Recent developments create challenges for federal webmasters

Shawn P. McCarthy

Agency Web site managers have a lot of work to do over the next few months: Disable cookies, start accepting digital signatures and plug into a massive, new governmentwide Web project.

On June 22, the Office of Management and Budget directed leaders of all federal executive departments and agencies to limit the use of cookies and Web bugs on their public sites.

A recent spot check of some federal sites showed that cookies are in wide use.

Declan McCullagh, moderator of the PoliTech mail list on technology and politics, recently designed a so-called cookiebot program to search for cookie use on government sites. He found dozens of federal Web servers that still set cookies when visitors browse specific pages. Samples of what his bot discovered on the House of Representatives Web server can be viewed at

To be fair, most such cookies are only temporary session cookies, not permanent ones. McCullagh found no evidence that any federal cookies were secretly collecting personal data or tracking user activities across sites.

Here to stay

Because cookies foster customization, it's unreasonable to expect the government to abandon them entirely. The OMB directive seems to indicate cookies are OK when visitors are notified as to how they will be used. The notice is ambiguous, however, because it also says agencies should not use cookies unless they can show a compelling need. It gives no examples of what constitutes a compelling need, but it does say who should judge: the head of the agency.

The message is clear: Get the cookies off your site fast unless top brass says they can stay. If they stay, prepare to notify visitors about them, giving complete details on what is tracked and how the information is used and shared.

Now let's turn to digital signatures. Every agency manager should take a moment to ponder the Electronic Signatures in Global and National Commerce Act recently signed into law by President Clinton.

Among other things, the act gives electronic signatures the same weight as written ones. It says that electronic contracts and records are legally enforceable only if they are in a form capable of being retained and accurately reproduced for later reference.'Agencies must accept both written and electronic signatures. And signers must have a chance to acknowledge what they are capable of receiving and viewing, to eliminate the problem of e-mail attachments that can't be viewed, acted on or retained as records.

This law will affect the way agencies interact with the public. The time is now to start adjusting the services offered and the documents accepted via your Web server.

For the short term, it's wise to make information as media-neutral as possible, such as straight ASCII text to minimize compatibility issues. If text that you send must be formatted, the Adobe Portable Document Format with a freely downloadable document reader should fit the bill.

In accepting files from the public, straight text is again best. Build a Web interface for electronic signatures in case they are needed. If visitors fill out forms, supply a Hypertext Markup Language version with blank spaces. You can add bells and whistles later, after the public learns to accept multiple document formats and multimedia.

Finally, investigate how you will plug your online services into the FirstGov portal effort. Check out this massive undertaking, set to roll out in 90 days, at

Shawn P. McCarthy designs products for a Web search engine provider. E-mail him at

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.