Cookie

Definition
A cookie is a small text file that a website’s server places on a computer’s web browser. The cookie transmits information back to the website’s server about the browsing activities of the computer user on the site.

This includes information such as pages and content viewed, the time and duration of visits, search queries entered into search engines, and whether a computer user clicked on an advertisement.

Cookies also can be used to maintain data related to a particular individual, including passwords or items in an online shopping cart. In some contexts, such as where a number of separate websites participate in a network, cookies can be used to track a computer user across different sites.

Overview
The cookie was developed to enable a website owner to keep track of a particular user’s activity within the site. Cookie technology allows the website’s server to place information about a user’s visits to the site on the user’s computer in a text file that only that website’s server can read.

Using cookies, a website assigns each user a unique identifier (not the actual identity of the user), so that the user may be recognized in subsequent visits to that site. On each return visit, the site can call up user-specific information, which could include the user’s preferences or interests, as indicated by specific web pages or documents the user accessed in prior visits or items the user clicked on while visiting the site. Cookies can store information that facilitates the interaction between the user and the website.

Cookies may be placed on an individual’s computer when an individual visits a website affiliated with the online advertisement supplier; however, the exact moment of cookie placement may be different when the relevant advertising partnership is between a user’s Internet service provider (ISP) and an online advertising provider.

An expiration date feature allows cookies to be set to remain on a user’s computer either permanently (a persistent cookie) or for a specified length of time, such as for a single Web session (session cookie).

As an example of how a permanent or persistent cookie functions, consider the online version of a newspaper. If a subscriber whose native language is Spanish informs the website that he prefers to download the Spanish edition of the newspaper, the newspaper can store that information in a cookie file on the user’s hard drive. When the subscriber next visits the newspaper’s website, the site retrieves the language preference information from the cookie and automatically sends the Spanish-language edition to the user. Temporary cookies can be created during online shopping expeditions. The cookies can tag the shopper’s intended purchases to facilitate the ordering process and then expire after a purchase is made.

Consumers can also delete the cookie files stored on their computers. Deletion will not erase any information stored on the advertiser's server, but it will prevent future Web activity from being associated with past activity through the identification number of the deleted cookie.

Benefits of cookies
Cookies can provide significant benefits to online users. For example, websites often ask for user names and passwords when purchases are made or before certain kinds of content are provided. Cookies can store these names and passwords so that consumers do not need to sign in each time they visit the site. In addition, many sites allow consumers to set items aside in an electronic shopping cart while they decide whether or not to purchase them; cookies allow a website to remember what is in a consumer’s shopping cart from prior visits. Cookies also can be used by websites to offer personalized home pages or other customized content with local news and weather, favorite stock quotes, and other material of interest to individual consumers. Individual online merchants can use cookies to track consumers’ purchases in order to offer recommendations about new products or sales that may be of interest to their established customers. Finally, by enabling businesses to monitor traffic on their websites, cookies allow businesses to constantly revise the design and layout of their sites to make them more interesting and efficient.

Network advertisers’ use of cookies and other technologies to create targeted marketing programs also benefits both consumers and businesses. Targeted advertising allows customers to receive offers and information about goods and services in which they are actually interested. Targeted advertising can also improve a consumer’s Web experience simply by ensuring that she is not repeatedly bombarded by the same ads. Businesses benefit from the ability to target advertising because they avoid wasting advertising dollars marketing themselves to consumers who have no interest in their products. Additionally, targeted advertising helps to subsidize free content on the Internet.

Privacy issues
Once the cookie is in place, it gathers certain information related to that user’s online activity on a continuous basis and relays that information to the online advertising provider. Because the website owner determines what information is placed in a cookie, the cookie may contain personally identifiable information about the user, including bank account or credit card numbers.

The advertising provider assembles that data into an individual profile that is then used to target advertising to that user’s interests. This information is often shared with third parties that are unknown to the user. This process is ongoing, but, in general, the user may opt out of continued monitoring at any point, assuming they are aware that it is occurring.

In most types of behavioralbehaviorally targeted advertising technology, the advertising firm gathers information about user activities on websites that are affiliated with the advertising firm. The behavioral advertiser DoubleClick, for instance, operates on this model. Information on individual users is transmitted to DoubleClick by DoubleClick’s clients.

In a newly emerging behavioral advertising model, the advertising provider is attempting to partner with the users’ ISP. This partnership will presumably grant the advertising provider access to all web activity in which an ISP’s subscribers engage. Both of these types of potential partnerships raise a number of questions regarding potential violations of existing privacy protections in federal law.

Security issues
Cookies vary in the amount of security they provide for the information they contain. Cookies often store data in plaintext, which could allow an unauthorized party that accesses a cookie to use or alter the data stored in it. Some websites create encrypted cookies, which protect the data from unauthorized access.

Most Web browsers can be configured to prompt users to accept or reject each cookie, or to accept or reject session cookies automatically but prompt users to accept each persistent cookie or reject persistent cookies automatically. Most Web browsers also can be configured to allow cookies to be set only for the website the user visited (known as first-party cookies), not for the websites of advertisers and other parties (known as third-party cookies). Permitting first-party cookies and blocking third-party cookies can be very helpful in reducing the number of tracking cookies placed onto a system.

The browsers’ default setting, however, is to permit placement of cookies without any notification. Because many website require users to accept cookies in order to view their content, or make multiple attempts to place cookies before displaying content, the notification process may unacceptably frustrate consumers’ ability to surf the Web efficiently.

Use of cookies on federal websites
Pursuant to a 2000 memorandum from the Office of Management and Budget, there is a presumption that cookies will not be used on federal websites. Under this policy, cookies are not to be used on federal websites, or by contractors when operating websites on behalf of federal government agencies, unless, in addition to clear and conspicuous notice, the following conditions are met:


 * a compelling need to gather the data on the site;
 * appropriate and publicly disclosed privacy safeguards for handling of information derived from cookies;
 * and personal approval by the head of the agency.

In addition, it is federal policy that all federal websites and contractors when operating on behalf of federal agencies shall comply with the standards set forth in the Children's Online Privacy Protection Act of 1998 with respect to the collection of personal information online at websites directed to children.