NSA site installed ‘illegal’ cookies:
The National Security Agency’s Internet site has been placing files on visitors’ computers that can track their Web surfing activity despite strict federal rules banning most files of that type.
The files, known as cookies, disappeared after a privacy activist complained and The Associated Press made inquiries this week. Agency officials acknowledged yesterday that they had made a mistake.
Nonetheless, the issue raised questions about privacy at the agency, which is on the defensive over reports of an eavesdropping program.
“Considering the surveillance power the N.S.A. has, cookies are not exactly a major concern,” said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington. “But it does show a general lack of understanding about privacy rules when they are not even following the government’s very basic rules for Web privacy.”
Until Tuesday, the N.S.A. site created two cookie files that do not expire until 2035.
The question I want answered is “Why are they even installing cookies at all?” Again, I am not going to move to Montana and go off the grid because of this (add to it I have never been to the NSA site), but I do want to know why this was even done in the first place.
*** Update ***
Not sure why some of you think I thought this was a big deal, because I don’t. That is why I had quotes o’ sarcasm around ‘illegal.’ All I wanted to know was why NSA would even bother to install cookies, and this explanation from the comments seems to be the best description of what probably happened:
Their files are all .cfm, which strongly implies that their website was developed using Cold Fusion. Cold Fusion handles session state data by storing a session key in a user cookie. In all likelihood, they didn’t know or didn’t remember to turn off the creation of these session cookies.
Cookies are passed from the browser to the appropriate site when an HTTP request is made. There’s no way that a NSA cookie could give the NSA information it doesn’t already have, unless the NSA was embeddeding content in other websites. And that would be obvious, because hiding it would make it not work.
If anything, this story serves to discredit those who are bleating about it.