NSA Caught With The Cookies 329
zardo writes "The associated press is reporting that the NSA is putting cookies on visiting computers. Apparently it is unlawful for the government to put anything but a session cookie out unless it's expressed in the site's privacy policy." From the article: "Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on. ... In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies _ those that aren't automatically deleted right away _ unless there is a 'compelling need.' A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy."
No big deal (Score:3, Interesting)
Simple Solution (Score:3, Interesting)
Honestly, though, there are plenty of sites that install cookies. If you don't like them, delete them. It is as simple as that.
NSA Cookies Don't Scare Me (Score:3, Interesting)
All they need to get the data that Google has gathered is a court order.
Re:Where's the priorities/Who cares??? (Score:2, Interesting)
This statement suggests you endorse giving the government the same leeway in their actions that criminals give themselves.
Nothing To See Here...Move Along.... (Score:3, Interesting)
Considering the provisions of the Patriot Act, wire tapping, internet tapping, unauthorized surveylence, and the US government spying on it's citizens, leaving persistent cookies "by mistake" is a really small issue. What are they going to do? Track the fact I play EverQuest online? Anybody who's compitent enough to either block cookies or delete them should have no problems. IMHO, this article's intention is to provide more embarrasement on the current government. "Oooh, the government's spying on you...". Guess what? They already are. This is nothing new.
The real, frightening question (Score:2, Interesting)
1). Put software into production without checking all the settings
2). Put software into production without fully testing it
3). (probably) used software which they don't have the source to, and thus don't know if there are any backdoors.
I am worried about it from a National Security perspective - NSA using cookies worries me far less than Microsoft doing it - but the above issues could expose the NSA, and hence the USA to attack.
With software companies outsourcing to countries with less stringent security and more people hostile to our interests, there is a greater risk - although even without outsourcing, compromising a software company is still a severe risk.
Perhaps the government should require people to get security clearances if they work at Microsoft, etc in any capacity where they can compromise the code. Perhaps they should use Open Source. I know of a Linux distribution [nsa.gov] they might want to use.
P.S. NSA is a lot of crypto geeks who do a very important job protecting all of you - and is made of people a lot like most of you. They aren't cold blooded killers who whack you for speaking out. Sorry to disappoint you.
You do all know Doubleclick? (Score:3, Interesting)
With the Office of Homeland Security having a former officer of Doubleclick on staff, it's a pretty good guess that the government sees their sort of information gathering technology as useful.
Doubleclick handles banner ads on a huge number of websites.
I wouldn't put it past them to be buying the purchasing data from every chain store that has a member discount card. Do/will RFID chips in our tires get scanned at intersections? If it is possible, and potentially useful, shouldn't we expect it to happen unless there are laws to prevent it?
Have you ever had to answer a bunch of questions when applying for a purchase rebate?
Someone is using or selling that info.
How much gathering, sale and use of data on us reasonable? What should be legal?
What about the damage done to us when info from the data collectors is used for identity theft?
Who passed these laws allowing opt-out privacy policies at banks and insurance companies?
Where does the Auto Club get off tying in with MBNA sending out credit card mailings?
1984(, End of Freedom(tm), Stop the Oppression(tm) (Score:2, Interesting)
Re:A truly democratic.government cannot act in sec (Score:2, Interesting)
While what you said is true to an extent, it's almost entirely Off-Topic. The NSA doesn't have anything to hide. A cookie is not all that amazing. It's true that cookies are a sometimes food [slashdot.org] but the fact that people get worked up over this is quite retarded.
Re:No big deal (Score:3, Interesting)
Maybe, but the 1978 FISA act authorizes warrantless wiretaps for up to a year, with notification requirements that are legally able to be met by typing up a memo, putting it in a sealed envelope, and sticking it in a safe in NSA headquarters marked "FISA documents".
Per 50 USC 1802, subsection a, you only have to bust that envelope out of seal and hand it over to the FISA judge if you file charges, or seek a warrant. You'd only seek a warrant in that case if either you wanted to surveil longer than a year, or you determined that the subject was in fact not an agent of a foreign power, but was in communication with foreign agents and might thereby be privy to useful intelligence.
As long as it's under a year and the AG thinks he's a foreign agent, it's legal, and has been for 27 years. Want to argue it's a bad law? Fine, argue that; but don't blame Bush for a law that was passed by a Democrat-controlled House, a Democrat-controlled Senate, and signed by a Democrat President; and don't believe the New York Times' disingenous play-acting of moral outrage. They've known about this law for longer than you've been alive.
Re:We don't have any way of discovering NSA activi (Score:2, Interesting)
Enough with the lying (or did I just get trolled?).
What law? Specificlly what federal statute was violated by their putting a persistant cookie for the NSA website? Cite US Code, section etc.
You cannot, do you know why? Because no such *law* exists. Because it was an executive order in the OMB part of the Whitehouse. I.e. a bureaucratic rule, not a law.
And aside from that, it likely was a mistake in their setup after and upgrade, not a deliberate decision. A result of ignorance or carelessness on the part of the tech staff at NSA's website (the possibility of which should be more alarming to people than the cookie!)
You do well to remember Hanlon's Razor:
Never ascribe to malice, that which can be explained by incompetence.
Esepcially when dealing with the government or any other large bureacratic organization.
You are free to ignore the facts and make up ones as you wish (looking at your links, you apparently do). But your tinfoil hat has apparently slid down and obscured your vision on this - you might want to adjust it.
heh... (Score:3, Interesting)
qz