AOL search data scandal

From Wikipedia, the free encyclopedia

On August 4, 2006, AOL Research, headed by Dr. Abdur Chowdhury, released a compressed text file on one of its websites containing twenty million search keywords for over 650,000 users over a 3-month period, intended for research purposes. AOL pulled the file from public access by the 7th, but not before it had been mirrored and distributed on the Internet.

While none of the records on the file are personally identifiable per se, certain keywords contain personally identifiable information by means of the user typing in their own name (ego-searching), as well as their address, social security number or by other means. Each user is identified on this list by a unique sequential key, which enables the compilation of a user's search history.[1] In fact, in a test of whether it was possible to do so, the New York Times was able to locate an individual from the released and anonymized search records by cross referencing them with phonebooks or other public records.[2] Consequently, the ethical implications of using this data for research are under debate.[3][4]

AOL acknowledged it was a mistake and removed the data, although the files can still be downloaded from mirror sites.[5][6] Additionally, several searchable databases of the report also exist on the internet.[7]

Although the searchers were only identified by a numeric ID, the New York Times successfully discovered the identity of several searchers, and with her permission, exposed search number 4417749 as Thelma Arnold, a 62-year-old Georgian widow. This privacy breach was widely reported, and led to the resignation of AOL's CTO, Maureen Govern on August 21, 2006. The media quoted an insider as saying that two employees had been fired: the researcher who released the data, and his immediate supervisor, who reported to Govern.[8][9]

In September 2006, a class action lawsuit was filed against AOL in the U.S. District Court for the Northern District of California.

"The lawsuit accuses AOL of violating the Electronic Communications Privacy Act and of fraudulent and deceptive business practices, among other claims, and seeks at least $5,000 for every person whose search data was exposed."[10]

In January 2007, Business 2.0 Magazine on CNNMoney ranked the release of the search data #57 in a segment called "101 Dumbest Moments in Business."[11]

[edit] References

  1. ^ Michael Arrington. "AOL proudly releases massive amounts of user search data", TechCrunch, 2006-08-06. Retrieved on 2006-08-07. 
  2. ^ "A Face Is Exposed for AOL Searcher No. 4417749", The New York Times, 2006-08-09.  (Sign in or subscription required.)
  3. ^ Katie Hafner. "Tempting Data, Privacy Concerns; Researchers Yearn To Use AOL Logs, But They Hesitate", The New York Times, 2006-08-23. Retrieved on 2006-09-13. 
  4. ^ Nate Anderson. "The ethics of using AOL search data", Ars Technica, 2006-08-23. Retrieved on 2006-09-13. 
  5. ^ AOL apologizes for release of user search data | CNET News.com
  6. ^ AOL search data mirrors
  7. ^ twodotfive
  8. ^ Li, Kenneth. "AOL chief technology officer resigns: sources", Reuters, 2006-08-21. 
  9. ^ AOL executive quits after posting of search data - International Herald Tribune
  10. ^ AOL sued over Web search data release | Tech news blog - CNET News.com
  11. ^ 101 Dumbest Moments in Business: Full list | Business 2.0

[edit] External links