"It was a mistake on our part. It was not intentional," Stepp said Tuesday. "The public does not need to be concerned that the CIA is tracking them. We're a bit busy to be doing that."
Cookies are small software files often placed on computers without a person's knowledge. The files can make Internet browsing more convenient by letting sites distinguish user preferences, but they have been criticized for violating privacy because they can track Web surfing.
Daniel Brandt discovered on Thursday that a CIA site had placed one of those long-lasting cookies on his computer. Brandt is president of Public Information Research, a private San Antonio-based group that preserves publications related to intelligence and business.
Brandt said he discovered the cookie, which keeps working until 2010, when he was looking at the Web site for the CIA's Electronic Reading Room, which provides access to previously released agency documents.
"They're not supposed to be doing this," Brandt said. He said he was particularly concerned because the reading room site allows users seeking documents to search for particular words.
"The keywords you put in reveal an incredible amount about what you're looking for and what your interests are," Brandt said. "It would be very, very tempting to track that kind of information."
A notice on the CIA Web site states, "The Central Intelligence Agency Web site does NOT use the 'cookies' that some Web sites use to gather and store information about your visits to their sites."
Brandt sent e-mail to the CIA with his concerns and the agency responded on Monday, removing the cookie software and some other temporary cookies that were discovered.
Stepp said an outside company had redesigned the reading room Web site, which was posted to the Internet on Jan. 29.
"Unbeknownst to us, it was loaded with some software, commercial off-the-shelf software used for Web analysis," Stepp said. The software included a cookie that tracked repeat visitors to the site.
To make sure no improper information about site visitors had been recorded, Stepp said two sets of log files would be destroyed.
Congress issued a study last summer that found 300 cookies still on the Web sites of 23 agencies despite the government ban.