March 2, 2009 | By Hugh D'Andrade

White House Responds to Privacy Complaints?

This morning it seemed that complaints from EFF and other privacy advocates and journalists had apparently helped created a change in White House policy concerning the use of cookies and tracking technologies on We were ready to give kudos to the Obama Administration for listening to privacy advocates, something we rarely get to do.

Now the Obama Administration says that their privacy-protective step was just “an experiment." If so, it’s an experiment we hope they continue.

Over the weekend, the White House quietly shifted from using YouTube-hosted videos and delivered the president's Saturday address using Flash-based video hosted on government servers. As a result, visitors to no longer had third party cookies that enable tracking of their web use placed on their computers when they choose to view a video.

EFF raised the issue of cookies and other tracking technologies on government sites earlier this year, following reports on the issue from CNet blogger Chris Soghoian and Columbia professor Steve Bellovin. In a letter to White House Counsel Gregory Craig, we asked the Obama administration to find a technical solution that would protect the privacy of visitors to government sites and also requested the waivers given to that allowed it to circumvent long-standing rules that bar the use of cookies on government sites, as well as supporting information.

EFF was ready to congratulate the White House on their change in policy and for their swiftness in addressing the issue. It would mean that the Obama website team has the will and the agility to hear concerns from the public, and to act quickly to find remedies that work in the public's interest. We still hope this experiment in change is a harbinger of things to come and hold our kudos at the ready.

Even with this change, there will be room for further improvement. YouTube cookies are not the only third-party web tracking technology in use on government websites, as we pointed out in our letter. There is still the issue of "invisible pixel" style webbug/tracker on every page on the site, hosted by, which raises equally important concerns. Also, if the government continues to use edge-caching technology such as that provided by Akamai, Inc. or Amazon S3, the government should require those providers to destroy any IP address or other information that they obtain about visitors to the websites as part of providing the service as soon as reasonably possible.

We are also still looking forward to a response from Mr. Craig concerning the waiver, whether goes “cookieless” permanently or not. Transparency means that the public should be able to see the basis for good decisions made by their government as well as bad ones.

Meanwhile, as blogger Soghoian points out, the White House experiment comes on the heels of recent changes made by YouTube to address one of the issues of cookies on federal government sites – cookies that are triggered even if the video on the page is not played. YouTube recently created an option for delayed cookies, giving the option to those who embed YouTube videos on their sites to prevent cookies from being automatically deposited on a visitor's computer until the user clicks to view the video. (Their solution is akin to EFF's MyTube code which does something similar.)

In addition, on government sites that continue to use YouTube videos rather than hosting them on government servers, videos feature a prominent link to YouTube's privacy policy, so that at the very least, the public has some access to information about what information is being gathered and how it is being used. Kudos are also due to YouTube for acting to address these concerns and for making the “delayed cookies” fix broadly available to all websites, not just government ones.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Backdoors have been discovered in Arris cable modems. This is why we need a security research exemption to the DMCA.

Nov 27 @ 2:15pm

Censorship powers, data retention, and vague hacking crimes: Pakistan's terrible cybercrime bill has it all:

Nov 25 @ 5:11pm

While Bangladesh blocks social messaging apps, locals are turning to Tor and Twitter:

Nov 25 @ 3:50pm
JavaScript license information