Thursday, December 29, 2005

NSA "Cookie" Caper

So, the NSA has been downloading persistant cookies into the computers of folks who have dropped by the NSA web-site for a visit. Yawn.....

Privacy advocates think its a big deal but come on, almost every retail company on the internet downloads persistant cookies onto user's computers (Note: Persistant cookies are those designed to remain imbeded even after shutting down and re-booting). Ad-ware and Spy-ware are downloaded so often that software companies make a fortune off of selling programs that can find them and delete them.

Strange to say, but virtually every computer OS has a "remove cookies" program built into it. Personally, I delete all cookies on my computer every evening before I turn it off. NSA cookies disappear with all the rest.

Even so, today's "cookie" story declared that the practice of downloading persistant cookies by the NSA was "illegal."

According to today's AP story,
In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies — those that aren't automatically deleted right away — unless there is a "compelling need."A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.

Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said clear notice is a must, and "vague assertions of national security, such as exist in the NSA policy, are not sufficient."

Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The [guideline] doesn't say anything about doing it accidentally."
Now I am not a privacy expert like Daniel Brandt, but for something to be illegal there has to have been a law enacted that makes it so.

A government policy enacted by an Executive Branch agency simply does not have the force of federal law behind it unless the Legislative Branch (Congress) enacts legislation that backs it up.

The "cookie" story does not indicate that any actual laws have been broken. It may be that a policy was violated, however. This could, of course, result in an investigation, a reprimand or termination of employment but not a charge of violating criminal law.

I certainly hope that "mistakes" like this NSA "cookie" caper are the exception rather than the rule. Even so, I am glad that there are policy guidelines that have been established to keep a short leash on what these governmental agencies are doing with what is, perhaps, too much spare time on their hands.