The CIA HTTP cookies controversy refers to the discovery of HTTP cookies on the websites of various US government departments.

In March 2002, Public Information Research founder Daniel Brandt discovered persistent cookies on one of the Central Intelligence Agency's websites that could be used to track users for approximately 10 years, in contravention of federal government rules.<ref name="CBS2002">Associated Press (March 20, 2002). "CIA Caught Sneaking Cookies" via CBS News</ref><ref>Aftergood, Steven (March 19, 2002). "CIA cookies exposed and eliminated". Secrecy News</ref>

While most of the CIA's webpages did not use cookies, the page which allowed documents to be searched for through the Freedom of Information Act left persistent cookies. Concerns were raised that these cookies retained the search history of anyone attempting to find documents through the website, and Brandt charged that "The key words you put in for searching on FOIA (freedom of information act) documents can reveal a lot about you. The CIA can use these cookies to reconstruct who is interested in what."<ref> </ref>

Subsequently, on December 25, 2005, Brandt also found that the National Security Agency's website was using two HTTP cookies set to expire in 2035. Brandt contacted the NSA and the cookies were removed.<ref name="Guardian">Goldenberg, Suzanne (December 30 2005) "US intelligence service bugged website visitors despite ban". The Guardian</ref><ref name="CNNSR">Velshi, Ali (December 29, 2005). "New Information About NSA Domestic Spying Program Emerges", The Situation Room, CNN</ref>

References