Troll Kingdom

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Big Brother AOL

AOL Takes Down Site With Users' Search Data

By Ellen Nakashima
AR2006080701150.html

Tuesday, August 8, 2006

AOL issued an apology yesterday for posting on a public Web site 20 million keyword searches conducted by hundreds of thousands of its subscribers from March to May. But the company's admission that it made a mistake did little to quell a barrage of criticism from bloggers and privacy advocates who questioned the company's security practices and said the data breach raised the risk of identity theft.

"This was a screw-up and we're angry and upset about it," the company said in a statement. "Although there was no personally-identifiable data linked to these accounts, we're absolutely not defending this. It was a mistake, and we apologize."

The posted data were similar to what the U.S. Justice Department had been seeking when it subpoenaed Internet companies, including AOL, last year. AOL complied and handed over search terms that were not linked to individuals. Google Inc. fought the subpoena in court and won.

The AOL data was posted at the end of last month on a special AOL Web site designed by the company so researchers could learn more about how people look for information on the Internet. The company removed the data over the weekend when bloggers discovered it.

The Washington Post did not review the full 439-megabyte data set but contacted bloggers who had looked at it.

For the posted data, each person using AOL's search engine was assigned a unique number to maintain anonymity, the company said. But some privacy experts said scrutinizing a user's searches could reveal information to help deduce the person's identity.

Michael Arrington, editor of the blog TechCrunch, said some of the data contained credit card numbers, Social Security numbers, addresses and names.

"People put anything they can think of into the search boxes," he said.

Based on his analysis so far, out of 20 million queries, the number that contained sensitive personal financial information such as credit card and Social Security numbers is probably "in the hundreds," he said.

"Most people aren't stupid enough to type their Social Security numbers in a search engine, but it's definitely enough to make AOL look stupid," he said.

Some bloggers said some of the information available included queries on how to kill one's spouse and child pornography.

Experts said people search for all sorts of personal data -- including their own names -- with the assumption that it will remain private.

"I search on myself," said David H. Holtzman, president of GlobalPOV, a blog and consulting firm on privacy and security and author of the forthcoming book "Privacy Lost." "Now you think you have a disease or you have some emotional issue -- I'm a single parent and I'm always looking for things. All of a sudden there's a correlation between my name and something very private that I don't expect to have dumped all over the Internet."

Kevin Bankston, an attorney with the San Francisco-based Electronic Frontier Foundation, said AOL's apology was appreciated but the damage had already been done.

"The horse is out of the barn," he said. "The data's out there and been copied. This incident highlights the dangers of these companies storing so much intimate data about their users."

The mishap was rooted in an effort by AOL to design a Web site aimed at helping researchers do their jobs more effectively by including AOL open-source data tools, company spokesman Andrew Weinstein said.

A technician posted the data to the site without running them past an in-house privacy department, not realizing the implications, Weinstein said. An internal investigation is underway to determine what happened and how to prevent future occurrences, he said.

However, Weinstein also noted that identifying an individual by search terms alone is difficult because someone could have typed in a friend's name or address instead of his own. The AOL search network had 42.7 million unique visitors in May, so the total data set covered 1.5 percent of search users that month. The 20 million search records represent about one-third of 1 percent of the total searches conducted on the AOL network in that period, the company said.

The data were gleaned from searches conducted by people with AOL user accounts in the United States.
 
HOW A USER WAS TRACKED BY AOL SCREW-UP

Web Searchers’ Identities Traced on AOL

By MICHAEL BARBARO and TOM ZELLER Jr.
New York Times, August 9, 2006

Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it is not much of a shield.

No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers” to “60 single men” to “dog that urinates on everything.”

And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.”

It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her.

AOL removed the search data from its site over the weekend and apologized for its release, saying it was an unauthorized move by a team that had hoped it would benefit academic researchers.

But the detailed records of searches conducted by Ms. Arnold and 657,000 other Americans, copies of which continue to circulate online, underscore how much people unintentionally reveal about themselves when they use search engines — and how risky it can be for companies like AOL, Google and Yahoo to compile such data.

Those risks have long pitted privacy advocates against online marketers and other Internet companies seeking to profit from the Internet’s unique ability to track the comings and goings of users, allowing for more targeted and therefore more lucrative advertising.

But the unintended consequences of all that data being compiled, stored and cross-linked are what Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a privacy-rights group in Washington, called “a ticking privacy time bomb.”

Mr. Rotenberg pointed to Google’s own joust earlier this year with the Justice Department over a subpoena for some of its search data. The company successfully fended off the agency’s demand in court, but several other search companies, including AOL, complied. The Justice Department sought the information to help it defend a challenge to a law that is meant to shield children from sexually explicit material.

“We supported Google at the time,” Mr. Rotenberg said, “but we also said that it was a mistake for Google to be saving so much information because it creates a risk.”

Ms. Arnold, who agreed to discuss her searches with a reporter, said she was shocked to hear that AOL had saved and published three months’ worth of them. “My goodness, it’s my whole personal life,” she said. “I had no idea somebody was looking over my shoulder.”

In the privacy of her four-bedroom home, over a high-speed Internet connection, Ms. Arnold searched for the answers to scores of life’s questions, big and small. How could she buy “school supplies for Iraq children?” What is the “safest place to live?” What is “the best season to visit Italy?”

Her searches are a catalog of intentions, curiosity, anxieties and mundane concerns. There was the day in May, for example, when she typed in “termites,” then “tea for good health” then “mature living,” all within a few hours.

Her queries mirror millions of those captured in AOL’s database, which reveal the questions posed by expectant mothers, cancer patients, college students and music lovers. User No. 2178 searches for “foods to avoid when breast feeding.” No. 3482401 seeks guidance on “calorie counting.” No. 3483689 searches for the songs “Time After Time” and “Wind Beneath My Wings.”

At times, the searches appear to betray intimate emotions and personal dilemmas. No. 3505202 asks about “depression and medical leave.” No. 7268042 types “fear that spouse contemplating cheating.”

There are also many thousands of sexual queries, along with searches about “child porno” and “how to kill oneself by natural gas,” that raise questions about what legal authorities can and should do with such information.

But while these searches can tell the casual observer — or the sociologist or the marketer — much about the person who typed them, they can also prove highly misleading.

At first glace, it might appear that Ms. Arnold fears she is suffering from a wide range of ailments. Her search history includes “hand tremors,” “nicotine effects on the body,” “dry mouth” and “bipolar.” But in an interview, Ms. Arnold said she routinely researched medical conditions for her elderly friends to assuage their anxieties. Explaining her queries about nicotine, for example, she said: “I have a friend who needs to quit smoking and I want to help her do it.”

Asked about Ms. Arnold, an AOL spokesman, Andrew Weinstein, reiterated the company’s position that the data release was a mistake. “We apologize specifically to her,” he said. “There is not a whole lot we can do.”

Mr. Weinstein said he knew of no other cases thus far where users had been identified as a result of the search data, but he wasn’t surprised. “We acknowledged that there was information that could potentially lead to people being identified, which is why we were so angry.”

AOL keeps a record of each user’s search queries for one month, Mr. Weinstein said. This allows users to refer back to previous searches and is also used by AOL to improve the quality of its search technology. The three-month data that was released came from a special system meant for AOL’s internal researchers that does not record the users’ AOL screen names, he said.

Several bloggers claimed today to have identified additional AOL users by examining the data, while others hunted for particularly entertaining or shocking search histories. Some programmers made this easier by quickly setting up several search engines for the search queries.

John Battelle, the author of the 2005 book “The Search: How Google and Its Rivals Rewrote the Rules of Business and Transformed Our Culture,” said AOL’s misstep, while unfortunate, could have a silver lining if people begin to understand just what’s at stake. In his book, he says search engines are mining the priceless “database of intentions” formed by the world’s search requests.

“It’s only by these kinds of screw-ups and unintended behind-the-curtain views that we can push this dialogue along,” Mr. Battelle said. “As unhappy as I am to see this data on people leaked, I’m heartened that we will have this conversation as a culture, which is long overdue.”

Ms. Arnold says she loves online research, but the disclosure of her searches has left her disillusioned. In response, she plans to drop her AOL subscription. “We all have a right to privacy,” she said. “Nobody should have found this all out.”
 
Top