Note: in this post, emphasis in quotes are mine...
Of course, stating "attorney" and "web bug" in the same sentence is nothing to reassure casual users and those not educated about web analytics (emphasis mine): "an attorney, warned [...] the WhiteHouse.gov site contains a Web bug."
"Certain details"The long article continues and mention "in the process of receiving the remote request from WhiteHouse.gov [...] WebTrends also receives certain details". "Auerbach observed [...] that while he recognized some of the data requested [...] the other data gathered by WebTrends was unclear." Then the article goes on to (try) to explain "what" is being collected and fail miserably. Why? Because most web analytics vendors do not provide detailed breakdown and disclose usage of each of the parameter data they are collecting.
Using WASP would easily reveal most of value-pair information sent to WebTrends. While most tags are documented in vendors implementation guides, some of them are not. Getting information about their specific use is very difficult. And this is not specific to WebTrends, other vendors are also very reluctant in letting end-users know exactly what each tag is being used for as I found out myself.
Is it legal?I don't want to put oil on the "is it ethical" fire. To me, that's a waste of time. However, suggesting web analytics (in general) might be illegal is a whole other story: "I would suggest that since the collection, aggregation, and conveyance of the data to WebTrends is from the user's computer and not from WhiteHouse.gov that a very strong argument can be made that the data belongs to the user, not WhiteHouse.gov".
However, "Auerbach concedes that the data sent to WebTrends may not be clearly categorizable as personally identifiable information."
My takeMy takeaways from this story:
- WebTrends should also be configured to use 1st party cookie (although, in the end, the data would still be sent to WebTrends anyway).
- I will continue to talk with vendors to provide full disclosure about the exact use of each of the parameter they receive and include that information in WASP
- Privacy advocates and casual users certainly needs to be better educated about web analytics