Hand in the cookie jar

Suppose you need something from a federal agency. So you call, maybe ask a couple of questions; then you go along your merry way. You forget all about it until, weeks later, you learn that the agency has been monitoring all of your subsequent calls, compiling information on who you talked to and for how long, what products you bought and which businesses you dealt with—all without your knowledge.

Sound far-fetched? Well, that’s what the U.S. Customs Service, Federal Emergency Management Agency and several other government agencies have been doing in recent months, except that rather than secretly bugging phones, they’ve been surreptitiously tracking the online behavior of users of government Web sites. The practice is a likely violation of the federal laws concerning electronic surveillance of private citizens, and it is certainly in direct contradiction of the Clinton administration’s stated policy. Yet when the practice was made public in a General Accounting Office report released Oct. 20, it generated little media attention and even less public outcry.

That needs to change, because unless the offending agencies are called on the carpet for this, the good folks running our federal government might get the idea that spying on private citizens is all right—so long as you do it on the Internet. As more and more of our personal communications, business dealings and leisure activities take place online, it must be made clear that this kind of spying is completely unacceptable.

Part of the reason this issue hasn’t gotten much attention is probably that, for the most part, only the techno geeks understand what was done. So perhaps an explanation is in order: What the government did was set up certain Web sites—the Customs Service, FEMA, Federal Aviation Administration, the Office of National Drug Control Policy and others—to attach files to visitors’ browsers. These kinds of files are called “cookies,” and many private Web sites use them to track movements within the site and to recognize return visitors. But another, more controversial type of cookie can track visitors’ movements across different Web sites over time, and that’s just what 13 federal agencies have been doing, without their visitors’ knowledge, even though administration policy states that no federal Web site may attach cookies without clear and conspicuous notice to visitors. In at least one case, the information was then provided to a private company.

This can’t be allowed to continue. With the Internet set to become an ever-increasing part of our public and private lives, we need to be sure that online communications are granted the same protections as private telephone calls and personal mail. The federal government should be taking the lead in guaranteeing—not undermining—these rights.