A pair of groups concerned with digital privacy have recommended strong protections for visitors to government Websites, while also allowing federal agencies more freedom in using advances in Web tracking technology, including cookies.
The report was issued May 12 by the Center for Democracy & Technology and the Electronic Frontier Foundation.
"Analytics tools provide vital insights into what a Web site's audience looks like and just how people are using the site," said CDT Chief Computer Scientist Alissa Cooper. “This is a crucial first step in determining whether or not additional new open government technologies are worth the investment down the road. The protection of user privacy, however, must be a priority as the government begins to make use of new technologies."
Privacy Digest echoed the call for change. “Today, these regulations are problematic: They're both too harshly bureaucratic in some cases and too relaxed in others,” a post on the blog said. “They're too harsh because ordinary government webmasters are prohibited from performing even basic traffic analysis without acquiring personal approval from their agency's head—something they say is an insurmountable bureaucratic obstacle in many federal agencies. They're too relaxed because they don’t reach many of the tracking technologies that are in use today. In addition, in the event that the agency head does provide this sign-off, it allows a loophole which can enable the agency to use tracking technologies with almost no oversight or accountability.
Recommendations in the CDT/EFF report for federal agencies include crafting robust policies to ensure that data collected for measurement purposes is adequately protected and updating current federal policy on persistent tracking technologies, such as cookies. Current federal policy requires, among other things, that the agency head authorize each use of these technologies. This has resulted in a near prohibition of persistent tracking technologies.
“While the policy should remain extremely protective of privacy, it should also allow federal agencies to take advantage of advances in Web technology,” the groups said in a statement.
"Currently, the prevailing approach to web analytics is to collect and store as much data as possible, regardless of the privacy implications," said Tim Jones, EFF's activism and technology manager. "Web managers who want to take real steps to protect their visitors' privacy have few practical options other than forgoing analytics altogether. This document outlines a middle path."
The report offers a series of privacy safeguards and conditions that must be met in order to allow agencies to implement the use of analytics on their sites and calls on the providers of analytics tools to build their products to higher privacy standards than are currently found in commercial products. Because agency Web sites will play a key role in the Administration’s plan to create an environment that fosters a more participatory government, special attention will need to be given to the protection of citizen privacy.
"We should be focused on the practice, not the technology," said CDT Vice President Ari Schwartz. "The first step is making sure you can protect privacy while still helping the government agency accomplish its mission. Once that’s done, it’s easier to implement these new technologies throughout the various agencies."
EFF meanwhile remains dissatisfied with a White House waiver of the no-cookies policy in the case of viewing YouTube videos embedded in the White House Website.