We love cookies here at Acumin. We adore them, we ‘heart’ them and dig them like we dig the Rolling Stones when they were pushing a more R&B vibe back in the Swinging 60’s. We have come across Maggie Loves Cookies recently, we have to say, they are a pretty good bet, perhaps you will get a sample at the next Risk and Network Threat forum. They have a variety of flavours and designs to suit any mood.
You might have thought that this post was going to end up as a sort of treatise on the baking treat popular throughout the world, but alas, it isn’t, but wouldn’t that have been fun? Instead, we’re looking at cookies, which, to reduce it to its basic form, is simply a piece of data – or text files – that a website stores within a browser.
A cookie’s raison d’être is altruistic; at least it was from the outset. It was designed to make things easier. In short, every time you visited a website, a cookie was downloaded to your computer, which would then, on visiting that website again, let it know that you had been there before. In terms of efficiency, it allows you to log into a certain website that requires a user ID and password – let’s say Amazon or Google Mail – and revisit the site without having to log in again.
Now while to you and me that sounds wonderful, as easy as making the coffee and tea rounds at work – Jack likes coffee black with sugar, Jill likes her tea super-milky with no sugar, Sanjay likes a fruity herbal tea with five sugars – since the turn of the century there has been a growing army of critics who are concerned with privacy issues. Some of their arguments have been thoughtful and welcome to the conversation.
In the UK, after much chit chat over cups of tea, coffee and, would you believe it, cookies, changes have been made to Privacy and Electronic Communications Regulations, which demands that websites obtain consent from users before installing cookies on their respective computers.
Now while much attention is focused on cookies, these alterations, which are convoluted, carry a far greater technical change. As one reader named Dave commented on The Lawyer’s website, things are not so black and white.
“Clear as mud? Thousands of businesses are entirely unaware they’re even running cookies,” the reader explained. “Most of the online world run Google Analytics, which provides the site owner valuable information to improve their site – do all those who’ve set up GA realise they’re at risk?”
At Acumin’s next RANT – as part of the huge InfoSecurity Exhibition in London – Alan Stockey, from the Institute of Information Security Professionals, is going to attempt to navigate this tricky minefield, delivering a brief history lesson; chuck in a practical illustration of the challenges; give a demonstration, and offer a personal view of where these regulations are taking us. Who knows, if you’re lucky, he might even have Maggie bake a few cookies for you (no pressure Alan).
In an interesting article for startup.co.uk, which is well worth a read, Nick Lockett, a solicitor at DL Legal LLP, discusses how the comprehensive directive – serious, just have a mosey here and you’ll begin to appreciate how much detail is involved – noting some of the things it covers: not only have you got conditions for use of traffic, location, and subscriber data, but there’s also new standards for direct marketing via SMS, email, fax and phone channels.
He ends the piece with a fitting flourish: “May lawyers and regulators be cursed for making us live in interesting times – again!”
Time for a cookie then.
The next RANT forum takes place on Wednesday 25th April, after second day of InfoSecurity Europe at Earls Court, London, which runs from April 24th to the 26th.
Kicking off at 5.30pm, attendees will be able to have a beer and network until 6.30pm, when Alan Stockey delivers Cookie…Doh. Following on, Ben William gives his talk on Exploiting Security Gateways via the Web UI.
The Information Commission’s Office has also set up a page with the intention of helping businesses understand what they need to do to comply with the cookie law.