Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Execs at AOL Approved Release of Private Data?

Zonk posted about 8 years ago | from the thats-an-oops dept.

156

reporter writes "The New York Times has published a report providing further details about the release of private AOL search queries to the public. According to the report: 'Dr. Jensen, who said he had worked closely with Mr. Chowdhury on projects for AOL's search team, also said he had been told that the posting of the data had been approved by all appropriate executives at AOL, including Ms. [Maureen] Govern.' The report also identifies the other two people whom AOL management fired: they are Abdur Chowdhury and his immediate supervisor. Chowdhury is the employee who did the actual public distribution of the private search queries. He, apparently, has retained a lawyer."

cancel ×

156 comments

Sorry! There are no comments related to the filter you selected.

Poor Data (5, Funny)

krell (896769) | about 8 years ago | (#15955164)

First they demote him from being a lt. commander. Then they attach him to AOL. Somewhere Lore must be pulling the strings.

Re:Poor Data (1)

creimer (824291) | about 8 years ago | (#15955313)

Haven't you heard? Data was killed in the line of duty. This is B4 who's working at AOL.

retained a lawyer? (3, Insightful)

Quasar1999 (520073) | about 8 years ago | (#15955169)

At this point, why would you want to stay at your present job if you need a lawyer to keep it... even if you are successful, why would you want to stay, it's obvious you won't be liked by management, since they're trying to get rid of you... Or am I missing something?

Re:retained a lawyer? (2, Insightful)

krell (896769) | about 8 years ago | (#15955181)

"At this point, why would you want to stay at your present job if you need a lawyer to keep it"

Ask former President Clinton. Ask Bush after he concludes this term.

Re:retained a lawyer? (4, Insightful)

TheGreek (2403) | about 8 years ago | (#15955357)

At this point, why would you want to stay at your present job if you need a lawyer to keep it
Ask former President Clinton.
If I'm getting harassed at my current job, not only is it actionable, but chances are I can get another job elsewhere in the same line of work.

When you're President of the United States, you don't really have any recourse when Congress (a co-equal branch) starts issuing subpoenas, nor are similar jobs readily available.

Nice bad analogy, though.

Re:retained a lawyer? (1, Funny)

ConsumerOfMany (942944) | about 8 years ago | (#15955605)

When you're President of the United States, you don't really have any recourse when Congress (a co-equal branch)

Perhaps someone should tell bush that congress is a coequal branch of government. Even if congress did it themselves, I'm sure there would be a signing statement to the contrary....

Re:retained a lawyer? (3, Insightful)

TheGreek (2403) | about 8 years ago | (#15955649)

Perhaps someone should tell bush that congress is a coequal branch of government.
It might be more effective for somebody to tell Congress that Congress is a co-equal branch.

Each branch only has as much power as it chooses to exercise.

Re:retained a lawyer? (2, Insightful)

A beautiful mind (821714) | about 8 years ago | (#15955186)

I think a fair amount of cash must be playing some role in it.

Re:retained a lawyer? (5, Insightful)

mrchaotica (681592) | about 8 years ago | (#15955196)

Perhaps because being fired is a whole lot worse than quitting voluntarily... and more importantly, lets them avoid giving you the severance pay they would otherwise owe.

Personally, I know that if I were told by my boss to do something and then got fired for doing it, I'd be extremely pissed!

Re:retained a lawyer? (1, Insightful)

Intron (870560) | about 8 years ago | (#15955418)

The Nuremberg Defense. At some point, people are personally responsible for the things that they do regardless of whether they were following orders.

At a former job, we got a contract with the Navy to put our computer system on an aircraft carrier. One employee quit rather than work on a system that would be used to help kill people. Although I didn't have any qualms about that particular application, I understood her stand.

Re:retained a lawyer? (1)

ericspinder (146776) | about 8 years ago | (#15955564)

The Nuremberg Defense. At some point, people are personally responsible for the things that they do regardless of whether they were following orders.
So "killing millions on orders from psychopaths" == "releasing personal data on orders from idiots", I'm not buying it.

Nuremberg analogy is valid (2, Insightful)

aeoneal (728354) | about 8 years ago | (#15955714)

So "killing millions on orders from psychopaths" == "releasing personal data on orders from idiots", I'm not buying it.
Obviously they're not the same thing. But the Nurember analogy is still valid. To do a thing that you know to be wrong, that can lead to expanding the already-pervasive abuse of personal knowledge by so many large companies, is not justifiable because your boss told you to do it.

Today the "little guy's" only defense against being taken advantage of by major corporations and the government is information and the ability to think for himself. A major problem, though, is that even those few trying to think for themselves are at the mercy of the information they are given. That's the information on which they base their decisions. The more corporations and governments know about what we are interested in and find important, the more they can tailor the information we receive to influence in their direction.

Classic marketing and academic research isn't the issue here. The issue is our ability to choose. This is the same reason the Net Neutrality issue matters, because it can directly affect our ability to find good (useful, true) information. Even if these issues weren't considered when the data was released (and I'm sure they were), such sharing of personal data amounts to criminal negligence when caring for other people's quality of life, and yes, lives. Because among the people using this information are people who directly affect our ability to live and yet seem to be driven more by monetary concerns, such as pharmaceutical companies.

Re:Nuremberg analogy is valid (1, Insightful)

Anonymous Coward | about 8 years ago | (#15956294)

Stupid analogy.

The Nuremberg trials were judged by others, not the Nazi's themselves.

This guy did what his company told him to do, and then got fired by that same company.

He is responsible to the public for what he did, however he is NOT responsible to the company since he was following a directive. The responsibility falls on his boss if he approved it.

Re:retained a lawyer? (4, Insightful)

EndlessNameless (673105) | about 8 years ago | (#15955577)

The Nuremberg Defense didn't work at the Nuremberg Trials because the people involved did things that any sane person knows is terribly "wrong" according to just about every existing belief system.

Of course, don't let that small difference in scale dissuade you from bringing Godwin's Law into effect.

AOL did not provide any of the information necessary to identify the searchers. So while I disagree with the disclosure, this breach of privacy is on par with other acts of corporate idiocy I've seen, and based on that I would say that there wasn't any basis requiring him to refuse this order. There's no clear and compelling need to disobey an approved transfer of more-or-less anonymous data, unlike a situation where someone is ordered to kill innocent civilians by the truckful.

Finally, get a sense of proportion. Are you seriously comparing a poor privacy decision with a decision on a life-and-death matter? Tenuously exaggerated examples do not shore up tenuously supported arguments.

Re:retained a lawyer? (4, Informative)

TFGeditor (737839) | about 8 years ago | (#15955897)

"AOL did not provide any of the information necessary to identify the searchers."

Oh, really? A couple of NY Times reporters didn't let that stop them. They used the search data to find and interview User No. 4417749, Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga. Link to story below. Bugmenot login works.

http://www.nytimes.com/2006/08/09/technology/09aol .html?ex=1156392000&en=4908a895fec7a6a7&ei=5070 [nytimes.com]

Re:retained a lawyer? (-1, Flamebait)

Anonymous Coward | about 8 years ago | (#15956315)

No shit, dumbnuts. He said the made it somewhat anonymous. This is not the same as the search records having the actual users name. Your post isn't informative, it is Karma trolling by being contrary.

And everyone already knows about the case you are pointing to. it is old news here. You are simply taking things out of context, on purpose, for the goal of Karma whoring. Someone please mod this idiot down, then my post.

Re:retained a lawyer? (2, Funny)

omeomi (675045) | about 8 years ago | (#15955862)

At a former job, we got a contract with the Navy to put our computer system on an aircraft carrier. One employee quit rather than work on a system that would be used to help kill people. Although I didn't have any qualms about that particular application, I understood her stand.

The Clerks argument! My favorite! Was it okay to blow up the Death Star the second time, while it was being repaired? Do you think the average storm trooper knows how to install a toilet main? ;-)

Godwin already? (1)

ColdWetDog (752185) | about 8 years ago | (#15955927)

And it so early in the morning.

Re:retained a lawyer? (4, Interesting)

creimer (824291) | about 8 years ago | (#15955423)

Personally, I know that if I were told by my boss to do something and then got fired for doing it, I'd be extremely pissed!

That's when documenting your work is important. As a lead tester at Atari a few years ago, I was in situations that I could've been fired for except all my documentation pointed back to management. When a new boss told me to stop doing that, I told him I would not. Then it became a cat-and-mouse game for the next six months as he tried to get me fired without getting himself fired in the process. I eventually left on my own for "personal reasons" and it turned out I was the third person out of a dozen senior testers to leave that year when my boss became the department manager.

Re:retained a lawyer? (4, Interesting)

Silver Sloth (770927) | about 8 years ago | (#15955208)

What do you want on your CV
  • Sacked for gross incompetence
  • Left after being used as a scapegoat
The point of most unfair dismissal actions is not the money, it's the CV.

How about... (1)

deepb (981634) | about 8 years ago | (#15955465)

How about...

* Filed lawsuit against former employer due to wrongful termination.

Re:How about... (1)

Gospodin (547743) | about 8 years ago | (#15955588)

Yep, that's what I always look for when I'm sifting through resumes.

Re:retained a lawyer? (4, Insightful)

clickclickdrone (964164) | about 8 years ago | (#15955549)

>It's the CV
I know of one senior guy who worked for a well known credit card company. He was brought in to cut costs. On day one all the department heads were brought in one by one. He ignored everyone's plans and spreadsheets and just gave them a slip of paper with 500k, 1 million or whatever written on it and said 'that's your budget'. A few months later he had another 35m to lose and noticed a single dept that cost that. He ordered it shut down and the staff made redundant. Within a few months the company's income was in freefall - he'd sacked their most profitable sales team. He had to go grovelling to the board to explain, rehire as many as he could at inflated salaries and was then fired. You can bet his CV reads 'Worked for xxxxx, achieved 70 million cost cuts'

Re:retained a lawyer? (0)

Anonymous Coward | about 8 years ago | (#15955633)

What do you want on your CV
So, on your planet, what's on somebody's resume bears any resemblence at all to reality? How interesting. It doesn't work that way here on Earth.

Re:retained a lawyer? (1)

poot_rootbeer (188613) | about 8 years ago | (#15955756)

What do you want on your CV
        * Sacked for gross incompetence
        * Left after being used as a scapegoat


They're both equally effective at preventing you from getting hired anywhere else. The new HR director isn't going to give a sympathetic ear to your tale of scapegoatism, he or she is probably going to assume that you actually deserved the blame you got, and your story is nothing more than a save-face gesture.

Re:retained a lawyer? (1)

Silver Sloth (770927) | about 8 years ago | (#15955914)

A friend of mine was sacked for not getting on with his supervisor. The excuse used was Internet pr0n. When he finally won his unfair dismissal action the most important part of the settlement was not the money but the written, legally binding agreement that
  • He was deemed to have left voluntarily
  • No negative references
I wouldn't want to job hunt after being misused in that way, but far better to be job hunting as a winner, not a loser.

Re:retained a lawyer? (1)

owlnation (858981) | about 8 years ago | (#15955948)

In some cases yes, that's true. However, having an unfair dismissal case on your CV isn't going to make you look like a fun addition to a corporate team. Rightly or wrongly (actually only wrongly) it makes you look like a trouble maker - even if you were only rightly defending yourself and were supported by the court.

This, of course, sucks...

Re:retained a lawyer? (3, Funny)

Karma Farmer (595141) | about 8 years ago | (#15955220)

Slashdot: why ignore the article when you can ignore the summary?

Re:retained a lawyer? (5, Insightful)

Daniel_Staal (609844) | about 8 years ago | (#15955224)

The main point really is that he believes he was fired because he is being blamed for something that is not his fault: He did what he was told, and what he was told was authorized by his bosses and the appropriate people. Blaming the mailclerk for the mail isn't good policy. (He's a little more involved then a mailclerk I assume, but how much I don't know.)

Then, if he doesn't want to work there, he can quit. There is a huge difference in being able to tell a prospective employeer that you quit because of the culture of blame-passing, and having to tell them you were fired because you released private data to the public.

Re:retained a lawyer? (0)

Anonymous Coward | about 8 years ago | (#15955325)

Of course, with his named plastered up on the New York Times any prospective employer will know that he was involved anyway.

Re:retained a lawyer? (3, Insightful)

Captain Hook (923766) | about 8 years ago | (#15955388)

Which is where compensation comes in, if there is a reasonable chance he won't be able to work again then AOL should have to pay for ruining the guys career.

That of course, is assuming that he really is as innocent in all of this as he claims to be.

Re:retained a lawyer? (1)

pclminion (145572) | about 8 years ago | (#15955993)

That of course, is assuming that he really is as innocent in all of this as he claims to be.

I think "naive" is a better word in this case. Of all people, I'd expect a data mining academic to understand the potential ramifications of releasing search data. Maybe this guy's head was so far in the clouds above the ivory tower that it just didn't occur to him, but I somehow doubt it. More likely, the idea of getting a publication out was too attractive to worry about petty ethical considerations.

Re:retained a lawyer? (1)

poot_rootbeer (188613) | about 8 years ago | (#15955784)

He did what he was told, and what he was told was authorized by his bosses and the appropriate people.

I recall similar defenses were raised at Nuremberg, and didn't go over very well.

Blaming the mailclerk for the mail isn't good policy.

Maybe not, but I guarantee you that every day there are dozens of mailclerks, helpdesk technicians, and professionals of all stripes who are fired for things for which they do not actually deserve any of the blame.

Re:retained a lawyer? (1)

Daniel_Staal (609844) | about 8 years ago | (#15956082)

The flaws in the Nuremburg defense are if the person executing the order can reasonably be sure the order itself is illegal or immoral. It is not always a bad defense. If they have no reason to believe there was not a good reason to obey the order or instruction, the blame for the action should be given to those who issued the order.

"I was just following orders" is an attempt to pass the blame. Sometimes the blame legitmately needs to be passed to those responsible, and sometimes it doesn't. Ignoring the attempt offhand does not help justice.

Re:retained a lawyer? (1)

RingDev (879105) | about 8 years ago | (#15955237)

Getting fired likely means he loses his severence package. Not to mention the black mark on his resume over this. How is it going to look when he goes up for his next interview when he was used as a scape goat for the issue at AT&T. He has to fight, if for no other reason then to maintain his appearance.

-Rick

Re:retained a lawyer? (1)

tnk1 (899206) | about 8 years ago | (#15955245)

He doesn't want to work for AOL, I'm sure. He just wants to collect money off them for firing him.

Re:retained a lawyer? (4, Insightful)

szembek (948327) | about 8 years ago | (#15955308)

Maybe it's not about getting fired. Maybe he's afraid of lawsuits coming his way if he is primarily blamed for authorizing the release of data.

Re:retained a lawyer? (1)

B11 (894359) | about 8 years ago | (#15955413)

Considering the fact that their trashing his name and hanging this debacle on him, it makes sense to get a lawyer. AOL also fired the "retention agent" over that phone call we all heard. Of course he was doing what he was told to do. Scapegoating lower level peons seems to be modus operandi for AOL [consumerist.com] .

Re:retained a lawyer? (1)

Moqui (940533) | about 8 years ago | (#15955496)

The rep was not "following procedure as AOL told him to". He was fired for being a general jackass on the phone to a customer. Did AOL's service centers have some suspect processes? Most certainly. However, the rep went far and beyond those on the call with Vincent Ferrari.

Re:retained a lawyer? (0)

Anonymous Coward | about 8 years ago | (#15955521)

He was fired for being a general jackass on the phone to a customer.

That is laughable.

Re:retained a lawyer? (1)

B11 (894359) | about 8 years ago | (#15955680)

I've worked in sales, if you're "hitting the numbers," not only are they going to turn a blind eye to aggressive tactics, but you'll be praised and be set as an example to fellow employees. Maybe (big maybe, I doubt it was on the radar until it hit the internet) corporate AOL had a problem with it, but I highly doubt the supervisiors in the trenches saw it as going "too far."

Re:retained a lawyer? (1)

diersing (679767) | about 8 years ago | (#15955416)

At this point, its not about staying. Its about making AOL look bad and improving the severance package. AOL fired him because of the action he took, he'll claim it was a code red and that he was acting in good faith that the proper AOL people approved it and he's the scapegoat. AOL has deep pockets and will work hard to make this whole transgression go away as fast as possible up to and including making paymnets to those that want to keep in the news.

Re:retained a lawyer? (1)

omeomi (675045) | about 8 years ago | (#15955802)

At this point, why would you want to stay at your present job if you need a lawyer to keep it...

Wrongful termination is definitely worth going to court over. If he was working under the direct orders of top executives at AOL, he didn't do anything wrong. Had he refused to post the info, he probably would have been fired. I'm okay with the execs being fired, but he's just a guy that did what he was told.

Re:retained a lawyer? (1)

hauntingthunder (985246) | about 8 years ago | (#15956075)

Well I would imagine that various layers crawled out of woodwork and aprached him And if you'd been argably screwed by you employer - Id want a lawyer and I bet id get a better class of lawyer ;-) Its interesting if he folowed the rules and got aproval AOL might be in trouble in the courts

Re:retained a lawyer? (1)

SatanicPuppy (611928) | about 8 years ago | (#15956188)

On the one side, I can see making the argument, "Hey, I only did what my boss told me to do" and he may even be able to win in court with that argument.

However, I think that a technical person should have damn well known better than to do something like that, and I think that if such an individual was working under me, I very well might can him right along with his boss just for making a seriously poor judgement call.

Possible Solution (0)

Anonymous Coward | about 8 years ago | (#15955174)

Mr. Bankston suggested that this was the kind of response that he and other privacy advocates feared. "This is not just AOL's problem," he said. "This is an industrywide problem that needs industrywide solutions."
Here's a potential solution to your "industrywide problem": Stop treating us (your users) as nothing more than a market. We're individual human beings. Right now, we just look like sacks of money to you and your "research" consists of trying to extract that money from us.

Re:Possible Solution (3, Funny)

CDMA_Demo (841347) | about 8 years ago | (#15955256)

Here's a potential solution to your "industrywide problem": Stop treating us (your users) as nothing more than a market. We're individual human beings. Right now, we just look like sacks of money to you and your "research" consists of trying to extract that money from us.
I agree, users are people too. To prove your point, here is a gem: http://www.somethingawful.com/index.php?a=4016 [somethingawful.com]

Re:Possible Solution (0)

Anonymous Coward | about 8 years ago | (#15955287)

Users are not even a market, they're a commodity. And, by the way, they should be called "customers", because it's not like they really "use" anything, they can only do the stuff they're allowed to.

Re:Possible Solution (2, Insightful)

tnk1 (899206) | about 8 years ago | (#15955685)

Mr. Bankston suggested that this was the kind of response that he and other privacy advocates feared. "This is not just AOL's problem," he said. "This is an industrywide problem that needs industrywide solutions."

Not even close to that simple. AOL didn't stand to make any money off this situation. The data was provided entirely "altruistically" for the benefit of researchers.

And what are these researchers "researching"? They are studying how to make searches more relevant, among other things.

Will more relevant searching make a buck for someone? Well, it's done wonders for Google, but the release of this data isn't making that research an AOL property. And we love Google because it gives us what we want to see up front, without digging for it.

In the end, the release of this data is a good thing, but the implementation of the release failed badly. Nevertheless, we *want* this data to get out, we just don't want it to get out in any way that can tag individuals.

Re:Possible Solution (5, Insightful)

trevor-ds (897033) | about 8 years ago | (#15955739)

That's a bit cynical, don't you think?

If they really wanted to make the most money possible, they would have sold these logs (non-anonymized) to the scores of direct marketers that I'm sure would love to have this data. Instead, they packaged it up and tried to make it available to academic researchers. These researchers honestly just want to make better search engines that run faster and return better results. Furthermore, when academics come up with a great new idea, it gets published so that anyone can read it.

Every once in a while, someone suggests an open source search engine. Check out Nutch [nutch.org] if you want to see work in this area. However, if open source search solutions are going to be any good at all, they'll have to rely on the decades of public, published information retrieval research that's already out there.

We are entering a time when companies are capable of totally outpacing academia because they have query log data, so they know exactly what users actually do. There is no way that an academic can get this kind of data unless a company releases it. Researchers at AOL, in good faith, tried to release data so researchers could have a chance at success. Ultimately, of course, that's good for AOL since they're not in the top three search engines out there. Public research can only help raise AOL's standing by helping to level the playing field. But, it's good for you too, because you can build your open source solution based on this research too.

Yes, the release was botched, and yes, the long term user identifiers were a mistake. But don't make AOL out to be some evil company that was only out to destroy your privacy. They made a mistake!

Re:Possible Solution (1)

pclminion (145572) | about 8 years ago | (#15956072)

Here's a potential solution to your "industrywide problem": Stop treating us (your users) as nothing more than a market. We're individual human beings. Right now, we just look like sacks of money to you and your "research" consists of trying to extract that money from us.

If you want to be treated as a person, then limit your interactions to other people, not corporations. What the hell do you expect from a FACELESS ENTITY?

Why are people continually shocked at the behavior of corporations (which are entities conceived for the sole purpose of MAKING PROFIT)? Does it suck? Yeah, it sucks. Does bitching about it make any more sense than complaining about the lack of whiskers on a lizard? Nope.

Have I been misinformed? (0)

Anonymous Coward | about 8 years ago | (#15955189)

I thought they were all proud about releasing the data, at first anyway. I seem to recall reading the odd story that spun it that way. Maybe it was just conjecture (journalists are often self-aggrandizing idiots) but it showed up in more than one article, IIRC.

Now they're firing people over it. Isn't that a bit stupid? These people would have been fired on 0-day if they'd been taking liberties to do it.

Re:Have I been misinformed? (0, Redundant)

LnxAddct (679316) | about 8 years ago | (#15955748)

I believe AOL was very pleased at first. This was AOL thinking they were looking cool and hip and gaining "cred" with the tech community. And then the tech community flipped them off and pointed out the significant issues with releasing the data.
Regards,
Steve

Obviously (4, Interesting)

Anonymous Coward | about 8 years ago | (#15955193)

Almost everything a company does, especially publicly has to have multiple stamps of approval. Can't even order a pencil without paperwork. Right now AOL is headhunting for scapegoats to sacrifice to appease the masses. This had to have nearly everybody OKing it, if it was a mistake it would have gotten yanked back a LOT faster and legal actions would be pending, they aren't threatening anybody yet because they probably don't want their own records being pulled out and becoming massivly liable.

Not at all sure about why they thought it was a good idea, they must have thought the ID numbers were sufficient to conceal identities which also shows the lack of security knowledge most executives have.

Re:Obviously (0)

Anonymous Coward | about 8 years ago | (#15955336)

Maybe those who OKed it know what aggregate data is, and those who generated it do not. I've heard so many people refer to this as agregate data that I want to vomit, or "politely" ask how and what it was agregated from.

Re:Obviously (1)

MindStalker (22827) | about 8 years ago | (#15955517)

well see, they aggregated all the people who searched for X and Y and Z and added them together and assigned that a number. So what if the aggregate generally turned out to be 1 case.

Yes I've seen MANY people aggregate too many variables or extremly unique variables then act surprised that it didn't really aggregate.

Naturally (0)

Anonymous Coward | about 8 years ago | (#15955198)

<cynicism>Future careers at the DOJ will more than compensate for their troubles.</cynicism>

Personal Matters (5, Funny)

kurrik (776253) | about 8 years ago | (#15955211)

"An AOL researcher who put the queries online and a manager overseeing the project were dismissed, according to an AOL employee who did not want to be identified because the company does not comment publicly on personnel matters."
Yeah, wouldn't want anyone's privacy to be compromised??

You've got... (1)

coolhaus (186994) | about 8 years ago | (#15955213)

...a subpoena!

Mr. Chowdhury is a comedic GENIUS! (5, Funny)

Jakhel (808204) | about 8 years ago | (#15955215)

who else would have the phenomenal insight to give us such gems as

http://i.somethingawful.com//sasbi/2006/08/docevil /8-21-06_21.gif [somethingawful.com]

http://i.somethingawful.com//sasbi/2006/08/docevil /8-13-06_26.gif [somethingawful.com]

and of course

http://i.somethingawful.com//sasbi/2006/08/docevil /8-21-06_9.gif [somethingawful.com]

Who the hell cares? (0)

Otter (3800) | about 8 years ago | (#15955243)

I haven't followed this story so correct me if I'm wrong but -- the "private data" here were just search terms with no user identification, right? Just like the data that Google so bravely refused to give the US government right before they announced their deal with China?

If that's the case, who the hell cares? Admittedly, I'm not a big tinfoil hat-ist anyway, but even if I were this would rate way low on my list of concerns, below the hundreds of ways personally identifiable data about me is being shared.

Re:Who the hell cares? (0, Troll)

99BottlesOfBeerInMyF (813746) | about 8 years ago | (#15955293)

I haven't followed this story so correct me if I'm wrong but -- the "private data" here were just search terms with no user identification, right?

It was a bit more than just search, it was complete records of internet usage from the ISP.

If that's the case, who the hell cares?

In many cases it is simple to piece together who a user is from these records and some of the data mining potential is more than a little invasive. This is stuff like someone who routinely edits a myspace page with personally identifying information on it and the online stores and Websites they've visited. Gee someone edits John Smith's page and they have been looking at resources for dealing with HIV. Well they won't be winning the local county seat election now will they?

Re:Who the hell cares? (1)

merlin_jim (302773) | about 8 years ago | (#15955399)

It was a bit more than just search, it was complete records of internet usage from the ISP.

No it wasn't, it was strictly search terms and if they clicked on a link, what link they clicked on - that's it

Re:Who the hell cares? (1)

db32 (862117) | about 8 years ago | (#15955303)

Except that some reporters used it to personally identify a 60yr old woman in flordia IIRC. They had her verify that those indeed were her searches and she explained what they were about. So...the concern here is that you CAN be identified by your searches without "personally identifiable information". Now tack that on to "how to murder wife" searches and "how to build bomb" searches and "child pornography" searches, hand it over to the government, and now there is a bit of an issue. You get arrested because a string of child porn searches came from your computer...you should have told your 17yr old daughter to do her english final on child pornography. I think we have established a nice trend of arrest first think...maybe later. God forbid you were searching for anything that could possibly be terrorist related...islam, bombs etc...looks like your thriller novel will never hit the shelves because you have been 'detained for questioning'.

Re:Who the hell cares? (0)

Anonymous Coward | about 8 years ago | (#15955307)

Yes, the user names were replaced with unique numbers. However, it is possible to figure out who made the searches. I don't use AOL, but i have Googled for my real name and my Slashdot ID, just to see what comes up. I've used Google Maps to plot directions from my house to various other locations (in retrospect, putting my real address into Google Maps wasn't a good idea). Anyway, these searches, combined with my other searches could reveal a lot about me.

Re:Who the hell cares? (4, Interesting)

SydShamino (547793) | about 8 years ago | (#15955311)

>>> so correct me if I'm wrong

You're wrong.

The IP address or user name of the person who searched has been removed, but it was replaced with a unique identifier that tracked all of the searches by the same person.

Many people search for things related to themselves. For example, if you have looked for a job in the last four years, you were foolish if you didn't search for your own name to see if your friends' blogs had descriptions of your late-night drinking binges and drug use. (You are probably foolish if you used AOL search to do this, but that's a different discussion.)

CNN ran a story where they were able to track down one older lady, just because she searched for her last name, searched for "drugstores near " or somesuch, and was the only person in her area with that name. They confirmed with her that the searches were hers. (She has a dog with problems urinating on her carpet, and she has friends with lots of diseases that she "researches" for them.) They picked someone to track down who hadn't searched for anything "naughty", but that doesn't mean they couldn't have if they had wanted to.

Re:Who the hell cares? (1)

grylnsmn (460178) | about 8 years ago | (#15955425)

But the important question is, is it AOL's responsibility for what users decide to search for?

How is AOL supposed to know if a subset of data includes privacy data? A 9-digit number could be a SSN, but it could also be a phone number (not all countries use 10 or 7 digits), an ISBN (minus the check digit), or any number of other numbers. A 16-digit number (or 15 digits) isn't necessarily a credit card number. Just because someone puts an address into a search engine doesn't mean that it's their own address.

Don't the users have some responsibility for their own private data?

But then, I'll probably be modded down (like what happened in the last discussion) for not being slashdotically correct, or something.

Re:Who the hell cares? (2, Interesting)

MindStalker (22827) | about 8 years ago | (#15955533)

People generally feel comfortable with the notion that their search queries are private. Sure they may not be private, but they feel private. Sure your phone conversations arn't completly private, but the phone comapny can't just dump your conversations onto the public.

Re:Who the hell cares? (1)

Qzukk (229616) | about 8 years ago | (#15955701)

Don't the users have some responsibility for their own private data?

How? By never giving it to anyone? Never getting a loan, insurance, or a magazine subscription? Always working for cash under the table and never filing taxes? Any one of those things releases your address, phone number, billing information, etc. out of your control. At some point you have to say the data has changed hands and so has the responsibility to protect it.

Sure it was dumb (was it really dumb at the time though, or are we only saying this in hindsight, knowing now that the data would be given to whoever wanted it? Being able to find things near me is quite useful, I'd hate to always dine two cities over just to "throw off the trail") to have put in your own ssn or home address into the search engine, but saying that it's the users' fault that the data got released is like saying that it's my fault if someone breaks into my house and shoots me in the face with my own gun, just because I kept it loaded. Philosophers have debated the nature of "fault" for millenia, leading to concepts such as "attractive nuisance", however generally speaking blame is assigned to the person who committed the act, and only slightly shared with people who set up the environment for the act to occur.

Re:Who the hell cares? (1)

grylnsmn (460178) | about 8 years ago | (#15955869)

I didn't say it was the user's fault, I asked whether they have some responsibility or not. That is a big difference.

In situations like this, there's usually more than enough blame to spread around. Sure, it's easy to just say that AOL was completely in the wrong and should have to pay for it, but that doesn't reflect the whole truth, does it?

Think of it this way, there are quite a few people who would never think of putting their own personal information into a search engine (I didn't, until this incident happened, and I still wouldn't put my credit card or SSN into any search engine). Yes, I've searched for my name, but I've found about a dozen others around the world with my same name (where are the privacy implications in that?).

Out of the tens of thousands of searches that they released, there were, what, about 100 or so numbers that may have been SSNs? We're talking about an infintesimal proportion of the data.

At what point would it have been acceptable? If there was only one possible SSN? Or do you insist on perfection?

If you are insisting on perfection, then I would suggest that your problem isn't with the privacy data, but with any data being released. If that's the case, don't lie and make it seem like it's just the privacy data that you are up in arms about.

Ultimately, it does fall to the users to remember that any information that they give to another party becomes the property of that party (except as otherwise defined by law, or negotiated in a legal agreement or contract). At that point, they can do what they wish with that information.

It's the x-refs, not the data. (2, Interesting)

Kadin2048 (468275) | about 8 years ago | (#15956250)

I think you bring up a good point.

As a society, or at least as a subset of one, we need to discuss this. Where should the "expectation of privacy" be when one is using a search engine (or the Internet in general)? It's a very open question.

On one hand, most people I think realize that the query to the search engine is not 'private.' As in, you can go and view at any given time, all the things that are being typed in to Google. (At least you used to be able to, or maybe this was Yahoo.) At any rate, the queries themselves are not secret.

However, what freaks people out is that one query can be associated with another. So if I type in my name, I expect that somebody on the far end knows that I'm searching for my name. However, what people don't expect, is that it's possible to link together all the searches that they've made (potentially across multiple computers, if there's a login system). So that my search for my name today, could be cross-referenced with my search for restaurants in a particular area tomorrow, and cross-referenced further with some street address I search for the day after that.

Individually, only a very naive person would expect a query to be private. However, it's the cross-referenced information sorted by particular users that is concievably private, because it reveals much more than simple queries do.

Let's imagine for instance that AOL had released the same number of searches, but instead of listing the IP address (or a unique identifier that's matched 1:1 with an IP address) they just gave a time/date stamp when it was made. We probably wouldn't be having this conversation, and a few executives would still have their jobs.

Where people expect some sort of privacy (reasonably or not) is in not having one particular "search session" linked to other ones. In fact, I bet that most un-technical people probably think that they can close their browser, and thus 'start over'...not realizing that when they start searching again, it just continues adding to a list of queries from earlier. That "recordkeeping" is where the perceived invasion occurs, not in the lack of secrecy of the terms themselves.

Re:Who the hell cares? (1)

geobeck (924637) | about 8 years ago | (#15955731)

You are probably foolish if you used AOL search...

Maybe we should just leave it at that.

Re:Who the hell cares? (1)

pclminion (145572) | about 8 years ago | (#15956046)

For example, if you have looked for a job in the last four years, you were foolish if you didn't search for your own name to see if your friends' blogs had descriptions of your late-night drinking binges and drug use. (You are probably foolish if you used AOL search to do this, but that's a different discussion.)

Why would it be foolish? AOL search is just Google, anyway.

Re:Who the hell cares? (1)

Kadin2048 (468275) | about 8 years ago | (#15956272)

Why would it be foolish? AOL search is just Google, anyway.

Yeah, it's all the creepiness of Google, but without the "do no evil" oversight. What could possibly be wrong with that?

Users have been idenfitied (1)

MikkoApo (854304) | about 8 years ago | (#15955321)

From TFA:

At least two of the AOL users have been identified by name in press accounts, and people have speculated about the identities of others on various Web sites.
There was also an article at theregister, but I couldn't find it.

Re:Users have been idenfitied (0)

Anonymous Coward | about 8 years ago | (#15956080)

There was also an article at theregister, but I couldn't find it.

Good post, thanks for making Slashdot a better place.

Re:Who the hell cares? (2, Insightful)

pHZero (790342) | about 8 years ago | (#15955396)

The search terms were not linked to any specific person, however, each search term was linked to a user ID. So you can compile a list of all searches a specific person did.

Partner this up with the fact the some people may search for the name, credit card number, and social security number to see if they're posted anywhere, you have some serious privacy concerns.

Take for example, (and I'm making this up), user #5, these are his search terms:

Joe Schmo
014-56-1234
4729-1234-5678-9012
Pizza stores near 1 main street, oakland, CA

Would you want this released to the public? What if some more of his search terms were:

How to divorce your wife
divorce lawyers
dating websites
how to cheat on your wife
russian brides

Ok, granted maybe you don't agree with what he's doing here, but is it right for this to be public??

Just because they approved it... (1)

SheeEttin (899897) | about 8 years ago | (#15955244)

Just because they approved it, it doesn't mean they thouroughly understood how it worked. For example, what if they were told that lists of searches (and results, if I understand this) were going to be released, with user-identifying information hidden? If they weren't told that they were replaced with unique IDs (which could be connected to a person if identifying data were to be entered), then they could not know this without doing a little research. Executives don't just get salaries for making decisions, sometimes they have to do work--but sometimes, they just decide without doing work.

I've completely forgotten what my original point was, so I'll stop here.

Re:Just because they approved it... (1, Informative)

Anonymous Coward | about 8 years ago | (#15955454)

The reason that the exec's approval is an issue is not because we expect the execs to know what the heck they are looking at, but because they are the custodians of the "process".

I can entirely believe that the execs didn't know the full implications of what they were looking at, or didn't have a clear idea of what could be done with the data. I'm sure that they cared that the data was anonymized, and it *was*, just not well enough.

However, even though they sometimes like to come off as knowing what they are talking about technically, execs didn't *need* to be able to project all the possible uses of the data set. The problem is that they did not ensure that it was referred to the right internal specialist agency that did know what could be done with it.

When this hit inside AOL, everyone was surprised by it. Initially the only alarm inside AOL was some calls where the NetOps people were saying that traffic had taken down a switch, and could you please investigate. At the same time, Operations Security opened an investigation because they thought there was an intrusion on the machine. The release of the data wasn't even really more than a blip on anyone's radar until some people started reading the news. The interest for this was supposed to be so low, that no one really even set up any sort of high bandwidth solution for it. It was just on a 100Mbit switch that had various other hosts on it. The flood of data from the requests actually took down a registration server on the same switch, which had an effect on other AOL services.

Everyone in Search, Ops and Dev, I talked to mentioned that this information had been demoed to the execs, which I assume included the CTO (Govern). I will say, though, that it is interesting that she has had to fall on her sword for this, because really, she's was the least likely exec in the company to have known the full privacy procedures, having been only recently hired and focused on Video Search. Not to mention with Video Searchbeing released, this is a really crappy time to lose the CTO.

Chowdhry was mentioned in discussions as probably the most likely person to be canned, but it's surprising that they actually did it, because he has a fairly decent footprint in the Search organization. I suppose he probably should have "known better", but I don't know if firing him was the best idea for the company.

People at AOL don't like how the execs are trying scapegoat people for this. Miller is trying to make a PR statement that "we got the bad apples". Well, none of those "apples" were "bad", as far as I can tell. The process is what failed, and AOL has a lot of process problems. Hopefully they decide to fix those without simply making us go to some stupid class about the existing process (which failed).

Anyway, looks like we'll be getting a new CTO... and I was just done unpacking from the last re-org (instituted by Govern). Fun times ahead.

think of the children (5, Funny)

bigdavex (155746) | about 8 years ago | (#15955249)


The Justice Department has repeatedly signaled its strong interest, through continued conversations with Internet companies and members of Congress, in having the data retained to help it fight terrorism and child pornography . .

I bet they have a stamp that says that.

think of the *animals* (1)

exp(pi*sqrt(163)) (613870) | about 8 years ago | (#15956286)

Children? After reading some of those search queries it's the dogs I'm worried about.

What should we expect (1)

madleo (810299) | about 8 years ago | (#15955255)

From Mrs. Govern besides pretty much what the Government does with our search queries? Nothing else than this! :D

One good thing came from this... (1)

erroneus (253617) | about 8 years ago | (#15955295)

...if ever there was any public doubt about how dangerous the release of search query data could be, this should do a lot to prove to "the public" otherwise.

And with this improvement in public awareness of how important it is to have private data safe-guarded and controlled, I think we'll see a little more interest in what business and government does with private data. I think that ultimately, we need to get a LOT more aggressive over the misuse of the SSN (social security number) and forever separate the SSN from the credit and banking systems.

Re:One good thing came from this... (1)

Doctor Faustus (127273) | about 8 years ago | (#15956044)

I think that ultimately, we need to get a LOT more aggressive over the misuse of the SSN (social security number) and forever separate the SSN from the credit and banking systems.
Which ID is used isn't the problem. The problem is that a simple ID is being used as both an ID and a password.

Missing the story (0)

Anonymous Coward | about 8 years ago | (#15955397)

Is anyone else ticked off that the mainstream media is upset that the fact this program was going on was leaked, but they're not upset at the program itself? It's like Bush and the NSA spying on average Americans. How dare the news get out! The guys who released the data did us a favor by pointing out what was going on inside AOL.

Internal AOL e-mails announcing new privacy plan (1, Informative)

Anonymous Coward | about 8 years ago | (#15955401)

Good Morning Silicon Valley's got two internal AOL e-mails [siliconvalley.com] announcing the CTO's "resignation" as well as AOL's 4 part plan to become an industry leader in privacy. Excerpt:

  1. Creation of a task force, led by Ted Leonsis and Randy Boe, with senior representatives from corporate communications, integrity assurance, product and marketing, to develop new best practices in this rapidly evolving area. Among other issues, the task force will look specifically at how long we should save data, including search data, and will make recommendations to improve the AOL Privacy Policy and our privacy practices company-wide.
  2. Additional restrictions on access to databases containing search data and any other potentially sensitive member data, regardless of whether that data is linked to individual member accounts.
  3. Evaluation and development of new systems to help ensure that sensitive information is not included in research databases.
  4. Education and awareness programs for employees -- at all levels -- on how to protect sensitive information and address privacy issues.

There is no privacy (1)

gelfling (6534) | about 8 years ago | (#15955419)

And empty suits like the weenies at AOL are just kneejerking to respond to some soccermom who screamed at them at the PTA meeting last night. Heads will roll, I didn't know thanks for your helpful crticism etc etc etc.

Whereas they're probably just mad at someone for forgetting to SELL the information.

A humble, novel suggestion (1)

MikeRT (947531) | about 8 years ago | (#15955437)

WikiSearch anyone? It's about time that people started realizing that these companies are not going to make this easy on anyone. I would gladly pay $5-$10/month to pay for the bills of an open source, accountable search service that doesn't keep so much data on me it makes the Stasi look like amateurs.

Re: Execs at AOL Approved Release of Private Data? (0)

Anonymous Coward | about 8 years ago | (#15955447)

It just wants to be free! (2, Funny)

edmicman (830206) | about 8 years ago | (#15955515)

Whatever happened to the "information just wants to be free" argument? Where's that now?

Freeeedom! (3, Funny)

alienmole (15522) | about 8 years ago | (#15955663)

I'd say this only proves the point - this information wanted to be free badly enough to escape from AOL, leaving a trail of career destruction in its wake!

Re:It just wants to be free! (0)

Anonymous Coward | about 8 years ago | (#15955989)

Whatever happened to the "information just wants to be free" argument? Where's that now?

At Gitmo. Information is accused of terrorism.

Re:It just wants to be free! (2, Insightful)

MMC Monster (602931) | about 8 years ago | (#15956146)

Information wants to be free. Information also wants to be expensive. It depends on the type of information you are talking about.

Is it okay to use the data anyway? (2, Interesting)

dthomas731 (761616) | about 8 years ago | (#15955662)

I have read many articles on the analysis of the released AOL data. Some of the articles start off something like this:

"I think the release of this data is a breach of privacy and should never have been made public. But ..."

Then they present their analysis. My question is if you are going to preach on the evils of releasing the data then do you have the moral right to analyze it? I think not.

This is why "free" is bad (1)

cdrguru (88047) | about 8 years ago | (#15955781)

Let's see here... we have various free services that are available to everyone on the Internet. These free services aren't free to operate - they cost significant amounts of money to do so. Where does the money come from?

The first place is of course advertising. Having people pay to push their message at the unsuspecting people that are using the service. Eventually the ads become all-pervasive and lose some of their value. Where we are today is that banner ads are almost worthless and Google has made selling text-only ad space the only means of support for many free sites.

The one that a lot of people do not understand is that just the use of the service also has value - and informational value. This information can be collated, organized and distilled and sold. There are people that would like to know how many times the word "Viagra" was searched for on Google. This information is available, for a price. Similarly, Ford would like to know how many people in Indiana search for Toyota, Dodge or Chevy. Again, this is a source of revenue for so-called free services.

What some people posting here do not see to get is that their use of these free services is being tracked and data mined. Some of this is just to keep the service running. It is important to know that when a new album is released by Madonna that everyone will be searching for a way to download it. This can change the resources required to operate a search service. There are similar resource requirement changes in all such systems and the data required to maintain them is certainly being tracked, monitored and used. Some of it is also sold because it has value.

Could there be a search engine or an IM service that didn't data mine or sell ads? Sure, but why would anyone pay $50 a month for a search service if there was one that was free? Some particularly paranoid types might to keep their porn searches private, but the majority would not. The amount of data that can be mined from free services (forums, blogs, search engines, IM systems, etc.) is incredible and as more and better data mining is implemented, the greater value this will have.

Isn't free wonderful?

Actually, unfree aint so great either (1)

joebob2000 (840395) | about 8 years ago | (#15956274)

Telecom companies can do a lot of this stuff just as well, if not better than google and they are getting paid quite well. That does not stop them from selling your name to spamlists, or selling phone records to government spies.

There is a moral bankruptcy in this society that ensures that anything goes as long as you get what you want and can get away with it. Individuals have no strength or bargaining power to defend themselves against corporate predation, except by not using the service.

Until people start balking at bad TOSes en masse, there can be no change. Unfortunately, most individuals feel that as long as they get what they want, there is no need to make a fuss.

huh? (0, Troll)

rice_burners_suck (243660) | about 8 years ago | (#15955783)

It looks like nobody is ever going to trust AOL again after this debacle. What a mess for AOL. What a mess for the 200,000 some people whose searches were given to the whole world to look at gleefully and laugh at them. This is so embarassing.

Just waiting... (1, Redundant)

Overfiend1976 (979710) | about 8 years ago | (#15955940)

I'm just waiting until AOL finally curls up and dies. Been waiting for over a decade now...but it seems like the wait may get substantially shorter now.

The Real Problem (3, Insightful)

Nom du Keyboard (633989) | about 8 years ago | (#15956179)

The real problem isn't that they let this data escape.

The real problem is that they shouldn't have been keeping it in the first place!

If it can harm a consumer by its release, then it can harm that same consumer by the fact that the have it in their possession in the first place. Just how is AOL that much better or more trustworthy than the world at large?

Film at eleven. (1)

/dev/trash (182850) | about 8 years ago | (#15956262)

Pope Catholic.
Bear craps in woods.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>