Forgot your password?
typodupeerror

Execs at AOL Approved Release of Private Data? 156

Posted by Zonk
from the thats-an-oops dept.
reporter writes "The New York Times has published a report providing further details about the release of private AOL search queries to the public. According to the report: 'Dr. Jensen, who said he had worked closely with Mr. Chowdhury on projects for AOL's search team, also said he had been told that the posting of the data had been approved by all appropriate executives at AOL, including Ms. [Maureen] Govern.' The report also identifies the other two people whom AOL management fired: they are Abdur Chowdhury and his immediate supervisor. Chowdhury is the employee who did the actual public distribution of the private search queries. He, apparently, has retained a lawyer."
This discussion has been archived. No new comments can be posted.

Execs at AOL Approved Release of Private Data?

Comments Filter:
  • Poor Data (Score:5, Funny)

    by krell (896769) on Tuesday August 22, 2006 @10:14AM (#15955164) Journal
    First they demote him from being a lt. commander. Then they attach him to AOL. Somewhere Lore must be pulling the strings.
  • retained a lawyer? (Score:4, Insightful)

    by Quasar1999 (520073) on Tuesday August 22, 2006 @10:14AM (#15955169) Journal
    At this point, why would you want to stay at your present job if you need a lawyer to keep it... even if you are successful, why would you want to stay, it's obvious you won't be liked by management, since they're trying to get rid of you... Or am I missing something?
    • Re: (Score:2, Insightful)

      by krell (896769)
      "At this point, why would you want to stay at your present job if you need a lawyer to keep it"

      Ask former President Clinton. Ask Bush after he concludes this term.
      • by TheGreek (2403) on Tuesday August 22, 2006 @10:42AM (#15955357)
        At this point, why would you want to stay at your present job if you need a lawyer to keep it
        Ask former President Clinton.
        If I'm getting harassed at my current job, not only is it actionable, but chances are I can get another job elsewhere in the same line of work.

        When you're President of the United States, you don't really have any recourse when Congress (a co-equal branch) starts issuing subpoenas, nor are similar jobs readily available.

        Nice bad analogy, though.
    • Re: (Score:3, Insightful)

      I think a fair amount of cash must be playing some role in it.
    • by mrchaotica (681592) * on Tuesday August 22, 2006 @10:18AM (#15955196)

      Perhaps because being fired is a whole lot worse than quitting voluntarily... and more importantly, lets them avoid giving you the severance pay they would otherwise owe.

      Personally, I know that if I were told by my boss to do something and then got fired for doing it, I'd be extremely pissed!

      • Re: (Score:2, Insightful)

        by Intron (870560)
        The Nuremberg Defense. At some point, people are personally responsible for the things that they do regardless of whether they were following orders.

        At a former job, we got a contract with the Navy to put our computer system on an aircraft carrier. One employee quit rather than work on a system that would be used to help kill people. Although I didn't have any qualms about that particular application, I understood her stand.
        • The Nuremberg Defense. At some point, people are personally responsible for the things that they do regardless of whether they were following orders.
          So "killing millions on orders from psychopaths" == "releasing personal data on orders from idiots", I'm not buying it.
          • So "killing millions on orders from psychopaths" == "releasing personal data on orders from idiots", I'm not buying it.

            Obviously they're not the same thing. But the Nurember analogy is still valid. To do a thing that you know to be wrong, that can lead to expanding the already-pervasive abuse of personal knowledge by so many large companies, is not justifiable because your boss told you to do it.

            Today the "little guy's" only defense against being taken advantage of by major corporations and the governme

            • by alienw (585907)
              Excuse me, but what makes you think search engine queries are private or confidential, or must be treated as such? When you type stuff into a search engine, it is no longer private. Last I checked, AOL never promised to keep search queries confidential anywhere in your contract with them. In fact, I am sure they have the right to sell them (complete with identifying information) to various marketing and database companies. There is nothing ethically or legally wrong with releasing this data, so your an
        • by EndlessNameless (673105) on Tuesday August 22, 2006 @11:11AM (#15955577)
          The Nuremberg Defense didn't work at the Nuremberg Trials because the people involved did things that any sane person knows is terribly "wrong" according to just about every existing belief system.

          Of course, don't let that small difference in scale dissuade you from bringing Godwin's Law into effect.

          AOL did not provide any of the information necessary to identify the searchers. So while I disagree with the disclosure, this breach of privacy is on par with other acts of corporate idiocy I've seen, and based on that I would say that there wasn't any basis requiring him to refuse this order. There's no clear and compelling need to disobey an approved transfer of more-or-less anonymous data, unlike a situation where someone is ordered to kill innocent civilians by the truckful.

          Finally, get a sense of proportion. Are you seriously comparing a poor privacy decision with a decision on a life-and-death matter? Tenuously exaggerated examples do not shore up tenuously supported arguments.
          • by TFGeditor (737839) on Tuesday August 22, 2006 @11:46AM (#15955897) Homepage
            "AOL did not provide any of the information necessary to identify the searchers."

            Oh, really? A couple of NY Times reporters didn't let that stop them. They used the search data to find and interview User No. 4417749, Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga. Link to story below. Bugmenot login works.

            http://www.nytimes.com/2006/08/09/technology/09aol .html?ex=1156392000&en=4908a895fec7a6a7&ei=5070 [nytimes.com]

            • How is that informative in the context of the gp poster? It is pretty obvious that AOL thought they had anonymized the data. They took out the users' names. The fact that they didn't put due diligence into making sure that the searches included couldn't be used to eventually identify the people involved doesn't mean they didn't do anything at all. Had they released the info with user names, then the Neuremberg "just following orders" thing holds a bit more water. But given how it actually played out, N
              • by TFGeditor (737839)
                My point is that "AOL did not provide any of the information necessary to identify the searchers" is obviously not correct. Clearly the search data itself was sufficient information whereby to identify and locate at least some users.

                I often Google search my own name (to look for [gasp] copyright infringement or plagiarism). Were I an AOL user whose data got released, I would certainly have been easily identified.

        • Re: (Score:3, Funny)

          by omeomi (675045)
          At a former job, we got a contract with the Navy to put our computer system on an aircraft carrier. One employee quit rather than work on a system that would be used to help kill people. Although I didn't have any qualms about that particular application, I understood her stand.

          The Clerks argument! My favorite! Was it okay to blow up the Death Star the second time, while it was being repaired? Do you think the average storm trooper knows how to install a toilet main? ;-)
        • And it so early in the morning.

      • by creimer (824291) on Tuesday August 22, 2006 @10:49AM (#15955423) Homepage
        Personally, I know that if I were told by my boss to do something and then got fired for doing it, I'd be extremely pissed!

        That's when documenting your work is important. As a lead tester at Atari a few years ago, I was in situations that I could've been fired for except all my documentation pointed back to management. When a new boss told me to stop doing that, I told him I would not. Then it became a cat-and-mouse game for the next six months as he tried to get me fired without getting himself fired in the process. I eventually left on my own for "personal reasons" and it turned out I was the third person out of a dozen senior testers to leave that year when my boss became the department manager.
    • by Silver Sloth (770927) on Tuesday August 22, 2006 @10:20AM (#15955208)
      What do you want on your CV
      • Sacked for gross incompetence
      • Left after being used as a scapegoat
      The point of most unfair dismissal actions is not the money, it's the CV.
      • How about...

        * Filed lawsuit against former employer due to wrongful termination.
      • by clickclickdrone (964164) on Tuesday August 22, 2006 @11:07AM (#15955549)
        >It's the CV
        I know of one senior guy who worked for a well known credit card company. He was brought in to cut costs. On day one all the department heads were brought in one by one. He ignored everyone's plans and spreadsheets and just gave them a slip of paper with 500k, 1 million or whatever written on it and said 'that's your budget'. A few months later he had another 35m to lose and noticed a single dept that cost that. He ordered it shut down and the staff made redundant. Within a few months the company's income was in freefall - he'd sacked their most profitable sales team. He had to go grovelling to the board to explain, rehire as many as he could at inflated salaries and was then fired. You can bet his CV reads 'Worked for xxxxx, achieved 70 million cost cuts'
      • What do you want on your CV
                * Sacked for gross incompetence
                * Left after being used as a scapegoat


        They're both equally effective at preventing you from getting hired anywhere else. The new HR director isn't going to give a sympathetic ear to your tale of scapegoatism, he or she is probably going to assume that you actually deserved the blame you got, and your story is nothing more than a save-face gesture.

      • by owlnation (858981)
        In some cases yes, that's true. However, having an unfair dismissal case on your CV isn't going to make you look like a fun addition to a corporate team. Rightly or wrongly (actually only wrongly) it makes you look like a trouble maker - even if you were only rightly defending yourself and were supported by the court.

        This, of course, sucks...
      • by whoever57 (658626)
        The point of most unfair dismissal actions is not the money, it's the CV.
        It seems to me that most potential employers don't actually ask why I left my previous jobs. Some do, but it is by no means universal. OTOH, do you really want to be known as a litigious person who sued a former employer?
    • by Karma Farmer (595141) on Tuesday August 22, 2006 @10:21AM (#15955220)
      Slashdot: why ignore the article when you can ignore the summary?
      • by Morrigu (29432)
        Eh? Whatzat? Speak up louder, I can't hear ye.

        Whatzhe goin on all 'bout, I dunno.
    • by Daniel_Staal (609844) <DStaal@usa.net> on Tuesday August 22, 2006 @10:22AM (#15955224)
      The main point really is that he believes he was fired because he is being blamed for something that is not his fault: He did what he was told, and what he was told was authorized by his bosses and the appropriate people. Blaming the mailclerk for the mail isn't good policy. (He's a little more involved then a mailclerk I assume, but how much I don't know.)

      Then, if he doesn't want to work there, he can quit. There is a huge difference in being able to tell a prospective employeer that you quit because of the culture of blame-passing, and having to tell them you were fired because you released private data to the public.
      • He did what he was told, and what he was told was authorized by his bosses and the appropriate people.

        I recall similar defenses were raised at Nuremberg, and didn't go over very well.

        Blaming the mailclerk for the mail isn't good policy.

        Maybe not, but I guarantee you that every day there are dozens of mailclerks, helpdesk technicians, and professionals of all stripes who are fired for things for which they do not actually deserve any of the blame.
        • The flaws in the Nuremburg defense are if the person executing the order can reasonably be sure the order itself is illegal or immoral. It is not always a bad defense. If they have no reason to believe there was not a good reason to obey the order or instruction, the blame for the action should be given to those who issued the order.

          "I was just following orders" is an attempt to pass the blame. Sometimes the blame legitmately needs to be passed to those responsible, and sometimes it doesn't. Ignoring th
        • Re: (Score:3, Insightful)

          I recall similar defenses were raised at Nuremberg, and didn't go over very well.

          Shut the fuck up about Nuremburg! Releasing anonymized search data is not the same as shovelling people into ovens!

    • by RingDev (879105)
      Getting fired likely means he loses his severence package. Not to mention the black mark on his resume over this. How is it going to look when he goes up for his next interview when he was used as a scape goat for the issue at AT&T. He has to fight, if for no other reason then to maintain his appearance.

      -Rick
    • by tnk1 (899206)
      He doesn't want to work for AOL, I'm sure. He just wants to collect money off them for firing him.
    • by szembek (948327) on Tuesday August 22, 2006 @10:35AM (#15955308) Homepage
      Maybe it's not about getting fired. Maybe he's afraid of lawsuits coming his way if he is primarily blamed for authorizing the release of data.
    • by B11 (894359)
      Considering the fact that their trashing his name and hanging this debacle on him, it makes sense to get a lawyer. AOL also fired the "retention agent" over that phone call we all heard. Of course he was doing what he was told to do. Scapegoating lower level peons seems to be modus operandi for AOL [consumerist.com].
    • by diersing (679767)
      At this point, its not about staying. Its about making AOL look bad and improving the severance package. AOL fired him because of the action he took, he'll claim it was a code red and that he was acting in good faith that the proper AOL people approved it and he's the scapegoat. AOL has deep pockets and will work hard to make this whole transgression go away as fast as possible up to and including making paymnets to those that want to keep in the news.
    • by omeomi (675045)
      At this point, why would you want to stay at your present job if you need a lawyer to keep it...

      Wrongful termination is definitely worth going to court over. If he was working under the direct orders of top executives at AOL, he didn't do anything wrong. Had he refused to post the info, he probably would have been fired. I'm okay with the execs being fired, but he's just a guy that did what he was told.
    • On the one side, I can see making the argument, "Hey, I only did what my boss told me to do" and he may even be able to win in court with that argument.

      However, I think that a technical person should have damn well known better than to do something like that, and I think that if such an individual was working under me, I very well might can him right along with his boss just for making a seriously poor judgement call.
    • by pilgrim23 (716938)
      The Lawyer may have little to do with his feelings about AOL and the job. Ever stopped to think that some ambulance chaser is right now tracking down identifiable AOL searchers to mount a class action on this? All responsible individulas would be targets, along with AOL (regardless of current employment status) of such a suit.
  • Obviously (Score:4, Interesting)

    by Anonymous Coward on Tuesday August 22, 2006 @10:18AM (#15955193)
    Almost everything a company does, especially publicly has to have multiple stamps of approval. Can't even order a pencil without paperwork. Right now AOL is headhunting for scapegoats to sacrifice to appease the masses. This had to have nearly everybody OKing it, if it was a mistake it would have gotten yanked back a LOT faster and legal actions would be pending, they aren't threatening anybody yet because they probably don't want their own records being pulled out and becoming massivly liable.

    Not at all sure about why they thought it was a good idea, they must have thought the ID numbers were sufficient to conceal identities which also shows the lack of security knowledge most executives have.
  • by kurrik (776253) on Tuesday August 22, 2006 @10:20AM (#15955211)
    "An AOL researcher who put the queries online and a manager overseeing the project were dismissed, according to an AOL employee who did not want to be identified because the company does not comment publicly on personnel matters."
    Yeah, wouldn't want anyone's privacy to be compromised??
  • ...a subpoena!
  • by Jakhel (808204) on Tuesday August 22, 2006 @10:21AM (#15955215)
    who else would have the phenomenal insight to give us such gems as

    http://i.somethingawful.com//sasbi/2006/08/docevil /8-21-06_21.gif [somethingawful.com]

    http://i.somethingawful.com//sasbi/2006/08/docevil /8-13-06_26.gif [somethingawful.com]

    and of course

    http://i.somethingawful.com//sasbi/2006/08/docevil /8-21-06_9.gif [somethingawful.com]
  • Just because they approved it, it doesn't mean they thouroughly understood how it worked. For example, what if they were told that lists of searches (and results, if I understand this) were going to be released, with user-identifying information hidden? If they weren't told that they were replaced with unique IDs (which could be connected to a person if identifying data were to be entered), then they could not know this without doing a little research. Executives don't just get salaries for making decisions
    • Re: (Score:1, Informative)

      by Anonymous Coward
      The reason that the exec's approval is an issue is not because we expect the execs to know what the heck they are looking at, but because they are the custodians of the "process".

      I can entirely believe that the execs didn't know the full implications of what they were looking at, or didn't have a clear idea of what could be done with the data. I'm sure that they cared that the data was anonymized, and it *was*, just not well enough.

      However, even though they sometimes like to come off as knowing what they a
  • by bigdavex (155746) on Tuesday August 22, 2006 @10:25AM (#15955249)

    The Justice Department has repeatedly signaled its strong interest, through continued conversations with Internet companies and members of Congress, in having the data retained to help it fight terrorism and child pornography . .

    I bet they have a stamp that says that.
  • From Mrs. Govern besides pretty much what the Government does with our search queries? Nothing else than this! :D
  • ...if ever there was any public doubt about how dangerous the release of search query data could be, this should do a lot to prove to "the public" otherwise.

    And with this improvement in public awareness of how important it is to have private data safe-guarded and controlled, I think we'll see a little more interest in what business and government does with private data. I think that ultimately, we need to get a LOT more aggressive over the misuse of the SSN (social security number) and forever separate the
    • I think that ultimately, we need to get a LOT more aggressive over the misuse of the SSN (social security number) and forever separate the SSN from the credit and banking systems.
      Which ID is used isn't the problem. The problem is that a simple ID is being used as both an ID and a password.
  • by Anonymous Coward
    Good Morning Silicon Valley's got two internal AOL e-mails [siliconvalley.com] announcing the CTO's "resignation" as well as AOL's 4 part plan to become an industry leader in privacy. Excerpt:
    1. Creation of a task force, led by Ted Leonsis and Randy Boe, with senior representatives from corporate communications, integrity assurance, product and marketing, to develop new best practices in this rapidly evolving area. Among other issues, the task force will look specifically at how long we should save data, including
  • And empty suits like the weenies at AOL are just kneejerking to respond to some soccermom who screamed at them at the PTA meeting last night. Heads will roll, I didn't know thanks for your helpful crticism etc etc etc.

    Whereas they're probably just mad at someone for forgetting to SELL the information.
  • WikiSearch anyone? It's about time that people started realizing that these companies are not going to make this easy on anyone. I would gladly pay $5-$10/month to pay for the bills of an open source, accountable search service that doesn't keep so much data on me it makes the Stasi look like amateurs.
  • by edmicman (830206) on Tuesday August 22, 2006 @11:02AM (#15955515) Homepage Journal
    Whatever happened to the "information just wants to be free" argument? Where's that now?
  • I have read many articles on the analysis of the released AOL data. Some of the articles start off something like this:

    "I think the release of this data is a breach of privacy and should never have been made public. But ..."

    Then they present their analysis. My question is if you are going to preach on the evils of releasing the data then do you have the moral right to analyze it? I think not.
    • by nasor (690345)
      This is just silly. Suppose a neurologist treats a patient who was beaten by a baseball bat and has sustained brain damage. After a year of treatment, the neurologist finds that the patient's brain functions have changed to work around the damaged areas. Would you propose that the neurologist shouldn't write a paper about this because he doesn't approve of beating people with baseball bats?
  • Let's see here... we have various free services that are available to everyone on the Internet. These free services aren't free to operate - they cost significant amounts of money to do so. Where does the money come from?

    The first place is of course advertising. Having people pay to push their message at the unsuspecting people that are using the service. Eventually the ads become all-pervasive and lose some of their value. Where we are today is that banner ads are almost worthless and Google has made
  • The Real Problem (Score:4, Insightful)

    by Nom du Keyboard (633989) on Tuesday August 22, 2006 @12:19PM (#15956179)
    The real problem isn't that they let this data escape.

    The real problem is that they shouldn't have been keeping it in the first place!

    If it can harm a consumer by its release, then it can harm that same consumer by the fact that the have it in their possession in the first place. Just how is AOL that much better or more trustworthy than the world at large?

  • Pope Catholic.
    Bear craps in woods.
  • And the solution is to stop trusting these guys and use your own head. Heres a good way to do just that with a search proxy.
    http://www.blackboxsearch.com/ [blackboxsearch.com]

What hath Bob wrought?

Working...