EFF to White House Counsel: What Will You Do to Protect the Privacy of WhiteHouse.gov Users?
As we noted last week, the new WhiteHouse.gov site uses embedded YouTube movies, raising concerns of privacy and open government advocates. Embedded video clips can place or add to a cookie on the user’s computer – thus enabling tracking of users as they use the web. In response, the Obama Administration acted quickly, implementing a partial fix that ensures cookies will only be used when the user chooses to play the video, and not automatically upon loading a page.
This is an improvement, particularly impressive for the speed of the response, and we commend the Obama Administration for it.
For videos that are visible on WhiteHouse.gov, a “persistent cookie” is set by third party providers when you click to play a video.
This persistent cookie is used by some third party providers to help maintain the integrity of video statistics. A waiver has been issued by the White House Counsel's office to allow for the use of this persistent cookie.
Given the importance of the “no cookie” presumption to the privacy of visitors to WhiteHouse.gov, we’d like to know why the White House Counsel decided to waive it. To answer this question, we have sent a letter to White House Counsel Gregory Craig, asking him to detail the “information and analysis” on which his waiver is based.
While the White House counsel has no obligation under the law to reply to our query, we hope he will do so in light of the memo issued by the President on his first day in office instructing all agencies to “adopt a presumption in favor of disclosure… to usher in a new era of open Government.”
We have also provided Craig, the folks at WhiteHouse.gov and YouTube with a short list of suggestions to better protect the WhiteHouse.gov users regardless of the waiver:
- Work with YouTube to end the retention of cookie data for any video embedded on a government site, including so-called “flash cookies.” We see no reason why YouTube needs to retain this information and every reason why it can use this opportunity to make a solid commitment to the public good.
- The White House has already taken the helpful step of providing visitors with a direct-download link to a high definition MP4 of most video. To build on this, the site could embed the low definition videos using its own Flash-player and stream the video directly from the White House’s own server, rather than relying on YouTube.
- Add a link to privacy information near each video embed specifically identifying third parties that may have access to the data, so that users will be fully informed of their risks and options.
- An "invisible pixel" style webbug/tracker on every page on the site, hosted by WebTrends.com.
- The entire WhiteHouse.gov domain appears to utilize edge-caching technology provided by Akamai, Inc.
- Access to direct-download MP4s of video content appears to be hosted by Amazon S3.
In each of these cases, when a person visits the WhiteHouse.gov site, a third-party logs IP addresses and other personally identifiable information. Yet the limitation on cookies was espressly adopted in 2000 out of concern about the risk of the technologies that “can track the activities of users over time and across different websites.”
So in addition to asking the White House Counsel for information about this waiver to allow third-party cookies, we’ve asked a specific question: What is the White House willing to do to continue to protect the privacy of visitors to government websites, even as it utilizes tools other than cookies that can do similar tracking?
President Obama is leading the way in making new and unprecedented use of the new technologies to keep the public informed and engaged. We are hopeful that his Administration will readily recognize that part of open and responsive Government is making sure that neither the government, nor any third parties, are tracking the activities of those who seek to access government information.
We have asked the White House counsel to respond to our two questions by February 6, 2009. We’ll let you know what happens.
Recent DeepLinks Posts
Apr 25, 2017
Apr 25, 2017
Apr 25, 2017
Apr 25, 2017
Apr 24, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games