Congress will be watching you too…


While Tom is worried about Pentagon advertisements watching him, you should be worried about local Congress members watchin you. As the Associated Press found, the NSA was using cookies to track web visitors, and now CNET has looked at Congress’s cookie use.

What did they find? Congress is watching you too. To quote them:

Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites’ data collection practices. In a statement posted on his own Web site, McCain assures visitors that “I do not use ‘cookies’ or other means on my Web site to track your visit in any way.” But visiting mccain.senate.gov implants a cookie on the visitor’s PC that will not expire until 2035.

CNET looked at every Congress member’s website cookies and found five local politicians raiding the cookie jar, one even with a pledge on their website against collecting cookies!

The local cookie trackers:

Title Name Party State Pledge Expires
Rep. Hoyer, Steny D MD No Years: 30+
Rep. Cardin, Ben D MD No Years: 30+
Sen. Mikulski, Barbara D MD Yes Years: 30+
Sen. Allen, George R VA No Years: 30+

So the next time you see Sen. Mikulski, do me a favor, please. Ask her: How do you spell “hypocrisy”?

4 Comments so far

  1. Tom Bridge (unregistered) on January 6th, 2006 @ 4:22 pm

    Ben Forta says it’s sensationalism. He should know. He wrote the software that most of the sites were coded in.


  2. misschatter (unregistered) on January 6th, 2006 @ 4:51 pm

    The comment on Ben Forta piqued my curiosity. Yep, I recently had to explain CFID and CFTOKEN cookies (which I just checked as being set by George Allen’s site) to the higher-ups in my agency because fed agencies aren’t allowed to use persistent or tracking cookies (and must fess up in the privacy policy if they are). While these are persistent (and it’s a PITA to make them not persistent), they are automatically set by the ColdFusion server and are not tracking cookies in the least. So while I wouldn’t put it past some in Congress, it’s most likely not being done, particularly if you see that CFID/CFTOKEN pair.


  3. Yuda (unregistered) on January 6th, 2006 @ 5:31 pm

    Ah, how I love paranoid blathering about cookies by people who don’t know what they’re talking about.

    Cookies are not a privacy concern: the server can’t get any information it didn’t set in the first place. If you’re worried about being “tracked”, you should probably consider that your browser leaves your IP address with every page you visit.

    You might also note that your own site uses cookies.


  4. Nikolas Coukouma (unregistered) on January 8th, 2006 @ 4:50 am

    Cardin, Mikulski, and Allen are using Adobe ColdFusion. Hoyer is using Microsoft ASP.NET. All of the cookies I observed are the sort set automatically by web programming frameworks. None were set to work across domains, which would be necessary to do a significant amount of tracking. As Forta explains, they don’t contain any interesting information themselves. The only thing that even a privacy nut would worry about is that they make IP hopping technology, like Tor, pointless. If you’re worried about privacy that much, you should have disabled cookies long ago.

    Far more important is what data is retained, for how long, and what is done with it. It’s clear that they can only track your activity within their site. As for how long, Forta’s statements suggest that the ID is only stored for a couple hours at most. The server logs, with IP addresses, are probably around longer. Finally, it’s impossible to say whether or not they’re even paying attention to the collected data. I doubt they are, although it would probably be a good idea to analyze traffic patterns to improve usability.



Terms of use | Privacy Policy | Content: Creative Commons | Site and Design © 2009 | Metroblogging ® and Metblogs ® are registered trademarks of Bode Media, Inc.