Cookies

From The IT Law Wiki

Contents 1 Overview 2 Benefits of cookies 3 Drawbacks of cookies 4 Security measures 5 Use of cookies on federal websites 6 References

[edit] Overview

The cookie was developed to enable a website owner to keep track of a particular user’s activity within the site. Cookie technology allows the website’s server to place information about a user’s visits to the site on the user’s computer in a text file that only that website’s server can read.

Using cookies, a website assigns each user a unique identifier (not the actual identity of the user), so that the user may be recognized in subsequent visits to that site. On each return visit, the site can call up user-specific information, which could include the user’s preferences or interests, as indicated by specific web pages or documents the user accessed in prior visits or items the user clicked on while visiting the site. Cookies can store information that facilitates the interaction between the user and the website.

Cookies vary in the amount of security they provide for the information they contain. Cookies often store data in plaintext, which could allow an unauthorized party that accesses a cookie to use or alter the data stored in it. Some websites create encrypted cookies, which protect the data from unauthorized access.

An expiration date feature allows cookies to be set to remain on a user’s computer either permanently (a persistent cookie) or for a specified length of time, such as for a single Web session (session cookie).

As an example of how a permanent or persistent cookie functions, consider the online version of a newspaper. If a subscriber whose native language is Spanish informs the website that he prefers to download the Spanish edition of the newspaper, the newspaper can store that information in a cookie file on the user’s hard drive. When the subscriber next visits the newspaper’s website, the site retrieves the language preference information from the cookie and automatically sends the Spanish-language edition to the user. Temporary cookies can be created during online shopping expeditions. The cookies can tag the shopper’s intended purchases to facilitate the ordering process and then expire after a purchase is made.

Consumers can also delete the cookie files stored on their computers. Deletion will not erase any information stored on the advertiser's server, but it will prevent future Web activity from being associated with past activity through the identification number of the deleted cookie.

Most Internet browsers also can be configured to notify users that a cookie is being sent to their computer and to give users the option of rejecting the cookie. The browsers’ default setting, however, is to permit placement of cookies without any notification. Because many sites require users to accept cookies in order to view their content, or make multiple attempts to place cookies before displaying content, the notification process may unacceptably frustrate consumers’ ability to surf the Web efficiently.

[edit] Benefits of cookies

Cookies can provide significant benefits to online users. For example, websites often ask for user names and passwords when purchases are made or before certain kinds of content are provided. Cookies can store these names and passwords so that consumers do not need to sign in each time they visit the site. In addition, many sites allow consumers to set items aside in an electronic shopping cart while they decide whether or not to purchase them; cookies allow a website to remember what is in a consumer’s shopping cart from prior visits. Cookies also can be used by websites to offer personalized home pages or other customized content with local news and weather, favorite stock quotes, and other material of interest to individual consumers. Individual online merchants can use cookies to track consumers’ purchases in order to offer recommendations about new products or sales that may be of interest to their established customers. Finally, by enabling businesses to monitor traffic on their websites, cookies allow businesses to constantly revise the design and layout of their sites to make them more interesting and efficient.

Network advertisers’ use of cookies and other technologies to create targeted marketing programs also benefits both consumers and businesses. Targeted advertising allows customers to receive offers and information about goods and services in which they are actually interested. Targeted advertising can also improve a consumer’s Web experience simply by ensuring that she is not repeatedly bombarded by the same ads. Businesses benefit from the ability to target advertising because they avoid wasting advertising dollars marketing themselves to consumers who have no interest in their products. Additionally, targeted advertising helps to subsidize free content on the Internet.

[edit] Drawbacks of cookies

Because the Website owner determines what information is placed in a cookie, the cookie may contain Personally identifiable information about the user, including bank account or credit card numbers.

In addition, cookies can be shared with third parties that are unknown to the user.

[edit] Security measures

Most Web browsers can be configured to prompt users to accept or reject each cookie, or to accept or reject session cookies automatically but prompt users to accept each persistent cookie or reject persistent cookies automatically. Most Web browsers also can be configured to allow cookies to be set only for the website the user visited (known as first-party cookies), not for the websites of advertisers and other parties (known as third-party cookies). Permitting first-party cookies and blocking third-party cookies can be very helpful in reducing the number of tracking cookies placed onto a system.

[edit] Use of cookies on federal websites

Pursuant to a 2000 memorandum from the Office of Management and Budget,^[1] there is a presumption that cookies will not be used on federal websites. Under this policy, cookies are not to be used on federal websites, or by contractors when operating websites on behalf of federal government agencies, unless, in addition to clear and conspicuous notice, the following conditions are met:

• a compelling need to gather the data on the site;
• appropriate and publicly disclosed privacy safeguards for handling of information derived from cookies;
• and personal approval by the head of the agency.

In addition, it is federal policy that all federal websites and contractors when operating on behalf of federal agencies shall comply with the standards set forth in the Children's Online Privacy Protection Act of 1998 with respect to the collection of personal information online at websites directed to children.

[edit] References

1. ↑ Office of Management and Budget, Memorandum for the Heads of Executive Departments and Agencies, Privacy Policies and Data Collection on Federal Web Sites (M-00-13 June 22, 2000).