Home » Articles posted by James A Jacobs

Author Archives: James A Jacobs

Government Health Web Sites Expose Personal Data

A new article in Communications of the ACM by Timothy Libert, a doctoral student in the Annenberg School for Communication, demonstrates that web sites – including government web sites such as CDC.gov and Healthcare.gov – pass personal health information to companies that are not subject to regulation or oversight.

Brian Merchant provides a non-technical summary and analysis of Libert’s paper:

Libert says that this health information may be inadvertently misused by some companies, sold by others, or even stolen by criminals. He identified more than eighty thousand unique health-related Web pages and monitored the HTTP requests initiated on the page to third parties by companies such as Google, Facebook, Twitter, Experian, and Acxiom. Ninety-one percent of those pages make such third-party requests, putting user privacy at risk. Some 70% of those third-party requests transmit information on specific symptoms, treatments, and diseases to those companies.

Merchant explains: “[T]he CDC has installed Google Analytics to measure its traffic stats, and has, for some reason, included AddThis code which allows Facebook and Twitter sharing; … the CDC also sends a third party request to each of those companies. That request… makes explicit to those third party corporations in its HTTP referrer string [what you searched for]… From there, it becomes relatively easy for the companies receiving the requests, many of which are collecting other kinds of data (in cookies, say) about your browsing as well, to identify you and your illness. That URL, or URI, which very clearly contains the disease being searched for, is broadcast to Google, Twitter, and Facebook, along with your computer’s IP address and other identifying information.”

Libert makes clear that Government web pages are the least likely of all sites he studied to use third-party cookies, with only 21% of pages storing user data in this way, compared to 82% of dot-com sites. But fully 88% of government sites have some sort of third-party request and 86% download and execute third-party JavaScript.

Merchant notes that the use of third-party cookies and javascript and requests is not necessarily due to any insidious intent but is simply convenient “because developers are installing ‘free’ tools like Google Analytics and social media ‘share’ buttons on their sites, and most users have no idea that means information about their searches is being shared with third parties.” This potentially allows data brokers like Experian, which has information from other sources about loans and which provides credit scores, to combine health information with financial information on individuals. Merchant quotes Libert:

“Given that I found Experian tracking users on thousands of health-related web pages, it is entirely possible the company not only knows which individuals went bankrupt for medical reasons, but when they first went online to learn about their illness as well…”

Merchant also quotes Libert on alternative search engines:

“Even if you use an iPhone, DuckDuckGo, and Hotmail, the second you open your browser there is a huge chance Google gets your data.” That’s because Google is absorbing your information through a variety of hosted services and domain names, from Google Analytics, which measures site traffic, to DoubleClick, an advertising service, and YouTube, its video platform.

Wikipedia was one of the only sites that trafficked in health information that sent no third party requests to corporations.

Google moves some .gov sites to page 2

Here Are the Agency Websites Google Doesn’t Think are Mobile Friendly, By Hallie Golden NextGov (April 22, 2015).

Google’s newly implemented policy to adjust mobile search rankings based on a website’s mobile friendliness could leave some federal websites on a Google search engine’s dreaded second page — at least when users search from a smartphone.

Eleven sites were deemed “not mobile friendly” by Google including the EPA, the IRS, and NARA.

Aaron’s Law is back in Congress


Companion bipartisan bills have been introduced in the House and Senate to amend the Computer Fraud and Abuse Act (CFAA). The legislation was inspired by the late Internet innovator and activist Aaron Swartz, who faced up to 35 years in prison for an act of civil disobedience. Senator Wyden said:

“Violating a smartphone app’s terms of service or sharing academic articles should not be punished more harshly than a government agency hacking into Senate files,” [apparently referring to a CIA report acknowledging it infiltrated Senate computers]. “The CFAA is so inconsistently and capriciously applied it results in misguided, heavy-handed prosecution. Aaron’s Law would curb this abuse while still preserving the tools needed to prosecute malicious attacks.”

Commerce Dept. Expands Data Access

The Commerce Department has announced a redesigned section of its website to better integrate its catalog of its more than 40,000 publicly available data sets into Commerce.gov via Data.Commerce.Gov.

The announcement says:

Data.Commerce.Gov is still a work-in-progress and there are many additional improvements that are still on the horizon. For example, the new layout has the data organized in the organizational structure of the Department of Commerce (e.g. Census Bureau, Patent & Trademark Office, etc.) and not necessarily how data customers want to interact with the data (e.g. Housing assistance, climate change resiliency, etc.).

Additionally, savvy data consumers will notice that the individual Bureau catalogs do not roll up perfectly to the catalogs on Data.gov. Given the size of our full data catalog, the entire Department of Commerce is working hard to increase this public inventory.

Finally, we expect to continue to improve the mobile experience on this section of the website in the near future. Bucking previous tradition of how massive technology deployments were done in the past, the Department of Commerce is launching this improved data portal as part of a developing tradition of rapid, technology iterations.

Departments listed at Data.commerce.gov include:

Bureau of Industry and Security
Bureau of Economic Analysis
Census Bureau
Economic Development Administration
Economics and Statistics Administration
International Trade Administration
Minority Business Development Agency
National Oceanic and Atmospheric Administration
National Institute of Standards and Technology
National Telecommunications and Information Administration
National Technical Information Service
U.S Patent and Trademark Office

See also: GPO: Designer of Government Websites.

May 1 is PACER Protest Day!


May 1 Named National Day of PACER Protest, by George H. Pike Information Today NewsBreaks (April 21, 2015).

Advocates for free access to legal information on the internet have proposed May 1 as the National Day of PACER Protest to encourage the federal courts to remove cost barriers to a wealth of information from the nation’s courts. PACER (Public Access to Court Electronic Records) is a service of the Administrative Office of the United States Courts’ Public Access and Records Management Division. It allows access to most of the documents that are part of litigation filed in the federal trial and appeals courts. This access, however, comes at a cost and has a user interface that one critic describes as “an inexplicable unusable disaster.”

See also: Carl Malamud proposes a National Day of PACER Protest.


Subscribe to FGI posts

By signing up, you agree to our Terms of Service and Privacy Policy.