US Internet Industry Association

Cookies and the Internet

By Dennis C. Hayes
Chairman, US Internet Industry Association

It is human nature that we fear what we do not understand.
This is particularly true of new technologies, which often require consumers to take time and effort to understand. When electricity was first introduced, it was said to be capable of leaping through walls and across rooms to kill people. The telephone, it was rumored, would allow the phone company to hear every conversation in the house. Television sets were actually two-way devices that could send pictures back to the television stations.
These fears seem silly now, but only because we have a better understanding of how the technology works. Every new technology goes through a period of fear, and the use of Cookies on the World Wide Web is no exception.
A Cookie is a simple text file that generally contains two pieces of information - an identifier of the web site, and an identifier for the consumer. They are used to match the consumer to information stored about his or her visit to the web site such as preferences, purchases and other actions. They are sent from the web site to the hard drive of the consumer s computer, where they sit quietly until the consumer closes the web browser or until they reach an expiration date.
Overall, Cookies are a useful and beneficial technology, contributing to the efficiency and ease-of-use of the World Wide Web and causing no harm. Yet this technology is somehow the center of a controversy over consumer rights and privacy.
In April, a coalition of 10 privacy activist groups asked the Internet Engineering Task Force (IETF) to adopt a proposal that would have all Cookies sent to a consumer automatically rejected - effectively ending the use of Cookie technology. The letter to the IETF was also sent to Microsoft, Netscape, Ira Magaziner at the White House and Commissioner Christine Varney of the Federal Trade Commission.
The groups stated in their letter that Cookies allow ". . .the surreptitious collection of data without the ability to exercise any control."
"We're against cookies that are secretive or a third-party use of cookies. If you agree to let one Web site use cookies in your interaction, we don't want other Web sites scarfing those cookies off of your system," said Marc Rotenberg, director of the Electronic Privacy Information Center.
Sadly, all three concerns that Cookies secretly collect data from consumers, that third parties can some how make use of information from the Cookies, and that consumers have no control over them are all false. They are based on ignorance and fear rather than fact.
In fact, there is a strong case to be made that Cookies actually help to safeguard individual privacy. Cookies enable a web site to track preferences and purchases without having to know who the consumer is in advance. Instead, they use an anonymous identification number placed in the Cookie file to recognize the consumer.
Netscape Communications, which was instrumental in making Cookie technology a widely-adopted standard, provides a clear and simple discussion of the subject on its web site.
The FAQ ("Frequently Asked Questions") entitled "Cookies and Privacy" makes it very clear that (1) Cookies cannot read information from a consumer s hard drive, (2) they cannot gather sensitive information or in any way give the web site any information not specifically provided by the consumer, and (3) that Cookies cannot be read or in any way used by any other web site.
The final issue - that consumers have no control over Cookies, or need more control - also requires correction. Both Netscape and Microsoft web browsers can be easily set to show the user each Cookie before it is accepted. Third-party software for management of Cookies has been available for some time.
How is it that Cookie technology, which has never invaded anyone's privacy, has never been abused in any way, and which actually helps safeguard consumer privacy, is the center of a privacy-rights controversy?
Part of the answer is that we fear what we do not understand. This makes us susceptible to the malicious actions of people who delight in crying, "Wolf!" This is particularly true of the Internet, where hardly a day goes by without some wildly exaggerated claim of problems with security, privacy, or pornography.
But part of it is also that any new technology requires additional education to help consumers understand exactly how things work and what their benefits are. The fact that Cookies became a controversy at all is an indication that we, as an industry, need to do more to help consumers understand and use online and Internet services.
There are two unfortunate aspects of the whole controversy over Cookies. The first is that it took so long to overcome the hysterical fears of the privacy advocates. As technologies go, Cookies are not very complicated. Yet months after the controversy began, this technology is still being misrepresented.
The second is that by elevating this controversy, we risk trivializing the very real concerns about privacy and the safeguarding of information. If we too often cry "Wolf!" without cause - if we allow a small minority to create havoc and confusion over the non-existent privacy concerns with Cookies - we lessen our ability to deal effectively with the real issues we will soon need to confront.