Recommendations for Web Measurement on Government Websites
As an alternative, CDT and EFF are recommending a sensible way forward: Government webmasters ought to be permitted to use modern analytics tools without agency-head approval, so long as the use of those tools is carefully overseen and meets with specific strict safeguards and requirements.
Many of these safeguards will be familiar to folks who've read EFF's Best Practices For Online Service Providers: Visitor data must be speedily anonymized, and it may not be used for purposes other than traffic analysis. Visitors should be given a clear option allowing them to opt-out of tracking, and agency privacy officers must carefully review and audit the processes. And, importantly, no "agency-head approval" will be sufficient to waive these requirements.
In addition to being smart policy, the adoption of these guidelines would foster smart technology. Current web anaytics systems are notorious for hoarding data irregardless of privacy concerns. The prevailing approach is to collect as much information as possible and store it for as long as possible. To make matters worse, most systems (including the popular Google Analytics) store the data on servers that the web-manager does not own or control, increasing the likelihood that the data will be captured, leaked or misused. Adoption of these recommendations would encourage analytics providers to consider safer and smarter approaches.
The Obama Administration is expected to begin revising federal website policies soon, as part of its "Open Government" initiatives. We hope these recommendations will be incorporated. The result would be a win, both for webmasters seeking data and for citizens seeking privacy.