The White House said Friday its Web site will keep using Internet tracking technologies, deciding that they aren’t prohibited after all under 2003 federal privacy guidelines.
The White House’s site uses what’s known as a Web bug — a tiny graphic image that’s virtually invisible — to anonymously keep track of who’s visiting and when. The bug is sent by a server maintained by an outside contractor, WebTrends Inc., and lets the traffic-analysis company know that another person has visited a specific page on the site.
Web bugs themselves are not prohibited. But under a directive from the White House’s Office of Management and Budget, they are largely banned at government sites when linked to cookies, which are data files that let a site track Web visitors.
Cookies are not generated simply by visiting the White House site. Rather, WebTrends cookies are sometimes created when visiting other WebTrends clients. An analysis by security researcher Richard M. Smith shows such preexisting cookies have then been read when users visit the White House site.
The discovery and subsequent inquiries by The Associated Press prompted the White House to investigate. David Almacy, the White House’s Internet director, said tests conducted since Thursday show that data from the cookie and the bug are not mixed — and thus the 2003 guidelines weren’t violated.
Jason Palmer, vice president of products for Portland, Ore.-based WebTrends, said Web browsers are designed to scan preexisting cookies automatically, but he insisted the company doesn’t use the information to track visitors to the White House site.
The Clinton administration first issued the strict rules on cookies in 2000 after its Office of National Drug Control Policy, through a contractor, had used the technology to track computer users viewing its online anti-drug advertising. The rules were updated in 2003 by the Bush administration.
Nonetheless, agencies occasionally violate the rules — inadvertently, they contend. The CIA did in 2002, and the NSA more recently. The NSA disabled the cookies this week and blamed a recent upgrade to software that shipped with cookie settings already on.