Congress' hands caught in the cookie jar

First the NSA, then the Pentagon, and now Congress fesses up to undisclosed Web tracking. Infographic: Caught with hands in the cookie jar

This is the second story in a two-part investigation. Read the first part here.

Dozens of U.S. senators are quietly tracking visits to their Web sites even though they have publicly pledged not to do so.

Sixty-six politicians in the U.S. Senate and House of Representatives are setting permanent Web cookies even though at least 23 of them have promised not to use the online tracking technique, a CNET investigation shows.

Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites' data collection practices. In a statement posted on his own Web site, McCain assures visitors that "I do not use 'cookies' or other means on my Web site to track your visit in any way."


What's new:
Although they have promised to abstain from using cookies to track visits to their Web sites, at least 23 U.S. senators do so. Overall, 66 members of Congress use the tracking devices.

Bottom line:
Although there is no rule prohibiting members of Congress from using cookies, such practices have come under fire from privacy advocates, including from politicians who continue to employ cookie ID devices on their Web sites.

More stories on this topic

But visiting implants a cookie on the visitor's PC that will not expire until 2035.

"ColdFusion was used to design the site by a third-party vendor, and we were not aware of any cookies," McCain's office said in a statement sent to CNET, referring to Adobe Systems' popular Web design software. "The information collected is not used by our office for any purpose, and we are currently in the process of deleting them."

All House members who use cookies either acknowledge it or have privacy policies that are silent on the topic. Of the 23 senators who pledged not to employ cookies but do anyway, 18 are Republicans and five are Democrats.

"It shows their lack of understanding of technology," said Sonia Arrison, director of technology studies at the Pacific Research Institute, a nonprofit group in San Francisco. "It's willful ignorance. They're complete hypocrites. How can they accuse companies of poor data management when they're not doing it on their own Web sites?"

No rule prohibits the use of Web monitoring techniques by Congress. But such a restriction does apply to executive branch agencies. The Pentagon and others scrambled this week to eliminate so-called Web bugs and cookies after inquiries from CNET

The practice of tracking Web visitors came under fire last week when the National Security Agency cookies to monitor visitors. It halted the practice after inquiries from the Associated Press. The White House also last week for employing a tracking mechanism, created by WebTrends, that used a tiny GIF image.

Cookies are unique ID numbers that a remote Web site hands a browser, which automatically regurgitates them upon subsequent visits. They can be used for something as innocuous as permitting someone to customize a Web site's default language for return visits. In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.

(Like most online media organizations, CNET Networks, the publisher of, uses cookies. That use is detailed in a privacy policy.)

"The irony is rich"
It's ironic for senators to complain about private companies setting cookies and then go ahead and do it themselves, said Jim Harper, director of information studies at the Cato Institute, a free-market think tank.

"They should definitely abide by their privacy policies," Harper said. "The irony is rich."

Cookie jar infographic

McCain, for instance, spent years warning that cookies were a problem when used by corporations. "Through the use of cookies and other technologies, network advertisers have the ability to collect and store a great deal of information about individual consumers," McCain said in 2000 (click here for PDF). "This information is collected without the consumer's knowledge or consent."

Similarly, the Senate's Governmental Affairs Committee prepared a report in 2001 saying that 64 federal agency Web sites used permanent cookies. Today, so does the Governmental Affairs Committee.

One bill was even introduced in February 2000 to target corporations' use of cookies. It died in a Senate committee.

In many cases, politicians seemed to be unaware of their use of Web tracking technology until being contacted this week.

A representative for the Senate's top Democrat, Harry Reid of Nevada, said the office's Webmaster had no idea that set two cookies scheduled to expire in 2035. After CNET asked about it, the Webmaster started to dig through the code.

"Obviously our office has no idea what we're using these cookies for, because we don't even know they existed," said Ari Rabin-Havt, Reid's director of Internet communications.

One version of Reid's privacy policy is silent about cookie use, but a Spanish-language version pledged not to employ them.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

iPhone 6S chip controversy over battery life

Not all new iPhones have the same processor chip, but Apple says differences in performance are minimal. Apple also pulls ad-blocking apps over privacy concerns, and Netflix raises its price again.

by Bridget Carey