Reader Response


The following article is a response to the Innovation column written by Steve G. Steinberg, "Internet 'Cookies' Raise a Batch of Privacy Concerns" published in the Los Angeles Times, December 23, 1996.
Cookies: The Rest of the Story
By LARRY M. EDWARDS
Steve Steinberg's "Cookies" article was informative, as were his comments on the fledgling eTrust organization, which is a commendable effort and important to preventing abuse by unscrupulous marketers.
      (A "cookie" is a small piece of information passed by a Web server, via a CGI script or JavaScript, to a user's computer. There the information is "set," or stored, so it can be retrieved later when a user returns to a specific Web site. For example, cookies can be used to store selections as a "shopping cart" at a retail-oriented Web site, or to store your user name and password so you can bypass repeat log-ins at Web sites where you've registered. Cookies are also used to track which ads are clicked on by Web surfers. Privacy advocates have voiced concerns over the use of cookies.)
      However, I believe Steinberg's article would have done the readers a better service had it devoted another paragraph or two on how cookies operate, and perhaps a paragraph less on eTrust, in which Mr. Steinberg has a vested interest, his employer KPMG being one of the founding sponsors of the organization.
      The statement in question is in the final paragraph, where he states, "Users want to see ads relevant to their interests, but they may not want their visit to the drug information site http://www.prick.org to be part of their profile."
      In this context, it could easily lead uninformed readers to believe that once they have a cookie set on their personal computers, all their Web surfing is being recorded in the cookie, and this simply is not true. A cookie can only be set and retrieved by a specific server, and such information can only be recorded when a URL is linked through that server. If someone clicks on a URL in his or her bookmark file, it is not recorded in the cookie. And even when a URL is recorded in a cookie, the only way anyone could identify who requested the URL is if personal information was voluntarily entered by the user in advance. 		      In early December, I discussed this very issue with Lori Fena, executive director of the Electronic Frontier Foundation and co-founder of eTrust, and she acknowledges that cookies are pretty much a benign technology. But, as Steinberg did point out, she feels very strongly that there is a need for informed consent, which I support whole heartedly, and I commend both Steinberg and the Times for publicizing the matter.
      What is not so benign, but which Steinberg did not discuss specifically, is a trend toward a "master" or "universal" cookie, which would be a user profile stored in a format accessible by many servers, not just one. The profile would include personal information commonly requested when registering at a Web site such the Los Angeles Times. It would be a welcome convenience in most instances — similar to the function of the magnetic strip on the back of a credit card — eliminating the need to complete the forms over and over again.
      But the potential problem with this is that, over time, people may forget what specific details they have stored in their profiles, and may inadvertently pass information along to a business or organization that they would prefer to keep private. And that's where the so-called cookie cutters and eTrust can play a truly significant role.
      Note: My feature article "Making Cookies: Use the right recipe and they can mean more dough at the bottom line" will appear in the March, 1997, edition of Internet & Java Advisor magazine.

_____________

References:

  • More Articles

  • Meet Larry
    		• Return to
    LARRY-EDWARDS.COM

    Copyright © 1996, Larry M. Edwards