Execs at AOL Approved Release of Private Data?

reporter writes "The New York Times has published a report providing further details about the release of private AOL search queries to the public. According to the report: 'Dr. Jensen, who said he had worked closely with Mr. Chowdhury on projects for AOL's search team, also said he had been told that the posting of the data had been approved by all appropriate executives at AOL, including Ms. [Maureen] Govern.' The report also identifies the other two people whom AOL management fired: they are Abdur Chowdhury and his immediate supervisor. Chowdhury is the employee who did the actual public distribution of the private search queries. He, apparently, has retained a lawyer."

Poor Data

[krell]

First they demote him from being a lt. commander. Then they attach him to AOL. Somewhere Lore must be pulling the strings.

Re:

[__aaclcg7560]

Haven't you heard? Data was killed in the line of duty. This is B4 who's working at AOL.

Re:

[StikyPad]

He must've been an LDO... which explains a lot.

retained a lawyer?

[Quasar1999]

At this point, why would you want to stay at your present job if you need a lawyer to keep it... even if you are successful, why would you want to stay, it's obvious you won't be liked by management, since they're trying to get rid of you... Or am I missing something?

Re:

[krell]

"At this point, why would you want to stay at your present job if you need a lawyer to keep it"

Ask former President Clinton. Ask Bush after he concludes this term.

Re:retained a lawyer?

[TheGreek]

At this point, why would you want to stay at your present job if you need a lawyer to keep it

Ask former President Clinton.

If I'm getting harassed at my current job, not only is it actionable, but chances are I can get another job elsewhere in the same line of work.

When you're President of the United States, you don't really have any recourse when Congress (a co-equal branch) starts issuing subpoenas, nor are similar jobs readily available.

Nice bad analogy, though.

Re:retained a lawyer?

[TheGreek]

Perhaps someone should tell bush that congress is a coequal branch of government.

It might be more effective for somebody to tell Congress that Congress is a co-equal branch.

Each branch only has as much power as it chooses to exercise.

Re:

[SpaceLifeForm]

Well, the Judicial Branch just did tell Congress via US District Judge Anna Diggs Taylor, but I doubt they are paying attention.

Of course, now US District Judge Anna Diggs Taylor is being attacked, being accused of failing to recuse herself in spite of a conflict of interest [rawstory.com].

Re:

[TheGreek]

Well, the Judicial Branch just did tell Congress via US District Judge Anna Diggs Taylor, but I doubt they are paying attention.

The US District Court exists because Congress says it does. It isn't until the Supreme Court of the United States says something (or declines to say something) that The Judiciary Has Spoken*. Accordingly, Congress can feel free to disregard a poorly-written decision that depends heavily on cherry-picked case law.

Of course, now US District Judge Anna Diggs Taylor is being attacked

Re:

[TheGreek]

but I really am curious as to what the alleged conflict is.

Perhaps you should have read the parent of the post to which you replied [slashdot.org] before replying, hmm?

Now be a good little boy and go play with your toys and let us grownups have our conversation, okay?

Re:

[schtum]

Oh wow, that's awful. A judge with ties to an organization dedicated to civil liberties. No wonder you're so pissed off.

Re:

[TheGreek]

Oh wow, that's awful. A judge with ties to an organization dedicated to civil liberties. No wonder you're so pissed off.

You forgot to mention that her organization donated money to a litigant in a case she decided.

I guess that's only improper when it involves people and organizations with whom you disagree, right?

Re:

[schtum]

You're right, this has happened on the other side of the political aisle. The allegations are always dismissed with the defense that it doesn't matter, as long as the judges uphold the law in their decisions. I don't think anyone has made the case that her decision was legally unfounded, so you'll forgive me if I'm unimpressed with attempts to get it overturned on a technicality. And yes, after 12 years of scorched-earth politics from the right, I'll take these small victories however we can get them.

Re:

[sumdumass]

I don't think anyone has made the case that her decision was legally unfounded, so you'll forgive me if I'm unimpressed with attempts to get it overturned on a technicality

It is almost impossible to counter the legality of her decisions becasue she didn't write one. She basicly said this is wrong, i'm finding for this side. case over.

There is no legal basis mentioned for the decision, no other case laws cited in the decision, nothing even indecating why it was wrong or what laws it specificly violated. Ju

Re:

[A beautiful mind]

I think a fair amount of cash must be playing some role in it.

Re:retained a lawyer?

[mrchaotica]

Perhaps because being fired is a whole lot worse than quitting voluntarily... and more importantly, lets them avoid giving you the severance pay they would otherwise owe.

Personally, I know that if I were told by my boss to do something and then got fired for doing it, I'd be extremely pissed!

Re:

[Intron]

The Nuremberg Defense. At some point, people are personally responsible for the things that they do regardless of whether they were following orders.

At a former job, we got a contract with the Navy to put our computer system on an aircraft carrier. One employee quit rather than work on a system that would be used to help kill people. Although I didn't have any qualms about that particular application, I understood her stand.

Re:

[ericspinder]

The Nuremberg Defense. At some point, people are personally responsible for the things that they do regardless of whether they were following orders.

So "killing millions on orders from psychopaths" == "releasing personal data on orders from idiots", I'm not buying it.

Nuremberg analogy is valid

[aeoneal]

So "killing millions on orders from psychopaths" == "releasing personal data on orders from idiots", I'm not buying it.

Obviously they're not the same thing. But the Nurember analogy is still valid. To do a thing that you know to be wrong, that can lead to expanding the already-pervasive abuse of personal knowledge by so many large companies, is not justifiable because your boss told you to do it.

Today the "little guy's" only defense against being taken advantage of by major corporations and the governme

Re:

[alienw]

Excuse me, but what makes you think search engine queries are private or confidential, or must be treated as such? When you type stuff into a search engine, it is no longer private. Last I checked, AOL never promised to keep search queries confidential anywhere in your contract with them. In fact, I am sure they have the right to sell them (complete with identifying information) to various marketing and database companies. There is nothing ethically or legally wrong with releasing this data, so your an

Re:

[alienw]

By that logic, any type of advertising should be outlawed. While I am not disagreeing with your argument, privacy laws are not that effective for protecting consumers from abusive marketing. Drug commercials would not be effective if doctors cared more about what the hell they were doing. It's far too easy to walk in to a doctor's office and get an antibiotic prescription for a cold or an SSRI prescription for "depression" (caused by an unhealthy lifestyle rather than a chemical imbalance). Doctors do t

Re:retained a lawyer?

[EndlessNameless]

The Nuremberg Defense didn't work at the Nuremberg Trials because the people involved did things that any sane person knows is terribly "wrong" according to just about every existing belief system.

Of course, don't let that small difference in scale dissuade you from bringing Godwin's Law into effect.

AOL did not provide any of the information necessary to identify the searchers. So while I disagree with the disclosure, this breach of privacy is on par with other acts of corporate idiocy I've seen, and based on that I would say that there wasn't any basis requiring him to refuse this order. There's no clear and compelling need to disobey an approved transfer of more-or-less anonymous data, unlike a situation where someone is ordered to kill innocent civilians by the truckful.

Finally, get a sense of proportion. Are you seriously comparing a poor privacy decision with a decision on a life-and-death matter? Tenuously exaggerated examples do not shore up tenuously supported arguments.

Re:retained a lawyer?

[TFGeditor]

"AOL did not provide any of the information necessary to identify the searchers."

Oh, really? A couple of NY Times reporters didn't let that stop them. They used the search data to find and interview User No. 4417749, Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga. Link to story below. Bugmenot login works.

http://www.nytimes.com/2006/08/09/technology/09aol .html?ex=1156392000&en=4908a895fec7a6a7&ei=5070 [nytimes.com]

Re:

[TheSkyIsPurple]

How is that informative in the context of the gp poster? It is pretty obvious that AOL thought they had anonymized the data. They took out the users' names. The fact that they didn't put due diligence into making sure that the searches included couldn't be used to eventually identify the people involved doesn't mean they didn't do anything at all. Had they released the info with user names, then the Neuremberg "just following orders" thing holds a bit more water. But given how it actually played out, N

Re:

[TFGeditor]

My point is that "AOL did not provide any of the information necessary to identify the searchers" is obviously not correct. Clearly the search data itself was sufficient information whereby to identify and locate at least some users.

I often Google search my own name (to look for [gasp] copyright infringement or plagiarism). Were I an AOL user whose data got released, I would certainly have been easily identified.

Re:

[TFGeditor]

"...her admission dissolved her privacy more than Aol's info did."

Having reporters show up at your door--even if they do not know your name--and start asking questions is PRIVACY? Perhaps on your planet, but not on this one.

Re:

[omeomi]

At a former job, we got a contract with the Navy to put our computer system on an aircraft carrier. One employee quit rather than work on a system that would be used to help kill people. Although I didn't have any qualms about that particular application, I understood her stand.

The Clerks argument! My favorite! Was it okay to blow up the Death Star the second time, while it was being repaired? Do you think the average storm trooper knows how to install a toilet main? ;-)

Godwin already?

[ColdWetDog]

And it so early in the morning.

Re:retained a lawyer?

[__aaclcg7560]

Personally, I know that if I were told by my boss to do something and then got fired for doing it, I'd be extremely pissed!

That's when documenting your work is important. As a lead tester at Atari a few years ago, I was in situations that I could've been fired for except all my documentation pointed back to management. When a new boss told me to stop doing that, I told him I would not. Then it became a cat-and-mouse game for the next six months as he tried to get me fired without getting himself fired in the process. I eventually left on my own for "personal reasons" and it turned out I was the third person out of a dozen senior testers to leave that year when my boss became the department manager.

Re:retained a lawyer?

[Silver Sloth]

What do you want on your CV

• Sacked for gross incompetence
• Left after being used as a scapegoat

The point of most unfair dismissal actions is not the money, it's the CV.

How about...

[deepb]

How about...

* Filed lawsuit against former employer due to wrongful termination.

Re:

[Pharmboy]

That or they sued because of sexual harassment. Either one on a resume is just swell.

+1 Funny

[Agelmar]

If I had any mod points left, parent would definitely be +1 Funny...

Re:retained a lawyer?

[clickclickdrone]

>It's the CV
I know of one senior guy who worked for a well known credit card company. He was brought in to cut costs. On day one all the department heads were brought in one by one. He ignored everyone's plans and spreadsheets and just gave them a slip of paper with 500k, 1 million or whatever written on it and said 'that's your budget'. A few months later he had another 35m to lose and noticed a single dept that cost that. He ordered it shut down and the staff made redundant. Within a few months the company's income was in freefall - he'd sacked their most profitable sales team. He had to go grovelling to the board to explain, rehire as many as he could at inflated salaries and was then fired. You can bet his CV reads 'Worked for xxxxx, achieved 70 million cost cuts'

Re:

[poot_rootbeer]

What do you want on your CV
        * Sacked for gross incompetence
        * Left after being used as a scapegoat

They're both equally effective at preventing you from getting hired anywhere else. The new HR director isn't going to give a sympathetic ear to your tale of scapegoatism, he or she is probably going to assume that you actually deserved the blame you got, and your story is nothing more than a save-face gesture.

Re:

[owlnation]

In some cases yes, that's true. However, having an unfair dismissal case on your CV isn't going to make you look like a fun addition to a corporate team. Rightly or wrongly (actually only wrongly) it makes you look like a trouble maker - even if you were only rightly defending yourself and were supported by the court.

This, of course, sucks...

Re:

[whoever57]

The point of most unfair dismissal actions is not the money, it's the CV.

It seems to me that most potential employers don't actually ask why I left my previous jobs. Some do, but it is by no means universal. OTOH, do you really want to be known as a litigious person who sued a former employer?

Re:retained a lawyer?

[Karma Farmer]

Slashdot: why ignore the article when you can ignore the summary?

Re:

[Morrigu]

Eh? Whatzat? Speak up louder, I can't hear ye.

Whatzhe goin on all 'bout, I dunno.

Re:retained a lawyer?

[Daniel_Staal]

The main point really is that he believes he was fired because he is being blamed for something that is not his fault: He did what he was told, and what he was told was authorized by his bosses and the appropriate people. Blaming the mailclerk for the mail isn't good policy. (He's a little more involved then a mailclerk I assume, but how much I don't know.)

Then, if he doesn't want to work there, he can quit. There is a huge difference in being able to tell a prospective employeer that you quit because of the culture of blame-passing, and having to tell them you were fired because you released private data to the public.

Re:

[poot_rootbeer]

He did what he was told, and what he was told was authorized by his bosses and the appropriate people.

I recall similar defenses were raised at Nuremberg, and didn't go over very well.

Blaming the mailclerk for the mail isn't good policy.

Maybe not, but I guarantee you that every day there are dozens of mailclerks, helpdesk technicians, and professionals of all stripes who are fired for things for which they do not actually deserve any of the blame.

Re:

[Daniel_Staal]

The flaws in the Nuremburg defense are if the person executing the order can reasonably be sure the order itself is illegal or immoral. It is not always a bad defense. If they have no reason to believe there was not a good reason to obey the order or instruction, the blame for the action should be given to those who issued the order.

"I was just following orders" is an attempt to pass the blame. Sometimes the blame legitmately needs to be passed to those responsible, and sometimes it doesn't. Ignoring th

Re:

[Fulcrum of Evil]

I recall similar defenses were raised at Nuremberg, and didn't go over very well.

Shut the fuck up about Nuremburg! Releasing anonymized search data is not the same as shovelling people into ovens!

Re:

[Captain Hook]

Which is where compensation comes in, if there is a reasonable chance he won't be able to work again then AOL should have to pay for ruining the guys career.

That of course, is assuming that he really is as innocent in all of this as he claims to be.

Re:

[pclminion]

That of course, is assuming that he really is as innocent in all of this as he claims to be.

I think "naive" is a better word in this case. Of all people, I'd expect a data mining academic to understand the potential ramifications of releasing search data. Maybe this guy's head was so far in the clouds above the ivory tower that it just didn't occur to him, but I somehow doubt it. More likely, the idea of getting a publication out was too attractive to worry about petty ethical considerations.

Re:

[RingDev]

Getting fired likely means he loses his severence package. Not to mention the black mark on his resume over this. How is it going to look when he goes up for his next interview when he was used as a scape goat for the issue at AT&T. He has to fight, if for no other reason then to maintain his appearance.

-Rick

Re:

[tnk1]

He doesn't want to work for AOL, I'm sure. He just wants to collect money off them for firing him.

Re:retained a lawyer?

[szembek]

Maybe it's not about getting fired. Maybe he's afraid of lawsuits coming his way if he is primarily blamed for authorizing the release of data.

Re:

[B11]

Considering the fact that their trashing his name and hanging this debacle on him, it makes sense to get a lawyer. AOL also fired the "retention agent" over that phone call we all heard. Of course he was doing what he was told to do. Scapegoating lower level peons seems to be modus operandi for AOL [consumerist.com].

Re:

[diersing]

At this point, its not about staying. Its about making AOL look bad and improving the severance package. AOL fired him because of the action he took, he'll claim it was a code red and that he was acting in good faith that the proper AOL people approved it and he's the scapegoat. AOL has deep pockets and will work hard to make this whole transgression go away as fast as possible up to and including making paymnets to those that want to keep in the news.

Re:

[omeomi]

At this point, why would you want to stay at your present job if you need a lawyer to keep it...

Wrongful termination is definitely worth going to court over. If he was working under the direct orders of top executives at AOL, he didn't do anything wrong. Had he refused to post the info, he probably would have been fired. I'm okay with the execs being fired, but he's just a guy that did what he was told.

Re:

[SatanicPuppy]

On the one side, I can see making the argument, "Hey, I only did what my boss told me to do" and he may even be able to win in court with that argument.

However, I think that a technical person should have damn well known better than to do something like that, and I think that if such an individual was working under me, I very well might can him right along with his boss just for making a seriously poor judgement call.

Re:

[pilgrim23]

The Lawyer may have little to do with his feelings about AOL and the job. Ever stopped to think that some ambulance chaser is right now tracking down identifiable AOL searchers to mount a class action on this? All responsible individulas would be targets, along with AOL (regardless of current employment status) of such a suit.

Obviously

[Anonymous Coward]

Almost everything a company does, especially publicly has to have multiple stamps of approval. Can't even order a pencil without paperwork. Right now AOL is headhunting for scapegoats to sacrifice to appease the masses. This had to have nearly everybody OKing it, if it was a mistake it would have gotten yanked back a LOT faster and legal actions would be pending, they aren't threatening anybody yet because they probably don't want their own records being pulled out and becoming massivly liable.

Not at all sure about why they thought it was a good idea, they must have thought the ID numbers were sufficient to conceal identities which also shows the lack of security knowledge most executives have.

Re:

[MindStalker]

well see, they aggregated all the people who searched for X and Y and Z and added them together and assigned that a number. So what if the aggregate generally turned out to be 1 case.

Yes I've seen MANY people aggregate too many variables or extremly unique variables then act surprised that it didn't really aggregate.

Personal Matters

[kurrik]

"An AOL researcher who put the queries online and a manager overseeing the project were dismissed, according to an AOL employee who did not want to be identified because the company does not comment publicly on personnel matters."

Yeah, wouldn't want anyone's privacy to be compromised??

You've got...

[coolhaus]

...a subpoena!

Mr. Chowdhury is a comedic GENIUS!

[Jakhel]

who else would have the phenomenal insight to give us such gems as

http://i.somethingawful.com//sasbi/2006/08/docevil /8-21-06_21.gif [somethingawful.com]

http://i.somethingawful.com//sasbi/2006/08/docevil /8-13-06_26.gif [somethingawful.com]

and of course

http://i.somethingawful.com//sasbi/2006/08/docevil /8-21-06_9.gif [somethingawful.com]

Just because they approved it...

[SheeEttin]

Just because they approved it, it doesn't mean they thouroughly understood how it worked. For example, what if they were told that lists of searches (and results, if I understand this) were going to be released, with user-identifying information hidden? If they weren't told that they were replaced with unique IDs (which could be connected to a person if identifying data were to be entered), then they could not know this without doing a little research. Executives don't just get salaries for making decisions

Re:

[Anonymous Coward]

The reason that the exec's approval is an issue is not because we expect the execs to know what the heck they are looking at, but because they are the custodians of the "process".

I can entirely believe that the execs didn't know the full implications of what they were looking at, or didn't have a clear idea of what could be done with the data. I'm sure that they cared that the data was anonymized, and it *was*, just not well enough.

However, even though they sometimes like to come off as knowing what they a

think of the children

[bigdavex]

The Justice Department has repeatedly signaled its strong interest, through continued conversations with Internet companies and members of Congress, in having the data retained to help it fight terrorism and child pornography . .

I bet they have a stamp that says that.

think of the *animals*

[exp(pi*sqrt(163))]

Children? After reading some of those search queries it's the dogs I'm worried about.

What should we expect

[madleo]

From Mrs. Govern besides pretty much what the Government does with our search queries? Nothing else than this! :D

One good thing came from this...

[erroneus]

...if ever there was any public doubt about how dangerous the release of search query data could be, this should do a lot to prove to "the public" otherwise.

And with this improvement in public awareness of how important it is to have private data safe-guarded and controlled, I think we'll see a little more interest in what business and government does with private data. I think that ultimately, we need to get a LOT more aggressive over the misuse of the SSN (social security number) and forever separate the

Re:

[Doctor Faustus]

I think that ultimately, we need to get a LOT more aggressive over the misuse of the SSN (social security number) and forever separate the SSN from the credit and banking systems.
Which ID is used isn't the problem. The problem is that a simple ID is being used as both an ID and a password.

Internal AOL e-mails announcing new privacy plan

[Anonymous Coward]

Good Morning Silicon Valley's got two internal AOL e-mails [siliconvalley.com] announcing the CTO's "resignation" as well as AOL's 4 part plan to become an industry leader in privacy. Excerpt:

1. Creation of a task force, led by Ted Leonsis and Randy Boe, with senior representatives from corporate communications, integrity assurance, product and marketing, to develop new best practices in this rapidly evolving area. Among other issues, the task force will look specifically at how long we should save data, including

There is no privacy

[gelfling]

And empty suits like the weenies at AOL are just kneejerking to respond to some soccermom who screamed at them at the PTA meeting last night. Heads will roll, I didn't know thanks for your helpful crticism etc etc etc.

Whereas they're probably just mad at someone for forgetting to SELL the information.

Re:

[account_deleted]

Comment removed based on user account deletion

It just wants to be free!

[edmicman]

Whatever happened to the "information just wants to be free" argument? Where's that now?

Freeeedom!

[alienmole]

I'd say this only proves the point - this information wanted to be free badly enough to escape from AOL, leaving a trail of career destruction in its wake!

Re:

[MMC Monster]

Information wants to be free. Information also wants to be expensive. It depends on the type of information you are talking about.

Is it okay to use the data anyway?

[dthomas731]

I have read many articles on the analysis of the released AOL data. Some of the articles start off something like this:

"I think the release of this data is a breach of privacy and should never have been made public. But ..."

Then they present their analysis. My question is if you are going to preach on the evils of releasing the data then do you have the moral right to analyze it? I think not.

Re:

[nasor]

This is just silly. Suppose a neurologist treats a patient who was beaten by a baseball bat and has sustained brain damage. After a year of treatment, the neurologist finds that the patient's brain functions have changed to work around the damaged areas. Would you propose that the neurologist shouldn't write a paper about this because he doesn't approve of beating people with baseball bats?

This is why "free" is bad

[cdrguru]

Let's see here... we have various free services that are available to everyone on the Internet. These free services aren't free to operate - they cost significant amounts of money to do so. Where does the money come from?

The first place is of course advertising. Having people pay to push their message at the unsuspecting people that are using the service. Eventually the ads become all-pervasive and lose some of their value. Where we are today is that banner ads are almost worthless and Google has made

The Real Problem

[Nom du Keyboard]

The real problem isn't that they let this data escape.

The real problem is that they shouldn't have been keeping it in the first place!

If it can harm a consumer by its release, then it can harm that same consumer by the fact that the have it in their possession in the first place. Just how is AOL that much better or more trustworthy than the world at large?

Film at eleven.

[/dev/trash]

Pope Catholic.
Bear craps in woods.

Yes Im sure they did

[talledega500]

And the solution is to stop trusting these guys and use your own head. Heres a good way to do just that with a search proxy.
http://www.blackboxsearch.com/ [blackboxsearch.com]

Re:Possible Solution

[CDMA_Demo]

Here's a potential solution to your "industrywide problem": Stop treating us (your users) as nothing more than a market. We're individual human beings. Right now, we just look like sacks of money to you and your "research" consists of trying to extract that money from us.

I agree, users are people too. To prove your point, here is a gem: http://www.somethingawful.com/index.php?a=4016 [somethingawful.com]

Re:

[tnk1]

Mr. Bankston suggested that this was the kind of response that he and other privacy advocates feared. "This is not just AOL's problem," he said. "This is an industrywide problem that needs industrywide solutions."

Not even close to that simple. AOL didn't stand to make any money off this situation. The data was provided entirely "altruistically" for the benefit of researchers.

And what are these researchers "researching"? They are studying how to make searches more relevant, among other things.

Will

Re:Possible Solution

[trevor-ds]

That's a bit cynical, don't you think?

If they really wanted to make the most money possible, they would have sold these logs (non-anonymized) to the scores of direct marketers that I'm sure would love to have this data. Instead, they packaged it up and tried to make it available to academic researchers. These researchers honestly just want to make better search engines that run faster and return better results. Furthermore, when academics come up with a great new idea, it gets published so that anyone can read it.

Every once in a while, someone suggests an open source search engine. Check out Nutch [nutch.org] if you want to see work in this area. However, if open source search solutions are going to be any good at all, they'll have to rely on the decades of public, published information retrieval research that's already out there.

We are entering a time when companies are capable of totally outpacing academia because they have query log data, so they know exactly what users actually do. There is no way that an academic can get this kind of data unless a company releases it. Researchers at AOL, in good faith, tried to release data so researchers could have a chance at success. Ultimately, of course, that's good for AOL since they're not in the top three search engines out there. Public research can only help raise AOL's standing by helping to level the playing field. But, it's good for you too, because you can build your open source solution based on this research too.

Yes, the release was botched, and yes, the long term user identifiers were a mistake. But don't make AOL out to be some evil company that was only out to destroy your privacy. They made a mistake!

Still motivated by money, and still despicable

[Moraelin]

No, actually they hoped for even more money this way.

See, just selling email addresses to the spammers doesn't actually bring _that_ much money. See the AOL idiot who exported the database and sold it to spammers. He's got, I think, some tens of thousands of dollars. That's small change for a corporation.

Even if they sold it together with the search keywords, how much do you think they'd get? Hundreds of thousands? Let's even be generous and say a couple of millions? Those guys have to think of their own pr

Re:

[pclminion]

Here's a potential solution to your "industrywide problem": Stop treating us (your users) as nothing more than a market. We're individual human beings. Right now, we just look like sacks of money to you and your "research" consists of trying to extract that money from us.

If you want to be treated as a person, then limit your interactions to other people, not corporations. What the hell do you expect from a FACELESS ENTITY?

Why are people continually shocked at the behavior of corporations (which are en

Re:

[99BottlesOfBeerInMyF]

I haven't followed this story so correct me if I'm wrong but -- the "private data" here were just search terms with no user identification, right?

It was a bit more than just search, it was complete records of internet usage from the ISP.

If that's the case, who the hell cares?

In many cases it is simple to piece together who a user is from these records and some of the data mining potential is more than a little invasive. This is stuff like someone who routinely edits a myspace page with personally ide

Re:

[merlin_jim]

It was a bit more than just search, it was complete records of internet usage from the ISP.

No it wasn't, it was strictly search terms and if they clicked on a link, what link they clicked on - that's it

Re:

[db32]

Except that some reporters used it to personally identify a 60yr old woman in flordia IIRC. They had her verify that those indeed were her searches and she explained what they were about. So...the concern here is that you CAN be identified by your searches without "personally identifiable information". Now tack that on to "how to murder wife" searches and "how to build bomb" searches and "child pornography" searches, hand it over to the government, and now there is a bit of an issue. You get arrested be

Re:Who the hell cares?

[SydShamino]

>>> so correct me if I'm wrong

You're wrong.

The IP address or user name of the person who searched has been removed, but it was replaced with a unique identifier that tracked all of the searches by the same person.

Many people search for things related to themselves. For example, if you have looked for a job in the last four years, you were foolish if you didn't search for your own name to see if your friends' blogs had descriptions of your late-night drinking binges and drug use. (You are probably foolish if you used AOL search to do this, but that's a different discussion.)

CNN ran a story where they were able to track down one older lady, just because she searched for her last name, searched for "drugstores near " or somesuch, and was the only person in her area with that name. They confirmed with her that the searches were hers. (She has a dog with problems urinating on her carpet, and she has friends with lots of diseases that she "researches" for them.) They picked someone to track down who hadn't searched for anything "naughty", but that doesn't mean they couldn't have if they had wanted to.

Re:

[grylnsmn]

But the important question is, is it AOL's responsibility for what users decide to search for?

How is AOL supposed to know if a subset of data includes privacy data? A 9-digit number could be a SSN, but it could also be a phone number (not all countries use 10 or 7 digits), an ISBN (minus the check digit), or any number of other numbers. A 16-digit number (or 15 digits) isn't necessarily a credit card number. Just because someone puts an address into a search engine doesn't mean that it's their own addres

Re:

[MindStalker]

People generally feel comfortable with the notion that their search queries are private. Sure they may not be private, but they feel private. Sure your phone conversations arn't completly private, but the phone comapny can't just dump your conversations onto the public.

Re:

[Qzukk]

Don't the users have some responsibility for their own private data?

How? By never giving it to anyone? Never getting a loan, insurance, or a magazine subscription? Always working for cash under the table and never filing taxes? Any one of those things releases your address, phone number, billing information, etc. out of your control. At some point you have to say the data has changed hands and so has the responsibility to protect it.

Sure it was dumb (was it really dumb at the time though, or are we only

Re:

[grylnsmn]

I didn't say it was the user's fault, I asked whether they have some responsibility or not. That is a big difference.

In situations like this, there's usually more than enough blame to spread around. Sure, it's easy to just say that AOL was completely in the wrong and should have to pay for it, but that doesn't reflect the whole truth, does it?

Think of it this way, there are quite a few people who would never think of putting their own personal information into a search engine (I didn't, until this inciden

Re:

[SydShamino]

Yes, I've searched for my name, but I've found about a dozen others around the world with my same name (where are the privacy implications in that?).

Have you also searched for "Pizza Hut near ?" Voila, all those others with the same name are eliminated; it is clear that the search was about you. Piece together more searches, and it becomes clear that it was you, not about you. Then anything else you have ever searched for is correlated as well.

It isn't any one search that causes a privacy concern. As ot

It's the x-refs, not the data.

[Kadin2048]

I think you bring up a good point.

As a society, or at least as a subset of one, we need to discuss this. Where should the "expectation of privacy" be when one is using a search engine (or the Internet in general)? It's a very open question.

On one hand, most people I think realize that the query to the search engine is not 'private.' As in, you can go and view at any given time, all the things that are being typed in to Google. (At least you used to be able to, or maybe this was Yahoo.) At any rate, the quer

Re:

[geobeck]

You are probably foolish if you used AOL search...

Maybe we should just leave it at that.

Re:

[pclminion]

For example, if you have looked for a job in the last four years, you were foolish if you didn't search for your own name to see if your friends' blogs had descriptions of your late-night drinking binges and drug use. (You are probably foolish if you used AOL search to do this, but that's a different discussion.)

Why would it be foolish? AOL search is just Google, anyway.

Re:

[Kadin2048]

Why would it be foolish? AOL search is just Google, anyway.

Yeah, it's all the creepiness of Google, but without the "do no evil" oversight. What could possibly be wrong with that?

Re:

[pclminion]

Yeah, it's all the creepiness of Google, but without the "do no evil" oversight. What could possibly be wrong with that?

Ever hear the phrase "hindsight is 20/20?" And do you really think some "do no evil" corporate mantra is going to protect you until the end of the universe? I could say you're just as stupid for using Google (after all, didn't you realize that in May 2009 they're going to release all your search queries?)

Re:

[SydShamino]

Why would it be foolish? AOL search is just Google, anyway.
AOL search is just Google search, except that they are also your ISP and can conclusively and definitively aggregate all of your searches and assign them a unique identifier, then release them to the public.

Using Google search and clearing your cookies, you cannot be definitively matched to what you look for.

Users have been idenfitied

[MikkoApo]

From TFA:

At least two of the AOL users have been identified by name in press accounts, and people have speculated about the identities of others on various Web sites.

There was also an article at theregister, but I couldn't find it.

Re:

[pHZero]

The search terms were not linked to any specific person, however, each search term was linked to a user ID. So you can compile a list of all searches a specific person did.

Partner this up with the fact the some people may search for the name, credit card number, and social security number to see if they're posted anywhere, you have some serious privacy concerns.

Take for example, (and I'm making this up), user #5, these are his search terms:

Joe Schmo
014-56-1234
4729-1234-5678-9012
Pizza stores near 1 main str

Re:

[NFNNMIDATA]

If you look at the Something Awful website, they have a bunch that are just like that. They also have some that, while hilarious, indicate an alarming criminal intent by the searcher. So one wonders how long before some agency gets a whiff of this and demands access to the whole thing, mapped to the names and addresses of the account holders...