The CIA's Electronic Reading Room site, which provides online access to previously released CIA documents, places a "persistent" cookie on visitors' computers when they visit the site.
Designed to remain on the visitor's computer until December 2010, the cookie contains the user's Internet protocol address as well as a unique identification number, Newsbytes has confirmed.
A spokesperson for the CIA said the agency was still analyzing the report and had no immediate comment.
In a June 2000 memorandum to all government agencies, the director of the White House Office of Management and Budget advised operators of government sites and their contractors that "the presumption should be that 'cookies' will not be used at Federal web sites."
"The keywords you put in for searching on FOIA documents can reveal a lot about you. The CIA can use these cookies to reconstruct who is interested in what. Even if you browse from several different ISPs, they can use your cookie's unique ID to tie all your searches together," said Daniel Brandt, founder of Public Information Research (PIR), who first discovered the use of persistent cookies at the site.
A review of some federal sites today by Newsbytes revealed that several are placing session cookies on visitors' computers. Such sites include the FirstGov.gov portal, the FBI's jobs site, as well as the main sites operated by the Small Business Administration, the Department of Education and the Selective Service.
Brandt said it is likely that the CIA Electronic Reading Room site was created by a contractor using a standard Web hosting package that included a Web traffic analysis program, and that the CIA may not even be aware of it.
News source: Newsbytes