• by Wendy Davis  @wendyndavis, August 11, 2009

Government sites that collect Web users' IP addresses should delete or obscure them as soon as possible, privacy watchdogs are recommending.

"If some IP-based information is needed for Web measurement purposes, such as determining how many visitors come from a particular geographic area or ISP, that information can be extracted before the IP address is deleted, but the IP address itself should not be retained," the Electronic Frontier Foundation and Center for Democracy & Technology said in written comments filed this week with the Obama administration.

The groups issued the suggestions in response to a call by Chief Information Officer Vivek Kundra and Office of Management and Budget official Michael Fitzpatrick for comments about how government Web sites should use tracking technology.

In general, watchdogs say that governmental tracking of Web users raises far more significant civil liberties issues than tracking by private companies for ad-serving purposes. At the same time, new government policies regarding online tracking could end up shaping ad companies' approach to privacy.

Since 2000, federal agencies have not been allowed to use persistent cookies without clearance by an agency head. But today, many sites use such cookies to store people's preferences or otherwise tailor content -- even if just by remembering users' language. In addition, people can at least somewhat control the privacy issues associated with cookies by deleting them on their own or setting their browsers to reject them.

Given the use of cookies for customization, the Center for Democracy & Technology proposed earlier this year that the government revise its blanket restriction on persistent cookies. That group and the Electronic Frontier Foundation said this week that government sites that collect information via cookies should allow people to opt out and also allow users to access and delete data about themselves.

But even as some groups say the government should relax restrictions on cookies, watchdogs are calling for more limits on storing IP addresses. Logging such information is seen as a privacy threat for several reasons, but the most obvious is that it's possible to subpoena information that ties IP addresses to individuals.

The think tank Future of Privacy Forum highlighted that risk in comments it filed this week. "Although cookies may assist in correlating various IP addresses logged over time, the essential link to an identifiable individual (in the hands of a government enforcement agency or via other legal process to force such identification) is the logging of the user's IP address," the group wrote. The organization recommended that the government delete IP addresses from log files as soon as possible.