By David M. Silverman
Two Congressmen have written a letter to the Federal Trade Commission (FTC) asking the FTC to investigate certain websites’ use of “supercookies” to track the activities of website visitors after they have left the website and without their knowledge. The letter, written by Congressmen Joe Barton (R-TX) and Ed Markey (D-MA), is based on an August Wall Street Journal article discussing their use. The cookies have become a key issue based on concerns they may be placed without knowledge of computer users and are practically invisible to them. Such so-called “supercookies” differ from traditional HTTP cookies that track user data in that they are small files hidden within Adobe Flash and elsewhere that remain on users’ computers even when browsing history and cache are cleared, and can be picked up even when browsing in “private browsing” mode.
A recent study conducted by researchers found 100 Flash cookies placed on users’ computers by 37 of the top 10 websites. Some can even “respawn” traditional HTTP cookies after those cookies have been deleted. However, it appears many of the Flash or “super” cookies are not placed by the owners of the sites where they are obtained, but rather by third party tracking companies utilizing user data for their own purposes. For example, third party trackers were found to have placed cookies on various news and shopping sites. It is unclear whether or to what extent site owners have knowledge of this.
A few years ago, a class action lawsuit was filed in California federal court against various online defendants based on surreptitious placement of Flash cookies, but that suit was settled earlier this year. Since July of this year, however, new class action lawsuits have been filed against other media companies and tracking services for these same activities. Just a couple of weeks ago, the most recent class action lawsuit was filed against Kissmetrics and others for surreptitious placement of cookies and similar files or devices that permit behavioral tracking, based on alleged violations of the Computer Fraud and Abuse, Electronic Communications, and Video Privacy Protection Acts, as well as several state laws.
Those aware of their existence can remove Flash cookies through the “Website Storage Settings Panel” accessible through a computer’s Adobe Flash player. But before computer users begin deleting Flash cookies, they first need to know that they exist. And deleting Flash cookies may not eliminate all tracking files and other devices hidden within the files of users’ computers. It will be interesting to see what comes of the FTC investigation requested by Congressmen Barton and Markey, the pending lawsuits, or perhaps action by Congress itself.