INTERNAUT

You can personalize Web info without breaking OMB's rule

Shawn P. McCarthy

Personalization has become the watchword of Web developers. They're rapidly customizing start pages, targeting banner ads, localizing news feeds and even sending maps to wireless phones' Global Positioning System coordinates.

Government sites face a tough challenge if they want to join in the personalization frenzy. Many sites can't use cookies'the very technology that personalizes content'because of an Office of Management and Budget edict that bars their use by .gov and .mil sites that serve the general public [GCN, July 24, Page 42].

Cookies store bits of information about you each time you visit. No cookie means no recognition next time you visit, or even when you jump to another page during the same visit.

Luckily, there are tricks to personalize content even without cookies. But first we need an open, public debate about whether government sites can at least use session cookies, as opposed to permanent cookies. Session cookies disappear once a browser session ends. If no personal information is collected, and if the cookie disappears after a session, a strong argument can be made that no privacy intrusion has occurred.

May we have a cookie?

Such a judgment should not be arbitrary, however. The government needs to ask privacy advocates and the public whether session cookies are OK. If so, there should be strict rules governing how they're used.

Session cookies permit a degree of anonymous personalization. For example, Microsoft Site Server has a function called Automatic Cookie Authentication under which visitors can travel around a Web site without revealing personal data. No password is needed, and information is stored in a special anonymous member space.

Such visitors do not actually log on, they travel under a common name. But some personalization is possible based on information collected by forms the visitors fill out or by the paths they follow.

If OMB does disallow session cookies for government use, Microsoft Corp. has a workaround that essentially creates multiple sessions and sets some session variables for customization. Details about the concept appear at www.microsoft.net/technet/intranet/cookiewp.asp.

It's not clear, however, that such a workaround could scale up to the level needed by a busy agency site.

Other personalization methods include so-called opt-in recognition via downloadable client software. For example, Web Incognito from Privada Inc. of San Jose, Calif., resides on the visitor's PC and encrypts shared information. Other solutions route visitors through a third-party site that handles identification and privacy protection. Visit www.privada.com for more information.

Yet another possibility is Youpowered Inc.'s Orby Privacy Plus client. The New York company's software lets a user create one or more profiles in several fields, even including credit card numbers. The user decides what to make available to each Web site visited. Youpowered also sells serverside software that states a site's privacy policy, which can be acknowledged by the visitor with approval to retrieve subsets of available information through the Orby client. See www.youpowered.com.

BlueStreak.com Inc. of Newport, R.I., offers a product called Radar that customizes banner ad delivery without cookies. Radar uses machine learning technology, which observes generalized cycles and trends in deciding which ads to deliver. There's no reason this approach couldn't provide low-level customization of federal information.

The simplest way to enable customization might be to let users launch a Java window and log onto the agency system, establishing a session in which they register and become recognized users for that session only. When they've retrieved the customized data they desire, they log off, leaving no tracks.

Hewlett-Packard Co.'s Chai, a Java development language for commerce sites, is a likely candidate for building such interfaces. Also check out Blaze Advisor Rule Server and Advisor Innovator from Blaze Software Inc. of San Jose, Calif.

Shawn P. McCarthy designs products for a Web search engine provider. E-mail him at smccarthy@lycos-inc.com.

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group