AOL screwed up
The Washington Post ran an article today about an unbelievable thing that AOL did this week. They knowingly released the search records of hundreds of thousands of users on a public website for "research purposes." The search information was not equated to actual names but apparently to a unique numeric sequence.
I was quoted in the article as worried about the privacy ramifications because it's not that hard to correlate someone's identity with some search terms. For instance, people often search on themselves or their addresses, their company, etc. These particulars could be matched up to potentially embarassing questions like "what happens if i have sex and my toenails turn blue?" or "how long can my wife hold her breath underground with her hands tied with duct tape?". There is at least one murder case where search terms provided key evidence. A man named Robert Petrick was convicted of killing his wife on evidence including a search history with the words "neck", "snap" and "break."
The really appalling thing here is that AOL didn't have any procedures in place internally to stop this sort of thing from happening. Search data is sensitive and it should have required a very senior executive to authorize disclosure. The fact that a research flunkie, generally not known as the most prestigious job in a tech company, could do this on their own cognizance, speaks volumes about AOL's general disdain for their customers' privacy.
I do not use AOL and never have. Perhaps consumers should start evaluating an online service by the level of respect shown for personal information (including search terms.) If so, judging by this incident, AOL has failed miserably.
Posted on August 08, 2006
