Congressmen Call for FTC Investigation on Supercookies

Wednesday, September 28, 2011



Representatives Joe Barton and Ed Markey, Co-Chairmen of the House Bi-Partisan Privacy Caucus, are calling for an FTC investigation into the increasing use of so-called "supercookies".

Supercookies, also known as "zombiecookies" for their ability to regenerate even after a user has attempted to delete them from their system, are used to track user browsing histories and are considered to be a serious threat to privacy.

“I think supercookies should be outlawed because their existence eats away at consumer choice and privacy. How can you protect yourself from unwanted online tracking or your browsing history when you don’t even know your information is at risk?" said Rep. Barton.

Supercookie JavaScript code is designed to be stored in a user's browser cache file and has the ability to identify an individual in two ways, through a machine unique identifier (MUID) and through an ETag, according to a recent article in The Register.

The code will regenerate the tracking cookie if it can not be located in the system's cookie folder, which many users delete regularly to preserve their browsing privacy.

“The constant abuse of online activity must stop. I am confident the FTC will fulfill their goal to protect Americans from ‘unfair and deceptive acts or practices’ by reviewing our request to take a closer look at supercookies,” Rep Barton stated.

In a letter sent this week, Barton and Markey informed the FTC:

“We are interested in any actions the Federal Trade Commission (FTC) has taken or plans to take to investigate the usage and impact of supercookies on the Internet and consumers. We believe that an investigation of the usage of supercookies would fall within the FTC’s mandate as stipulated in Section 5 of the Federal Trade Commission Act with respect to protecting Americans from ‘unfair and deceptive acts or practices.’”

Last month, Microsoft voluntarily removed supercookie mechanisms from multiple websites immediately after being called out by a Stanford University computer science graduate student who discovered that the company was actively tracking the browsing habits of visitors.

The code was copyrighted in 2007, but it is unclear how long Microsoft had been using the supercookies for tracking or what the data that was collected was begin used for.

“I am very disturbed by news that supercookies are being used to collect vast amounts of information about consumers’ online activities without their knowledge. Companies should not be behaving like supercookie monsters, gobbling up personal, sensitive information without users’ knowledge. Consumers, not corporations should have the choice about if, how or when their personal information is used. I will continue to closely follow this issue and look forward to the FTC's response,” said Rep. Markey.


Possibly Related Articles:
Microsoft Privacy Javascript Headlines FTC Investigation Supercookies Congress Tracking Zombiecookies
Post Rating I Like this!
Chris Rich Both the FTC and browser vendors as well as 3rd-parties should also contribute to this further to protect consumer privacy. This is a perfect example where private industry can provide solutions to help consumers protect themselves.

Chris Rich
Product Manager
NetWrix Corporation
NetWrix is #1 for Change Auditing and Compliance
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.