Today, EFF and the Center for Democracy and Technology submitted comments to the Office of Management and Budget in response to the agency's review of the policies governing the federal government's use of cookies and other web technologies.

The comments are an extension of recommendations we made in May, in which we suggested that the OMB permit cookie-based web analytics so long as the process was carefully overseen and met with specific strict safeguards. Today, we've expanded our recommendations to include the use of cookies for creating individualized web account logins and other common web practices that we understand government webmasters would like to be able to use. Overall, we continue to urge the government to limit the use of any data collected, to eliminate this data as soon as possible, and to seek third-party oversight.

To see the extent to which the current cookie policy creates confusion and allows invasions of citizens' privacy, one need look no further than the ongoing episode surrounding's use of embedded YouTube videos. In the current privacy policy, a waiver grants YouTube the right to use persistent cookies, but only "to help maintain the integrity of video statistics." In contrast, YouTube's privacy policy allows for much broader use, claiming license to permanently store data gleaned from for use in "marketing campaigns." (In June, Google privately told EFF that it had halted this practice and was ignoring cookies from visitors to — but, since then, we've been waiting for a clear, public statement from Google to confirm or clarify this.)

Today, we've proposed a new and better framework. We thank the OMB for the opportunity to suggest a solution to these problems and hope our comments will be taken into account.

You can read more about this issue in this morning's Washington Post.