Barack Obama should not fear cookies!

Just after President Obama was elected back in November I wrote a blog post that had been kicking around in my head for a long time calling for the “legalization” of browser cookies by Federal Government run web sites. The response to the post was great, but now it appears that the first comment from Brent Hieggelke (who was head of marketing at WebTrends for several years) was destined to become ironic. Brent (who is my neighbor in Portland) waxed philosophical about government and cookies with this comment:

“As someone who 4 years ago spent ALL of New Years Day on the phone with the White House Communications Team because their site was “outed” by CNN and other media as <> using cookies in a completely innocent manner, I couldn’t agree more.”

Turns out that Jascha Kaykas-Wolff, the new head of marketing at WebTrends, is probably having the exact same conversation thanks to so called “privacy advocates” according to this article in InformationWeek. What’s more, the privacy advocates, rather than educating themselves about the real risks associated with the use of browser cookies are apparently patting themselves on the back for getting the Obama administration to make a simple, cosmetic change at WhiteHouse.gov regarding the use of YouTube video.

Giving himself full credit for the change, Chris Soghoian from CNET’s “surveli@nce st@te” blog says:

“It seems that someone in the White House read my blog post yesterday–as within 12 hours of the story going live, Obama’s Web team rolled out a technical fix that severely limits YouTube’s ability to track most visitors to the White House Web site.”

Congratulations Chris. Instead of giving the President’s team the lattitude to focus on, oh, THE ECONOMY, THE THREAT OF TERRORISM, THE HOUSING CRISIS, UNEMPLOYMENT, and HEALTH CARE you single-handedly managed to force the Administration to waste their time worrying about whether or not Google was getting just a little more of the world’s data. President Obama, in the midst of rolling out a truly revolutionary use of technology in government in an effort to get more of us personally involved in our communities, our country, and our collective future, was forced by your misguided fear-mongering to stop what they were doing and address what has otherwise been hailed as a brilliant communication effort.

You sir, are the man.

Seriously people, can we stop worrying about cookies for a little while? Given all the other problems we have as a nation and as a global community, am I alone in thinking that people like Chris and his fellow “privacy advocates” need to find something else to focus their efforts on? Maybe if this community spent more time trying to help the President come up with ideas to put America back to work and less time creating fear, uncertainty, and doubt in the popular media we’d see the kind of change that our President has been talking about.

At this point I’m fairly confident that any person who has any shred of concern about their cookies being scraped, hijacked, poisoned, bombed, or otherwise maliciously used to expose their personal habits or ruin their lives has figured out how to clear or otherwise modify said cookies. Even though I started writing about the profile of the cookie deleter back in 2005, I’m still waiting for someone to give me a good reason to delete said objects that is not A) because you’re a site developer and you need to confirm how cookies are being set, B) you’re a web analytics specialist debugging tracking, C) you gamble a lot online or D) you surf a lot of porn.

If “A” or “B” I understand. If “C” or “D” … don’t forget to clear your browser history too!

I’m being snarky, I know, and maybe I’m just taking Chris to task since he still has his street-cred inducing ponytail and I cut mine off. But at this point the hand-wringing about cookies in general much less because of the mandate set by OMB M-03-22 has become tedious and needs to stop. President Obama is working to change the way government works and I think his staff deserve some latitude when it comes to the Internet. If we want government sites to work for us, we need to let analytic technology work for them. If we want change, we need to be open to change.

Put another way, if you fear Google, don’t use their products. If you fear cookies, delete them. If you fear for your privacy online, don’t go online. Wear a foil hat. Don’t answer the phone. Don’t open the door. Don’t speak.

But please people let’s decide to take some personal responsibility on this issue and stop bugging an otherwise busy administration–whichever administration that may be. Regardless of how you feel about Barack Obama, let’s all recognize that we are facing substantially bigger challenges today than we have in recent history and since the man was fairly elected he deserves at least a chance to improve the economic conditions in the U.S. without “privacy advocates” forcing his staff to make tedious (and functionally meaningless) changes to the White House web site.

I know I’m going to get slammed for this post, that’s okay. Somebody needs to stand up for cookies and since I already tried “diplomatic” I suppose it’s time to try “direct.” Browser cookies help make it possible for great companies like CNET to provide lots of great content–including Chris’s blog! Browser cookies help justify great technology like Twitter, Facebook, and MySpace. Browser cookies power the Internet and should not be feared, especially not by President Obama.

I look forward to your comments and criticisms of my position.

Posted Monday, January 26th, 2009 | 23 responses | Add a Comment | Share, Save or Email

Xavier

Eric, great post.

I’m glad to see someone finally champion the cookie cause. Perhaps this post will be the kind of shock and awe needed to make the joetheplummers out there finally take action and get that damn innernet flowing right proper.

Bhupendra

Excellent post Eric. I fully agree with you.

We will need to tackle with the challenges with the open information and free market, and move ahead with more and more of such things. Security concerns shouldn’t take us back, but instead make us more aware.

Thanks and congratulations for writing this post!!

Bhupendra

Mark O'Callaghan

Great post Eric, totally agree with your desire to see the government work on important issues and not get distracted by the ridiculous argument of whether a Webtrends cookie is some super secret invasion of privacy.

Terri Boyle

You’re spot on, Eric. Yes, you will get nailed for posting this. Sadly it seems that people lose focus on what the goal is. Using non-identifiable information gathered from a cookie isn’t invasion of privacy. And these same cookies can enable a site to deliver relevant information the web viewer may not be aware of. This is what all sites should all be striving to do…reach out to their audience. How can they do it? Through the data gathered from their analytics.

eric

Everyone: Thanks for your feedback. I’m encouraged by your comments and the email I am getting from folks!

Bryan Cristina

I think one of the biggest reasons people get so upset is that they feel, for some odd reason, that they’re a bit more important than many other people.

They feel that myself, a web marketing analyst, really gives a crap about what Bill from Nebraska, in particular, is doing on my website and somehow tie everything back to him. I couldn’t care less, and I’ve spent time trying to do so, and yep: reached the absolute zero of caring.

Same goes for the weird privacy guy in California, who for some reason wants to be so private that he has a blog talking all about himself and how private he wants to be. Well isn’t that ironic. Privacy advocates are always loud, out there, and public. Just stay in your hole and pretend google and government agencies really care about you as an individual. They don’t, but if it makes you feel better on your lonely Saturday nights, go for it.

I like cookies, I like analytics, I like Tealeaf. Why? Because I hate, absolutely hate, sites that are busted and have no way of knowing it other than possibly a Contact Us form that sends an email that most certainly is never seen by the business or tech teams.

I hope the people that don’t like cookies never leave their house, too, because I can gather more from them as they go to the local store than I ever could dream about gathering from them online. I hope they wear a disguise, take the back alleys by foot, and only pay in cash too. Because otherwise I’m going to know what they eat, drink, wear, where they bank, and a lot of physical traits I could never gather online. Or maybe anti-cookie people really are agoraphobic and it’s the digital counterpart. Oh well, we’ll get by, their habits will never improve sites they enjoy, and I’ll still have a job helping make a better experience for the 99% that aren’t freaks.

Alan

I applaud your efforts.

Having spent several years of my past working on gov sites, you have no idea how quickly people would raise the red flag on this issue.

Talk about a seriously vocal minority!

Tim

Feds who have been through this before full well know political considerations–no matter how accurate or inaccurate–will carry the day here.

Alex B

I agree with your argument that cookies are really not a big deal, but think you stretched a bit far with the whole “wasting of Obama’s” time/the general connection with politics.

Realize it was somewhat of a rant so I guess I shouldn’t be deconstructing it as such, but, hey, I can’t help it :)

eric

Bryan: That’s what I’m talking about — get angry! And you’re spot on … the notion that (for the most part) we collectively have the time to monitor the actions of an individual on our web site and correlate that behavior to offline data is, well, silly. When I hear people making that leap I immediately think (to myself), “Man, you have never actually tried to do that integration and make that correlation, have you?”

To be clear, if you ** really ** wanted to see the activities of individuals on your site, you certainly could. You can do it using Google Analytics (assuming you’re willing to snub your nose at their data use policy) …

… the question is “Why would you?”

Alan and Tim: I know, I know, I know … we’ve discussed this ad nasuem at this point but I guess what I’m saying is that perhaps it’s time for a more substantial response to the anti-privacy folks. I guess I’m just naive enough to believe that a concerted effort towards change can actually work … “Yes we can” and all that.

Alex: Yes, I am perhaps guilty of using bloated and hyperbolic rhetoric to make my point. You got me. But again perhaps we have collectively been a little too quiet when it comes to responding to the fear-mongers. I mean, have you all read this:

Google Analytics — Yes, it is a security risk

The article itself is a bit bizarre but the comments are even more frightening IMHO.

I know this is old news … so why does it keep coming up? Have we not read SuperCrunchers? Are we not familiar with Acxiom’s data products? Do we not use credit cards? The reality is companies are out there collecting data … it’s more or less a fact of life anymore.

The answer is personal responsibility, not pressuring Federal web sites (or Google Analytics, or Omniture, or anyone) to change their technology. Delete your own cookies, cut up your own credit cards, etc.

(Damn Alex, I am still ranting … ;-)

Matt Lillig

Eric,

I’m down to help champion cookies.

For without cookies, there’s no campaign attribution models. Without good attribution models, there’s advertisers blowing their online ad budgets. With advertisers blowing their online ad budgets, companies like Yahoo! Google and Microsoft lose money. With the big three losing money, it effects the whole economy.

And who do Americans blame for a poor economy??? The government.

So in the end, it all comes back to the smart decisions that our government decides to make. Let’s help this new administration make the smart decision to back off of this ridiculous cookie conspiracy.

All in favor, say AYE!

Tim

>perhaps it’s time for a more substantial response to the anti-privacy folks

Your initial post really hits the issue, but not in the way you meant. The new administration *is* busy with more important things; getting their attention on this one seems a very long shot.

David Smith

I find it ironic that the media organizations like CNN that have ‘outed’ cookie use will blithely insert Peer-to-Peer software on your computer that is far more dangerous–

http://weblog.infoworld.com/gripeline/archives/2009/01/is_it_safe_to_w.html?source=NLC-GRIPE&cgd=2009-01-27

Isn’t it true though that in the US we allow private companies far more access to our private information than the government, while European countries are more restrictive on what the private sector can obtain and use? Could this be reflective of cultural differences that we would have to address in order to clear up the misconceptions about cookies?

Nelson

Hi Eric,

I agree that cookies are NOT evil. As a web analyst they’re responsible for giving some of the only real feedback we get on a website; not just complaints from the contact us section. But do you really think Barrack Obama is wasting his own time with cookies?

I doubt he even knows what a cookie is. If some developer spends a little time fixing the white house site, is it really a problem? I know you were being a little overzealous to make a point, but I worry that people are putting way to much faith in one man. One man, who lets not forget, is a politician. Everything you hear Obama say is both scripted and planned, and not necessarily what he truly thinks.

While I’m happy that Obama was elected, the nation is in dire straits, and Barrack Obama is not going to magically fix it. So many people are drinking the Obama Kool-Aid right now, he could suggest sending a chicken to the moon, and people would laud him as brilliant. Perhaps if we supported every president (including the last one) as people are supporting the new one, the country might not be as bad off.

eric

Nelson: At the risk of having this otherwise interesting conversation devolve into partisan politics, I ** do ** think that Barack Obama knows what a browser cookie is. Or if not, I have faith in the President’s ability to actually study the issue and come up with a reasonable conclusion other than “cookies are evil!”

This is why I wrote my open letter to Barack Obama awhile back.

Yes, Obama is a politician and perhaps expectations for his administration are too high. And no, I do not expect that he will do away with OMB M-03-22 with the stroke of a pen in his first 100 days (although I do suspect he has the ability to do that …) And yes, I get that some people are frustrated with the Obama love-fest that is still going on, at least in the media ;-)

I was being overzealous to make a point. Same in the post I wrote to the Yahoo! group last night (we’re going to make “I (heart) Browser Cookies” t-shirts, who wants one?!) But I guess I think that at this point we all have to admit that wringing our collective hands over “cookies invading our privacy” is needing of a different response.

Thanks to everyone for writing in!

Ian Thomas

Eric,

I applaud your standing up for cookies – they get a very bad press, and the current legislation banning persistent cookies on US Government websites is, frankly, stupid. But I do think you are conflating two issues here – cookies and third-party content & tracking.

Obama’s team’s decision to use YouTube to stream videos and WebTrends for web analytics means that behavior data is being sent to a third party. The Whitehouse.gov site does an pretty good job of explaining about third-party cookies, but a less good job of detailing what data is being sent to third parties, and who those third parties are.

Whilst it’s no skin off my nose to send this data to Webtrends and Google, this is partly because a) I know and trust those organizations, and b) the content on the Whitehouse.gov site is pretty uncontentious. But what if I were looking at detailed information about entitlement programs, or applying online for some Government help with my mortgage? There is at least a valid question to be asked about how this kind of behavior data is shared with third-parties, separate from the cookie discussion.

I actually don’t think it’s inappropriate at this stage to flag this to the Obama adminstration, because I imagine that at this moment (or very shortly) a variety of Federal agencies are looking at how they can put more information and services online. Helping the administration to set sensible policies now will stop precious money being wasted if policies have to be changed later. After all, it’s not as if the White House web team is running around going “Oh My God! How can we help with the bail-out?”

With specific regard to using YouTube for video streaming, there are other issues to consider. How was Google chosen over, say, Vimeo, or Hulu, or MSN Video? Are there any SLAs in place to ensure this material is available on an ongoing basis? Let me make it clear that I don’t object to Obama’s addresses being available on YouTube – they should be there, and on every other video streaming website. But for information published through the Whitehouse.gov website itself, I’m not sure that a third-party streaming site is the best choice. After all, we wouldn’t want Obama to be RickRolled… :-)

Pedantically yours,

Ian

Jeff Katz

I am wondering why organizations and individual dues-paying members of the WAA are not asking them to make this their top priority.

eric

Ian: You raise a good point, these are really two separate issues and probably should be debated as such. While I’m glad to see we’re in agreement on the issue of cookies (I expected nothing less!) I think the issue of who is doing the tracking is more or less moot until the current policy towards cookies is reevaluated.

Let me ask you this: Let’s just say, for instance, that you were trying to get help with your mortgage, and for sake of argument, HUD (or whoever is going to help with mortgages) was using Omniture for their tracking? What would you be risking in that scenario?

Would hackers be stealing your mortgage information as it flowed between HUD and Omniture? Would Omniture employees be looking at your data? Would Omniture even have specific information about your mortgage and application? Would Omniture (or even HUD in their SiteCatalyst data) even know the record was for “Ian Thomas of Seattle”?

I guess, while I certainly respect your opinion, I have to wonder allowed if you’re just propagating the FUD. When we confuse the issues of ** what could possibly be known if the implementation was done in an irresponsible manner ** and ** what is actually likely to be known ** it becomes a slippery slope.

Here’s another way of looking at your concern: I know for a fact that Intuit TurboTax uses Omniture for their web analytics. Does that make you less likely to use TurboTax for your tax prep? Are you worried that your financial information is being passed around the Internet willy-nilly?

No, or at least you shouldn’t be, because I suspect you know Dylan Lewis and you know he would NEVER allow any kind of personally identifiable information to leak into the SiteCatalyst tag. While operating without a silly mandate against a harmless text file, Dylan is able to provide a government-related service to the teeming masses and do so with an eye towards an increasingly good customer experience.

Why should the IRS be any different?

I think if people stop fearing cookies and stop fear-mongering about this type of technology and actually start to examine what it takes to get a good, privacy-respectful implementation of ** whatever ** software in place we could all start to actually benefit from the insights that web analytics does such a good job at providing (in the right hands …)

Respectfully yours.

Jeff: Dunno. Have you asked? Ask!

Matt Lillig

The good thing is that President Obama has been meeting with Eric Schmidt a lot lately and I’m sure that privacy has come up in the discussions (because it sure has for the President’s blackberry usage). If the topic of cookies comes up, then I’m sure Mr. Schmidt will appropriately break it down to the Pres that cookies are not a threat to national security.

Sitening Matt

“Somebody needs to stand up for cookies”

Damn strait. Let’s bust out the poster board and markers and have ourselves a little protest.

eric

Matt: “If the topic of cookies comes up” when Google’s CEO and the President meet then I suspect something else has gone massively wrong in this world. Let us hope for everyone’s sake that never, ever happens ;-)

(Other) Matt: I already bought http://www.iheartbrowsercookies.com and just need to take the time to put up some software that will let us all sign a “virtual petition” … who we will petition and what we will demand I do not know, but at least we will have a silly-sounding domain to do it from!

Len

Privacy has become such a twisted concept.

People running red lights expect privacy. People doing thing in public places (legal or illegal) expect privacy.

I was responsible for IT security in a small office environment. One of the most difficult concepts to transmit to coworkers was that the internet is not private. It is world wide and available to all in one way or another.

The simplest way I could think of to explain the concept was to ask if someone you did not know at a street corner asked for your name, address, phone number, social security number, bank account number, etc., would you give this information to them?

On the other hand, if you did it why wouldn’t you want to own it? Don’t others have the right to observe what is directly in front of them?

Cookies is just another part of this discussion. Cookies simply collect information readily available through your contact with a web site. Why is there an expectation of “privacy”. (in a public place doing public things is not private.)

It is unclear to me why people believe their public interaction with a commercial enterprise should be private. Did they not intend to go there?

Since cookies are so easily controlled I am hard pressed to understand the angst.

Len

I just tried to go to to several government web sites through Google.

Google would not let me connect to the web site and warned me the site could be dangerous to my computer.

Is there a connection between cookie concerns and this warning? Does anyone know?

Add a Comment