S 5.155 Data protection aspects when using the Internet

Initiation responsibility: IT Security Officer, Data Protection Officer

Implementation responsibility: User

Data are collected at many locations when using the Internet, and these data could be compiled for customer profiles, for example. A good deal of these data are collected with the knowledge and consent of the users; other data are collected in the background. However, users may avoid leaving behind undesired traces of data though proper behaviour.

Cookies

HTTP cookies are a way to store information for certain websites locally in a specific file directory on the Internet client. They serve for archiving information for limited periods of time. For example, cookies may be used by the operators of websites in order to implement user settings for personalised web offers or "shopping baskets" in online shops or to provide target group-oriented advertising. Here, the information is normally not stored in the cookie itself. Rather, a cookie is a type of serial number that may be used to assign information stored by the website operator to users. A cookie typically contains

• information about the websites it is to be returned to (for example only to the server it has been generated by or to all servers in the domain of the server it has been generated by),
• a period of validity (for example only for the current browser session or until a specified expiration date), and
• other data freely selectable by the website operator such as a user ID or a session ID.

Flash cookies, on the other hand, also referred to as local shared objects (LSO), are generated by flash animations. They serve for storing user-specific settings to the user's computer when using flash files, for example the set volume of the user. They are generated by the flash player and depend on the browser. However, they cannot be controlled via the browser settings, i.e. deleted automatically, for example. Regardless of the operating system used, the flash cookies are stored to the "application data" directory of the user.

The general acceptance of cookies should be disabled in the browser settings. The acceptance of flash cookies must be disabled in the flash player itself. Browsers should be configured in such a way that, before any cookies are stored, users are asked whether this should be accepted. Cookies may also be allowed for the duration of a session, but permanent storage may be blocked. Some browsers allow you to select relatively detailed criteria that are used to accept or reject cookies. The following aspects may serve as a basis for making the decision as to whether a cookie is to be rejected or whether it is to be accepted:

• Cookies to be returned to servers from a different domain than the domain of the server the currently opened site comes from (third party cookies) should be rejected as a matter of principle. This particularly includes cookies of web providers offering banners within the visited website.
• Cookies to be returned to all servers in a certain domain and not only to the server the currently opened site comes from should normally be rejected.
• All cookies with an exceptionally long life should be rejected.
• Cookies serving for the storage of user settings for personalised websites may be accepted. In order to identify such cookies, a decision of the user is required, however. On those sites where a user may make his/her settings, reputable providers often display a note stating that the settings are to be stored in a cookie.
• Cookies only valid for the current browser session (often also referred to as session cookies) and only returned to the respective server can normally be accepted.

However, the users must take into account some minor restrictions regarding the use of the Internet, for example, certain data may need to be re-entered when using a website several times.

The users should have the currently stored cookies displayed at regular intervals and should delete these selectively, if required. It is better to configure the browser in such a way that it deletes the collected cookies when it is closed. Flash cookies are not taken into consideration by the browser's deletion option, however. These must be deleted from the corresponding folders manually or using special software.

Data collections (history, hotlists, and cache)

Browsers also internally collect data regarding the use of the Internet of the different users, for example, about the history (the list of the most recently visited websites), cache, download overviews, stored search and form data, and passwords. The users of browsers must be informed about where this data is stored on their local IT systems and how this data can be deleted. Furthermore, it must be guaranteed that only authorised persons have access. In most browsers, it is possible to delete all data and files which allow conclusions to be drawn about the personal surfing behaviour of the users via a mouse click or automatically when closing the browser.

The files on proxy servers are particularly sensitive, since all external Internet accesses of all employees are logged on a proxy server, including the IP address of the client who started the request and the requested URL. With the help of the client's IP address it is normally possible to draw conclusions about a specific employee. A poorly administrated proxy server may therefore entail massive violations of the data protection regulations.

The majority of the browsers collect a large number of information about the user and his/her behaviour during use, possibly including information the user does not want to be forwarded. This information includes:

• favourites,
• retrieved websites and/or information in the cache,
• history database and/or URL list,
• cookie list,
• information about users stored in the browser and possibly also forwarded.

History (history database)

In the history, the web addresses called by the user are stored. Practically all browsers maintain a log the URLs the user retrieved within a certain period of time (Chronic with Firefox, History for Microsoft Internet Explorer). Such a log may either only cover the current session or may also contain information about past sessions.

This database contains information about visited websites and retrieved sites (URL and title). Even internal documents opened in the browser are stored in the database with this information. This way, sensitive, confidential information may be disclosed.

The history database should be cleaned regularly. The majority of browsers offer the option of completely emptying the history database in their configuration dialogues, e.g. every time the browser is closed. Furthermore, the period to be covered by the history data can be specified in most cases, older information will be deleted automatically.

Information on users

A browser may store and possibly also forward diverse information about users, e.g. name, email address, organisation, phone number. It should be considered thoroughly which personal information is to be forwarded using the browser. It is recommendable to disclose as little information as possible.

In many browsers it is possible to store the input of the user for certain web forms and to automatically add this input when the corresponding site is retrieved the next time. This option should only be used in exceptional cases, if used at all. In no case should access passwords be stored this way. If it is possible to store data in encrypted form, this option should be used in any case.

Information in the browser cache

All elements of the visited websites such as texts, style sheets, image files, or sounds are stored to the browser cache. Unless the browser cache is emptied, the loading time of the site is shortened when re-visiting the website, since the website is not loaded from the Internet, but from the browser cache. The browser checks in advance whether required files are already present in the cache or whether they must be re-loaded from the Internet. Similarly to the history database, the files in the browser cache may be used to reconstruct the information retrieved by the user. This may be misused for creating user profiles. In extreme cases, this may even result in confidential information being disclosed to the public, for example, if a notebook used in the intranet at the workplace is used outside of the government agency or company and is stolen.

Therefore, the cache, as well as the history folder should be deleted regularly or the cache function should be disabled completely right away when configuring the browser. It is recommendable to set the size of the cache to 0 MB in order to prevent any files from being buffered. When accessing SSL-secured websites, this often serves for transmitting sensitive information such as credit card numbers via the Internet in an encrypted form. Sites of this kind must be exempt directly from being stored in the cache, as far as this setting is available.

In order to prevent users from leaving behind undesired data traces, they should be informed as to how they can avoid these through proper behaviour and optimal settings.

Review questions:

• Have the users been informed as to how they can avoid undesired data traces when using the Internet?