Internet Privacy : The Cookie Controversy

Basic Privacy

Internet privacy advocates object to cookies for a wide variety of reasons. First among them, succinctly put by Viktor Mayer-Schonberger is that "the cookie is stored in the user's computer without her consent or knowledge" (Mayer-Schonberger). Before the upgrades of popular browsers like Netscape and Microsoft Internet Explorer, cookies were placed anonymously and without alerting the user. Next, information from the cookie was transmitted to the website, again without the user's knowledge. (ibid) With browser upgrades users may be alerted to when they are being offered a cookie, but the formatting of the information may tell the user little about what is actually being stored. For example, on August 10, 1997 The AdLink Exchange offered the following cookie information to the author of this paper:

The server adlink.exchange.com wishes to set a cookie that will be sent back to any server in the domain .linkexchange.com. The name and value of the cookie are: SAFE_COOKIE=33ee55190305260c. This cookie will persist until Tue, Nov. 09 15:59:59: 1999.

A second cookie was offered immediately afterward, with a value of XLINK=X194454, without an expiration date. There is little way to decipher what information was to be stored in these cookies, although presumably it would have recorded the site where the cookie was offered, what advertisement was currently on display, and whether or not the ad had been accessed.

In addition to the cryptic nature of cookie alerts to the user, it is not always clear where the cookie is coming from. In the case of banner advertisers, they are placing cookies on any number of websites, and the user may not always be alerted that the cookie is coming from an advertiser rather than the website itself. In the example above the "Adlink Exchange" server was clear, but on more crowded sites where multiple cookies are offered, the identity of the cookie may become blurred.

Software Issues

The safety of personal information stored on the user's hard drive has also been of concern in the cookie debate. Concerns have been raised about the possibility of cookies being written that would allow access to other information that the user has stored. Cookie programming "has many times been found to contain gaping security holes. At one point in its development it allowed access to your e-mail address as you had it specified in your Netscape/MSIE preferences file" (Robulack). One of the most recent upgrades of the popular Internet browser, Netscape Communicator, was plagued with a bug that would allow a website access to the information that was passed between that site and the cookie file, including credit card numbers and passwords that had been entered into files. While this bug has been fixed and did not allow access to the user's hard drive, it was still a serious breach of cookie security (Radosevich). Further concerns have been raised about the possibility of websites gaining access to cookies placed by other sites, but it is being debated whether or not this is practicable (Shutko). Another issue regarding cookies is that they may contain malignant viruses which would be transferred onto the user's hard drive. While it is possible that a malicious program might be transmitted and allowed to execute by a bug in Microsoft's Internet Explorer 3.0, it is not a strong concern. Cookies are routinely stored only as text files, and so are not executable ("Cookies and Viruses"). A more serious worry could be the possibility that a cookie might be developed that could "snoop through a user's hard drive, looking for something that resembles a Social Security number or a bank balance" (Moukheiber, 343).

Internet Privacy

The most pressing issue concerning cookies, more than possible hardware invasions and general unease with the placing of files on user hard drives by third parties is the concern of user privacy and the potential for abuse. Advertisers and webmasters are currently using cookies to develop detailed profiles of users and their browsing habits. Each click on a particular type of advertisement or page in a website is added to the profile maintained by the maintainer. For the time being this information is primarily used for website design and the placement of banner advertisements, but the possibility also exists for these profiles to be sold and resold to other commercial interests (Roubulack). This could lead to deeper incursions into personal privacy, because if any one of the cookie-maintainers links a user identity to their cookie ID, then that information could also be resold. "...once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites ("How web server's cookies threaten your privacy").

While this might at first seem to be only a nuisance, which would probably lead only to a serious increase in "targeted" junk paper mail or e-mail, there are more serious concerns for potential abuse. In addition to extensive information on personal interests, those individuals "who do online research on controversial areas such as abortion, birth control, capital punishment, or gun control might find themselves subjected to harassment from special-interest groups" (Dyrli, 20). This possibility has sinister overtones, given the wide variety of information available on the Internet, and the disparate individuals who maintain websites. The possibility of such abuse of information is not impossible, especially for researchers who frequently utilize search engines which use cookies. Both Infoseek and Lycos Inc. have the stated aim of creating a tracking system which would create highly detailed profiles of user search patterns. By matching the cookie identification with a user profile, the user's past search history can be accessed by the web server (Vonder Haar). If these search profiles were to be resold or otherwise accessed, the user's patterns of research would be immediately apparent. If any form of identification were linked to these profiles it might prove a serious invasion of user privacy, not unlike the records of public library patrons.

A closely related possibility is that user information could be resold to non-advertising entities, and possibly used in ways that advertisers had not intended. An extreme, but not impossible scenario was put forth by David Christle:

...if you visited a number of sites that advertise alcohol...and you end up on a list that your insurance company purchases. The list compiled from a variety of Internet sites shows your name as someone who frequents sites that promote alcohol, or at least as someone who is a prime prospect for alcohol sales. They raise your premiums on a profile that has been built about you based upon the sites you visit on the Internet.
Someone assumes this is an accurate profile...and acts upon this erroneous assumption...This scenario may never happen but the door has been opened...Just ask anyone who has been victimized by an inaccurate credit report.

It is an extreme example, but does point up a disturbing prospect for abuse.

Another possibility for cookies to pose an active threat to users would be in the case of law enforcement. There have been past instances where the distribution of online pornography has been tracked and arrests made on the basis of Internet activity. In the summer of 1995, "as part of Operation Longarm, the FBI cracked down on what was called a 'Child Pornography Ring' by posing as pedophiles on America Online. The FBI arrested 12 people on child porn charges" (White). At this time cookies were not yet a part of the Internet world, but there is a possibility that if user profiles compiled via cookies had been available to law enforcement, they might have been admissible as evidence. Computer files, like other documents, may be sized as evidence with proper warrants, and since the cookie file exists on the user's hard drive, they would be retrievable as are other files. Cyberspace law (see the Electronic Communications Privacy Act) is still being written, and it is a possibility that following a wrong link could land a user in legal trouble.

It should be noted that the Internet was considerably less than private before the widespread use of cookies. Webmasters can easily obtain information about users' IP addresses, browser type, last pages visited and more depending on the user's software and the program being executed (Robulack). Cookies are the preferred method of accruing data because the information persists from session to session, and allows the Web server to recognize a user as having visited from the same computer as before (Dern, 48). This is what allows the compilation of complex user profiles and large amounts of interest-data.