AFFIRMATIVE-CONSUMER/INTERNET-SIGNIFICANCE 350

COOKIES ARE A PRIVACY THREAT

COOKIES CAN LEAD TO COMBINED DATA AND A THREAT TO PRIVACY

Jennifer M. Granholm, attorney general of Michigan, The Detroit News March 8, 2000, SECTION: Editorial Page; Pg. 14 TITLE: Online privacy is worth state's protection // acs-VT2001

Indeed, "cookie" tracking software is widely used on the 'Net and does, for the most part, collect harmless, anonymous information. When used, however, without our knowledge to gather information that can be linked with private information gathered elsewhere -- like a credit card number given to a catalogue vendor -- we should all be concerned.

LOOPHOLE WHICH MATCHES COOKIES UP WITH EMAIL ADDRESSES IS A SERIOUS PRIVACY RISK

Mitt Jones, PC World, March, 2000 TITLE: Web Privacy: How the Cookie Crumbles // acs-VT2001

Our increasing dependence on the Internet decreases our chances of maintaining privacy. But with a little care, you can still use the Web without revealing your e-mail address or personal identity--right? Alas, the most recent discovery by independent security analyst Richard M. Smith challenges that assumption.

Today, many Web sites place cookies on your hard disk to profile your interests and deliver customized information. In theory, cookies identify only the PC, not the person using it.

However, as Smith discovered, a loophole in both Internet Explorer and Netscape Navigator makes it surprisingly easy to match e-mail addresses and cookies, thereby linking a unique identifier to a nameless profile. When you view an e-mail message sent in HTML format, your e-mail software uses a browser to display it. Any graphic in the HTML message must be loaded from the originating server, and any cookie previously deposited by that server will be transmitted back to the site when the graphic is fetched. That fetch request can also transmit your e-mail address. By sending out junk e-mail with graphics, advertisers can match e-mail addresses with previously issued cookies.

So far, no one appears to have tried this trick. And if privacy advocates have their way, no one will: Smith has joined with eight privacy and consumer groups in asking the Federal Trade Commission to require that software makers close the loophole.

WEB SITES USE COOKIES TO COLLECT PERSONAL INFORMATION

Major R. Ken Pippin, Chief of Cadet Disenrollments at HQ USAFA/JA, United States Air Force Academy, Colorado. He is a member of the Bar of the State of Arkansas., "Consumer Privacy on the Internet: It's "Surfer Beware"", The Air Force Law Review, 1999, 47 A.F. L. Rev. 125, EE2001-JGM, p.129

What many consumers are unaware of is that web sites also collect personal information through cookies, or cookie files. Cookie technology refers to a file left on a computer's hard drive to track the user's travels around a particular web site. This file is deposited when the person initially visits a site. This technology allows a web site's server to place information about the consumer's visits to the site on the consumer's computer in a text file that only the web site's server can read. n22 Using a cookie, the web site assigns each consumer a unique identifier so that the consumer may be recognized in subsequent visits to the site. When the consumer revisits the web site, the site opens the cookie file and accesses the stored information to help identify the consumer as a return guest. When that person lingers over products or services on a site, that will be noted and deposited to the cookie file, allowing businesses on-line to target their advertising efforts. n23