advertising
Link to jump to start of content The Seattle Times Company Jobs Autos Homes Rentals NWsource Classifieds seattletimes.com
The Seattle Times Business & Technology
Traffic | Weather | Your account Movies | Restaurants | Today's events

Tuesday, August 22, 2006 - Page updated at 12:00 AM

Print

Also on seattletimes.com

Tech Tracks blog
News and perspectives from our tech team.
Brier Dudley's blog
A critical look at tech and business issues.

Top techie leaves, 2 others fired after AOL privacy leak

The Associated Press

NEW YORK — AOL's chief technology officer left the company, and two other workers were fired in the aftermath of a privacy breach that involved the intentional release of more than 650,000 subscribers' Internet search terms.

Although American Online had substituted numeric IDs for the subscribers' user names, the search queries themselves contained Social Security numbers, medical conditions and other data that could be traced to an individual.

In fact, The New York Times was able to trace user 4417749 to Thelma Arnold, 62, of Lilburn, Ga.

Maureen Govern, the technology chief, will be replaced on an interim basis by John McKinley, who had that position before becoming AOL's president for digital services. The change takes effect immediately, according to a memo AOL Chief Executive Jonathan Miller sent to employees Monday.

"This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team," Miller said in a second memo. "We are taking appropriate action with the employees who were responsible."

The data release is among a series of breaches by other companies and government agencies involving sensitive information in recent months. Unlike those resulting from computer hacking or missing laptops, however, the AOL data had been intentionally released as part of a program to assist academic researchers.

AOL, a unit of Time Warner, apologized two weeks ago for what it termed a mistake made by a company researcher who had failed to properly seek clearances before releasing three months' worth of search data. Though the information was meant for researchers, it was released to a public site and quickly circulated once a blogger discovered it.

AOL's privacy plan


To prevent further unauthorized release of online search data, AOL CEO Jonathan Miller e-mailed employees the company's plan:

Create a task force led by senior executives to review privacy and data-retention policies.

Place additional limits on employee access to data, regardless of whether they are linked to individual accounts.

Evaluate technologies designed to flag sensitive information. Under such a system, for instance, a 16-digit string might be assumed to be a credit-card number and kept out of research databases.

Improve employee education and awareness on privacy.

Source: AOL, The Associated Press

The company fired the researcher who released the data and that employee's direct supervisor, who reported to Govern, said one person familiar with the decisions.

The person, who spoke on condition of anonymity because release of personnel information was not authorized, would not say whether Govern's departure was voluntary. The person also would not identify the two employees who were fired.

Although the search terms released were not directly tied to real names, many individuals type their own names to find out what's being said about them. They may later search for online mentions of their credit card or Social Security numbers and perhaps for prescription-drug prices, revealing their medical ailments.

All the searches for each user name were linked to the same numeric ID in the released data.

AOL removed the information from its site once senior executives learned of it, but by then copies were widely available. Some people even created search sites just for the AOL data.

At least two groups have asked the Federal Trade Commission to investigate. In its complaint, filed last week, the Electronic Frontier Foundation (EFF) accused AOL of breaking a promise to protect its subscribers' privacy.

Kevin Bankston, staff attorney with the EFF, said he hoped the breach would prompt Internet companies to be more forthcoming about what data they keep and for how long. Congress, he said, may need to intervene.

"Rearranging personnel is not going to get to the root of this problem, a problem which extends far beyond AOL and to the rest of the Internet industry," Bankston said. "As an industry, the search engines have been unacceptably tightlipped about what their practices are regarding search logs."

To prevent a recurrence, Miller said AOL will:

• Create a task force led by senior executives to review privacy and data-retention policies.

• Place additional limits on employee access to data, regardless of whether they are linked to individual accounts.

• Evaluate technologies designed to flag sensitive information.

• Improve employee education and awareness on privacy.

The fallout occurs as AOL tries to lure more people to its search services and other free, ad-supported features to offset a revenue decline that's likely to accelerate as the company stops charging for AOL.com e-mail accounts and software.

AOL continues to rank fourth in search, behind Google, Yahoo! and Microsoft's MSN, according to data released this week by Nielsen/NetRatings and comScore Media Metrix.

Copyright © 2006 The Seattle Times Company

Print

More business & technology headlines...


advertising

advertising

Most read articles

Most e-mailed articles

Marketplace

advertising

More shopping