May 12, 2009 | By Tim Jones

Recommendations for Web Measurement on Government Websites

Today, The Center for Democracy and Technology and EFF are releasing "Open Recommendations for the Use of Web Measurement Tools on Federal Government Web Sites." (Press Release. PDF.) The document recommends repairs to the federal guidelines that regulate the use of cookies and other "persistent tracking technologies" on government websites.

Today, these regulations are problematic: They're both too harshly bureaucratic in some cases and too relaxed in others. They're too harsh because ordinary government webmasters are prohibited from performing even basic traffic analysis without acquiring personal approval from their agency's head — something they say is an insurmountable bureaucratic obstacle in many federal agencies. They're too relaxed because they don’t reach many of the tracking technologies that are in use today. In addition, in the event that the agency head does provide this sign-off, it allows a loophole which can enable the agency to use tracking technologies with almost no oversight or accountability. EFF has recently had first hand experience with this loophole since the White House has still refused to give any explanation, much less provide the actual waiver it recently issued for use of cookies on whitehouse.gov.

As an alternative, CDT and EFF are recommending a sensible way forward: Government webmasters ought to be permitted to use modern analytics tools without agency-head approval, so long as the use of those tools is carefully overseen and meets with specific strict safeguards and requirements.

Many of these safeguards will be familiar to folks who've read EFF's Best Practices For Online Service Providers: Visitor data must be speedily anonymized, and it may not be used for purposes other than traffic analysis. Visitors should be given a clear option allowing them to opt-out of tracking, and agency privacy officers must carefully review and audit the processes. And, importantly, no "agency-head approval" will be sufficient to waive these requirements.

In addition to being smart policy, the adoption of these guidelines would foster smart technology. Current web anaytics systems are notorious for hoarding data irregardless of privacy concerns. The prevailing approach is to collect as much information as possible and store it for as long as possible. To make matters worse, most systems (including the popular Google Analytics) store the data on servers that the web-manager does not own or control, increasing the likelihood that the data will be captured, leaked or misused. Adoption of these recommendations would encourage analytics providers to consider safer and smarter approaches.

The Obama Administration is expected to begin revising federal website policies soon, as part of its "Open Government" initiatives. We hope these recommendations will be incorporated. The result would be a win, both for webmasters seeking data and for citizens seeking privacy.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

EFF has deployed a new SSL certificate signed with SHA-2 for long-term security. https://eff.org/crt2015

Apr 27 @ 11:53am

We're doing a reddit AMA in an hour on the threats of TPP and Fast Track. Join us and 3 other public interest groups https://eff.org/r.ispe

Apr 27 @ 11:20am

Here’s a new word to add to your police surveillance vocabulary: “Automated Vehicle Occupancy Detection” https://eff.org/r.zimv

Apr 27 @ 11:14am
JavaScript license information