E-Gov 2.0 in Action
[Editor Note: This entry has been updated, please see below.]
Last week we blogged (Part I and Part 2 ) about how current federal policies around the use of Internet technologies may need to be updated to keep pace with the past few years’ advances in both privacy protection and technological sophistication. We highlighted how the current policy governing the use of cookies on federal Web sites could be improved to facilitate federal agencies’ full use of Web 2.0 services while continuing to respect citizens’ privacy. We suggested that federal Web sites could offer site visitors their choice of using a particular feature – such as embedded video – with or without persistent cookies.
Ask, and ye shall receive. When President Obama’s official home on the Web was unveiled as he was sworn into office yesterday, it came together with a privacy policy prescribing just the kinds of choices we were thinking about.
According to the policy:
For videos that are visible on WhiteHouse.gov, a ‘persistent cookie’ is set by third party providers when you click to play the video.
This persistent cookie is used by YouTube to help maintain the integrity of video statistics. A waiver has been issued by the White House Counsel’s office to allow for the use of this persistent cookie.
If you would like to view a video without the use of persistent cookies, a link to download the video file is typically provided just below the video.
This policy is completely in line with the guidelines about the use of cookies on federal Web sites that were issued in 2003. Yet it allows WhiteHouse.gov to take full advantage of streaming video (a technology that was hardly mainstream back then) while also offering site visitors increased control over their online privacy. It would seem that as an opening salvo, the WhiteHouse.gov policy is spot-on.
Unfortunately, policy and practice are not quite one and the same. A quick review of the most prominent videos currently available on WhiteHouse.gov (the President’s inaugural address, for example) reveals that persistent cookies belonging to the White House’s video provider (YouTube) are set as soon as a visitor accesses the landing page containing a video. Even if the site visitor never clicks the play button, he or she will come away with a persistent YouTube cookie that doesn’t expire for nine months or so. And one of the videos linked from the site’s home page, the whistlestop tour video, does not allow users to download the video rather than watch it on the Web.
UPDATE: Talk about a quick turnaround. WhiteHouse.gov has instituted a fix for its video cookie problem so that merely visiting a landing page containing a video does not automatically set a persistent cookie. Instead, each landing page contains an image of the video player. Only after a site visitor clicks the image is the actual video player displayed (accompanied by its cookie). The White House has also updated its privacy policy to indicate that it fully intends to adhere to its stated cookie policy despite initial technical difficulties. The updated policy provides a link that site visitors can use to inform the White House about any difficulties they may be having with the site.
Whitehouse.gov ‘Bugged’
Over on Dave Farber’s Interesting-People mailing list, Karl Auerbach has pointed out another potential privacy pitfall on the site. WhiteHouse.gov appears to be using WebTrends, a third-party private company that provides Web analytics and statistics services. WebTrends is placing a Web beacon – an invisible image file that allows the company to record the IP addresses and browser information of site visitors — on pages of the WhiteHouse.gov site. This allows WebTrends to track individual users by IP address, both on the White House site and the many other sites that make use of WebTrends analytics.
The WhiteHouse.gov privacy policy makes no mention of its use of Web bugs or third-party data collection partners. This flies in the face of federal guidance on the issue, which requires disclosure of tracking technologies and specifically mentions Web beacons. Furthermore, it is unclear how the White House can justify using a third-party analytics provider, which opens site visitors up to being tracked across the Web at large, instead of doing analytics from its own first-party Web server.
Given that WhiteHouse.gov has been live for less than two days and its content was obviously put together in a hurry to match the presidential transition schedule, it may be unreasonable to expect the site’s privacy protections to be perfect from the outset. But we expect both of these issues to be dealt with promptly if we are to believe that President Obama’s commitment to privacy is more than mere rhetoric.