NEW YORK, AP – The White House said Friday its Web tracking technology is consistent with federal rules because it only counts the number of visitors anonymously and doesn’t record personal information.
The White House’s site uses what’s known as a Web bug — a tiny graphic image that’s virtually invisible — to anonymously keep track of the number and time of visits. The bug is sent by a server maintained by an outside contractor, WebTrends Inc., and lets the traffic-analysis company know that another person has visited a specific page on the site.
Web bugs themselves are not prohibited. However, under a directive from the White House’s Office of Management and Budget, they are largely banned at government sites when linked to cookies, which are data files that let a site track Web visitors.
Cookies are not generated simply by visiting the White House site. Rather, WebTrends cookies are sometimes created when visiting other WebTrends clients. An analysis by security researcher Richard M. Smith shows such preexisting cookies have then been read when users visit the White House site.
The discovery and subsequent inquiries by The Associated Press prompted the White House to investigate. David Almacy, the White House’s Internet director, said tests conducted since Thursday show that data from the cookie and the bug are not mixed — and thus the 2003 guidelines weren’t violated.
“The White House Web site is and always has been consistent with the OMB guidance,” Almacy said, adding that the limited tracking is common among Web sites.
Jason Palmer, vice president of products for Portland, Ore.-based WebTrends, said Web browsers are designed to scan preexisting cookies automatically, but he insisted the company doesn’t use the information to track visitors to the White House site.
Smith said the White House and WebTrends could have avoided any appearance of a problem by simply renaming the server used at WebTrends.
The Clinton administration first issued the strict rules on cookies in 2000 after its Office of National Drug Control Policy, through a contractor, had used the technology to track computer users viewing its online anti-drug advertising. The rules were updated in 2003 by the Bush administration.
Nonetheless, agencies occasionally violate the rules — inadvertently, they contend. The CIA did in 2002, and the NSA more recently. The NSA disabled the cookies this week and blamed a recent upgrade to software that shipped with cookie settings already on.