'd gain much by putting cookies on the machines of web users. If terrorists do come to their site, their IP address will give them away far better than a cookie. Now if anyone finds an image on other sites pointing back to the NSA or CIA, then you may have found your smoking gun.
So what? (Score:5, Insightful)
OMG! Run for the hills! (Score:3, Insightful)
Oh, this is all about riling up room-temperature-IQ journalists (I'll be charitable and note I mean Fahrenheit) into another hissy-fit over the fact that Bush is still president. Never mind. Go read some history [amazon.com].
um. (Score:5, Insightful)
need glasses, anyone?
Re:Unlawful??? (Score:1, Insightful)
would be a perfect article for the onion, wouldn't it?
Where's the priorities/Who cares??? (Score:5, Insightful)
This is all messed up. We're basically giving more rights to malicious websites than we are to government agencies.
-Nick
Interesting (Score:3, Insightful)
"Sorry, officer. You're right, I was going to sell these 30 pounds of crack to some schoolkids. But it's okay, as long as I throw it away and promise not to do it again. Right?"
Re:So what? (Score:1, Insightful)
Moreover, they're even easier to not be created in the first place.
In Internet Explorer 6, go to Tools->Internet Options, Privacy Tab. Clicking the "Advanced" button will let you set it so cookies are denied or ask for your approval before being set. You can go the easier route and set the security to High or Block all Cookies.
It's left as an exercise to the reader to determine the steps needed for other browsers.
am i the only one who isn't concerned? (Score:5, Insightful)
i'm sure if the NSA wanted to track your every move 1) They already are 2) You don't know it and 3) There isn't anything you can do about it.
Re:I call shenanigans. (Score:2, Insightful)
We're talking about a regime in the federal government which has made, "oops, well, the ends justify the means" a policy they depend upon.
I don't really think they'd gain much by putting cookies on the machines of web users. If terrorists do come to their site, their IP address will give them away far better than a cookie. Now if anyone finds an image on other sites pointing back to the NSA or CIA, then you may have found your smoking gun.
This is all rationalizing. The fact of the matter is they're using the "oo, i'm a baddd widdo boy =)" defense.
Re:I call shenanigans. (Score:5, Insightful)
OK, does that quote from the 2002 case seem humorous to anyone else now with the recent revelation of what was keeping them so busy
you aren't necessarily a troll if you don't care.. (Score:5, Insightful)
As for me, Carnivore and all the recent "unlawful" wire taps scare me, a permanent versus a session cookie, not so much.
Quincy
Hot Tech Skills for 2006 (Score:2, Insightful)
Doens't anyone understand cookies? (Score:3, Insightful)
Big freaking deal.
Do people not get that? The cookie was issued by nsa.gov, and could only be read nsa.gov, and in no way could track a user's movements across "teh intarnets." The NSA could use it to see if you'd been to their site before.
If they NSA wants to know where you've been, they'll just subpoena Google. Their cookies are all over the place.
A cookie?? Why is this even an issue? (Score:3, Insightful)
Okay, so the NSA puts a permanent cookie on the system. Why is this an issue? It's not a security breach; it's not a cross-advertising cookie that tracks where you go. There's not one of us who has installed software and went over every configuration setting with a fine-toothed comb, particularly with off-the-shelf software, at one time or another. Cookies are also easily removed and can be blocked on future visits. Of course, the web logs themselves can get the IP address of everyone who visits, so even if you block cookies, the NSA can still tell exactly when a specific IP address contacted their site.
I realize that the U.S. government, particularly the current administration, is not a favorite of the Slashdot crowd and that this will be (and has already been) touted as "yet another flagrant policy violation!!!" by political opportunists here on
Just my two cents. Convert to your currency as necessary.
Not a troll (Score:5, Insightful)
The reality of it is, the CIA/NSA/Whatever has a billion other much more effective ways to track you. Their intention was obviously wasn't to track people, and they immediatly removed it after it was brought to their attention. I hate our current administration, but this is just some fucktard news reporter that is up 'n arms about the wire tapping escipade. I do not agree at all with the wire tapping, but this has ABSOLUTLY NOTHING TO FUCKING DO WITH THAT. I can't believe the reporter is such a fucktard that he couldn't spend 2 minutes to research cookies and what they are. Setting cookies far into the future is the de-facto way to keep a cookie on your computer a long time. Most cookies that aren't set as session cookies are set to dates 10 years or more in the future, way more than the computers expected lifetime. The reporter has no clue what he's talking about and should be slapped like a bitch. I hate reporting like this because then it takes away from things we should be legitimitly concerned with. People get an overflow of bullshit news and many can't pick out the real from the fucktards like this guy.
So what??? (Score:3, Insightful)
Re:So what? (Score:2, Insightful)
Right. You'll hear that story but the story, "Student confesses to fabricating US surveillance story [Mao's "Little Red Book"] [boston.com] will never be posted by the slashdot editors.
I guess they're part of the "fake but accurate" crowd.
You've obviously never worked in government. (Score:5, Insightful)
Wow! The fact that you're even asking this is a clear indication that you have never worked in any government entity. All levels of government - federal, state, and local - are loaded with incompetency and attempt to lie to the public whenever such lying is "in the public interest" or covers their asses.
You also seem to have some notion that as soon as you become a government employee that you are going to somehow assume and retain all legal ramifications based on all existing laws just by being hired. Management changes happen. Staff changes happen. The notion that all government employees of all levels will be aware of all rules and regulations regarding all functions is highly naive. For all we know, the installation of this supposed "off-the-shelf" software was the first task of a new, NSA intern in the IT department.
I know that you dislike (hate?) the current administration, but this is absolutely a "mountain out of molehill" scenario in the grand scheme of things.
Re:A cookie?? Why is this even an issue? (Score:3, Insightful)
Because it is against the law.
Prosecuting the "lying about blowjobs" was all about maintaining the "rule of law" for Republicans a half-decade ago.
But maintaining the "rule of law" no longer applies with Republican administration? That's what I'm getting from you in your post.
If the NSA did this, they broke the law. Doesn't matter if it is a stupid law. All my conservative friends told me in 1999 that the "rule of law" reigns supreme, no matter how minimal the offense.
Sorry... I'm not letting the Bush-apologists off the hook when the tables are turned.
Re:I call shenanigans. (Score:3, Insightful)
There's no story and who cares if a site leaves a persistent cookie?
Much more can be obtained by perusing the logfiles on the hosted server.
Double Shenanigans (Score:5, Insightful)
If NSA needs a cookie to figure that out (and if Abdul is visiting nsa.gov from Afghanistan and DC), then neither Abdul nor NSA are doing their respective jobs.
I'm going with neglect on the part of the website administrator here. Stupid default settings in applications, plus benign neglect in the brains of users, equals embarassment. Always has, always will. Unless...
~adjusts phase coil on tinfoil hat~ /dev/null /dev/null, and where NSA complied with my orders only under protest.
If, however, I was trying to divert attention from a serious abuse I'd performed, I'd release a story exactly like this. It's got the word "cookie", which is about as high-tech as Joe Sixpack ever gets about security, so he can get all upset -- and it's simultaneously a non-issue, which means everyone from the Blogosphere to Dan Rather can trot out an "expert" to tell Joe Sixpack that if this is the NSA at its most dastardly, then he has nothing to fear even if he's got something to hide
~readjusts phase coils~
and the story I'd release would be the same, whether or not I was NSA, looking to divert attention from the fact that I wanted to trawl through the set of data originally destined for
~tweaks fnord emitter~
or whether I was the Party official who ordered NSA to do stop dumping all that good stuff into
They don't call it the puzzle palace for nothing.
Re:A cookie?? Why is this even an issue? (Score:3, Insightful)
MOD PARENT UP (Score:2, Insightful)
Once again it prooves the left has gone completely bonkers. If the NIH found that Sarin or BZ could cure cancer the story would read Bush administration makes unwise use of chemical weapons.
Re:I call shenanigans. (Score:3, Insightful)
So either one or both agencies in question are simply incompetent, or lying to us. Which do you think is more plausible?
You're kidding, right? NSA and CIA are separate Federal agencies with tens of thousands of employees. Their web masters and IT departments probably pay about as much attention to what the other does as Ford Motor Company [ford.com] & Dodge [dodge.com]. And this is hardly the first time that a Federal agency has handed out persistent cookies [gao.gov] against policy. Do you think CIA & NSA are in cahoots with the Office of Personnel Management, Ames Laboratory, and Bureau of Labor Statistics?
I think that a more likely and equally plausible explanation is that NSA's sys admins, web developers, and IT staff are in about the same boat as most people in IT: overworked, understaffed, plagued by too many meetings, dealing with more hacking attempts than you could imagine, struggling with a software upgrade, and simply missed flipping one of a growing number of switches in software which changed a relatively minor behavior in the software. (Another possibility is that government employees are all 10 feet tall, super geniuses that never make mistakes. I think previous discussions on Slashdot have largely deprecated that possibility.)
Besides, if you were really concerned about avoiding their scrutiny, you wouldn't visit their web site any way.
Re:I call shenanigans. (Score:3, Insightful)
Yes, it should. These are huge, independent agencies. (DHS is a mess, there is *no* meaningful interaction, even now). Why would they "learn" from each other? Especially about something so minor. Seriously, I'd much rather the NSA and CIA compare notes about terrorist plots, than constantly coordinate to make sure that they synch up on minor bits of policy. I'm not giving them a license to break the law, just saying that one screwing up should in no way be an indictment of the other.
Quoth the law??? (Score:3, Insightful)
Clinton lied under oath. That is a violation of established law. But unless you can bring forth the bill from Congress that made permanent cookies illegal, the phrase "no President is above the law" doesn't apply at all.
Re:The Priorities Are Right Here (Score:2, Insightful)
It is the principle of the matter.
pre-9/11 some people used to think a minimally invasive government was a good idea. The country was founded on the idea of state and personal autonomy from the government.
technically involving "privacy" issues is the exact same thing as 'actually' involving privacy issues. Potentially invasive laws (or laws that specifically don't prohibit certain behaviors) usually means it is a matter of 'when' and not 'if' they will be abused.
I'll say it again: It is the principle of the matter.
Re:I call shenanigans. (Score:5, Insightful)
Date of signing please? (Score:3, Insightful)
It's an article from 2001 that states that the House is expected to adopt this provision. Please provide the document that states that this particular clause not only made it into the bill, but that the bill was approved by both houses of Congress and that President Bush actually signed it.
After that, please show me the test that all government employees have to take proving that they are fluent and fully-versed in the millions upon millions of rules and regulations to which they need to adhere and the ramifications thereof for violating any such rules and ramifications.
I also expect to see that various documents thus proving that all levels of management are also refreshed on a regular basis of the policies and violation ramifications. After all, we would not want them to forget any of the millions of laws and policies that they have to adhere to, would we?
It was wrong when the Republicans went on a witch hunt against Clinton who admitted to breaking the law - lying under oath. Just because the tables are turned does not make it less of a witch hunt nor does it make said witch hunt "less wrong".
Re:Quoth the law??? (Score:3, Insightful)
"...Office of Management and Budget prohibits federal agencies from using persistent cookies _ those that aren't automatically deleted right away _ unless there is a "compelling need." A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy."
By law, all government agencies are required to follow OMB guidelines. By law, not following an OMB guideline is illegal.
Also from TFA:
"Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The (guideline) doesn't say anything about doing it accidentally.""
No government agency can violate OMB guidelines. A government agency that violates OMB guidelines is breaking the law.
Yes... it's a very very very very minor offense, especially compared with the other NSA law-breaking that we've become privy to recently.
Yes... it pales in comparison to wire-tapping US citizens without a warrant. The law violated there is the 4th amendment to the Constitution of the United States.
Yes... I realize that Bush-apologists are willing to overlook the principles enbodied in the 4th Amendment in order to protect us from the evil terrorists.
But... if this were 1999, and the EXACT SAME STORY came out about the Clinton administration, you would all be in a hissie fit calling for another round of impeachment hearings. If the Patriot Act were passed in 1993 after the first World Trade Center bombing and gave Janet Reno the surveillence powers that Ashcroft/Gonzalez have, you'd be calling for a revolution.
I personally don't think the cookie thing is a big deal... but it shows a pattern of disregard for the rule of law by this administration if they feel the ends justify the means. America doesn't work that way, and I want you hypocrits to admit you hold this President to a different standard with respect to the rule of law because he's a Republican.
I want the Washington Times, American Standard, Fox News, Wall Street Journal, Rush Limbaugh and his hundreds of talk-radio clones, the Free Republic, and every other right-wing blowhard to be pushing for impeachment hearings over the NSA wire-tapping-without-a-warrant... as they surely would be doing if this were 1993-2000.
I want you Bushies to quit spinning when the president, and the people who work for him, are guilty of violating the law.
He's not king... just because you like him.
Re:Doens't anyone understand cookies? (Score:3, Insightful)
Strikes one and two. First, it was put into White House policy, which is not the same as law. Second, it's a good bet that not even the person who did it thought it was important, they just thought it was good PR because the unwashed masses for some reason think cookies are evil.
This way, they could, with a straight face, talk about how the NSA was protecting your privacy while simultaneously listening to their no-warrant phone tap on your home line.
Which, I suppose, is "important" in the sense that PR is important to the person relating publicly, but not "important" in any sense that anyone willing to expend a modicum of rational thought would think of the word.
Re:I call shenanigans. (Score:4, Insightful)
So you think the top trained NSA agents are wasting their time making websites and doing tech support? Its their website, I doubt they spent much time on it or use it much, they have better things to do than waste time with their public website. It doesnt really seem like you have a grasp on how company IT depts work.
Re:I call shenanigans. (Score:2, Insightful)
The problem with that is the volume of catastrophic mistakes that seem to "oops" happen over the last several years. When do you stop letting the baby(s) play with the gun? When the baby(s) gets advanced and secret oks and advice from folks who like accidents to happen, and when the baby(s) uses stealth means to acuire the guns anyway, dont you have to wonder at the baby's innocence?
In my opinion you couldnt do this much damage to national wellbeing by accident.
Let's be good parents and put the kids in the playpen, and lock away their access to guns before more accidents "happen".
C.
Re:I call shenanigans. (Score:3, Insightful)
A cookie is pretty obvious, not exactly the high-end technology secret spy stuff. Erasing/blocking it is easy and done everyday. If you would go through all the trouble of having a "hidden agenda/top-secret", why have something that points directly to yourself, easily detected, well-known and is trival to defended against?
And exactly what would they get out of it? You need to have a motive for doing things.
Grow up, everyone on slashdot is a spy (Score:4, Insightful)
The job of computers is to track and spy on people. They track this, track that, data mine this, data mine that, report on this, report on that, and we do it so our corporate masters can make more money. In fact, we even have a philosphical movement to build spying technology for -free-.
Here we are, a bunch of web dudes, complaining that a web site about spies uses cookies of all things, when just about every major web site also uses cookies, or, you get the same effect of cookies by playing games with the URL. You can stick the state in the URL, you can stick it in a hidden POST tag to keep it along, but somewhere along the way, we're all keeping state. Ironically, at least the cookies are most upfront about it.
We complain about the government listening in on people's phone calls without a warrant, yet, I would bet at least half of us on this board have user superuser powers on his or her company systems at one point to read another user's documents. If you are a network admin, you don't have to have a warrant to read your users' email or documents. You just do it.
We voluntarily let every detail about what we buy or sell get tracked when we purchase products electronically, but, god forbid, the government might actually keep a database itself, that's evil. Heck we write these systems. If anything, the only real concern about government spying is that we haven't gotten the contract ourselves to write the system or that it might not be written using Linux.
The solution is to not build ever more arcane systems to have things in secret, but really, we should just make everything public about anyone.
Re:I call shenanigans. (Score:1, Insightful)
Cookies? Not a problem. Everything else they do is (Score:3, Insightful)
What I DO have a problem with is government agencies telling citizens that the first, second, and fourth amendments were merely guidelines and they don't matter any more due to case law and unconstitutional executive orders. Things like gun control (proper gun control = making sure the citizenship is well-armed to hold back a tyrannical government, and I'm ashamed to admit I don't own a single gun), illegal wiretaps (uh, Dubya, mechanisms are in place for constitutionally-sanctioned secret wiretaps. Use the secret court sessions to obtain wiretaps. Put select justices on call for such things, but don't bypass the courts, because that goes against your oath to preserve and protect The Constitution of The united States of America, which is basically treason), illegal search and siezure, and abatement of freedom of the press and freedom of political expression ("free speech" areas are bullshit, as are made-on-the-fly rules regarding sign sizes, etc. just so you can "justify" arrest of smelly hippies - as misguided as some protestors may be, they have an inalienable right to tell you they think you're a prick), and abatement of the freedom of worship)
Also: You don't need court orders to wiretap non-citizens who are here illegally. They have no rights except out of the kindness of your heart. Deport the f*ckers and encourage LEGAL immigration following legal, well-established processes. EVERYONE here is an immigrant from somewhere else (including so-called "native" Americans) so I don't believe in shutting down immigration, but to encourage people who are willing to become worthwhile members of society to come here and work.
Re:I call shenanigans. (Score:3, Insightful)
So either one or both agencies in question are simply incompetent, or lying to us.
I noticed you made a grammatical error above with an unnecessary comma. So are you incompetent or are you just lying to us? False dilemmas [nizkor.org] suck... try to avoid their use.
Re:I call shenanigans. (Score:3, Insightful)
If they keep track of every packet over the Internet, why do they need cookies?
Re:I call shenanigans. (Score:3, Insightful)
The only motive Slashdotters need for outrage or intellectual dishonesty are 4 letters: B-U-S-H.
Re:I call shenanigans. (Score:3, Insightful)