Execs at AOL Approved Release of Private Data?

reporter writes "The New York Times has published a report providing further details about the release of private AOL search queries to the public. According to the report: 'Dr. Jensen, who said he had worked closely with Mr. Chowdhury on projects for AOL's search team, also said he had been told that the posting of the data had been approved by all appropriate executives at AOL, including Ms. [Maureen] Govern.' The report also identifies the other two people whom AOL management fired: they are Abdur Chowdhury and his immediate supervisor. Chowdhury is the employee who did the actual public distribution of the private search queries. He, apparently, has retained a lawyer."

Poor Data

[krell (896769)]

First they demote him from being a lt. commander. Then they attach him to AOL. Somewhere Lore must be pulling the strings.

Re:

[creimer (824291)]

Haven't you heard? Data was killed in the line of duty. This is B4 who's working at AOL.

retained a lawyer?

[Quasar1999 (520073)]

At this point, why would you want to stay at your present job if you need a lawyer to keep it... even if you are successful, why would you want to stay, it's obvious you won't be liked by management, since they're trying to get rid of you... Or am I missing something?

Re:

[krell (896769)]

"At this point, why would you want to stay at your present job if you need a lawyer to keep it"

Ask former President Clinton. Ask Bush after he concludes this term.

Re:retained a lawyer?

[TheGreek (2403)]

At this point, why would you want to stay at your present job if you need a lawyer to keep it

Ask former President Clinton.

If I'm getting harassed at my current job, not only is it actionable, but chances are I can get another job elsewhere in the same line of work.

When you're President of the United States, you don't really have any recourse when Congress (a co-equal branch) starts issuing subpoenas, nor are similar jobs readily available.

Nice bad analogy, though.

Re:retained a lawyer?

[TheGreek (2403)]

Perhaps someone should tell bush that congress is a coequal branch of government.

It might be more effective for somebody to tell Congress that Congress is a co-equal branch.

Each branch only has as much power as it chooses to exercise.

Re:

[A beautiful mind (821714)]

I think a fair amount of cash must be playing some role in it.

Re:retained a lawyer?

[mrchaotica (681592)]

Perhaps because being fired is a whole lot worse than quitting voluntarily... and more importantly, lets them avoid giving you the severance pay they would otherwise owe.

Personally, I know that if I were told by my boss to do something and then got fired for doing it, I'd be extremely pissed!

Re:

[Intron (870560)]

The Nuremberg Defense. At some point, people are personally responsible for the things that they do regardless of whether they were following orders.

At a former job, we got a contract with the Navy to put our computer system on an aircraft carrier. One employee quit rather than work on a system that would be used to help kill people. Although I didn't have any qualms about that particular application, I understood her stand.

Re:

[ericspinder (146776)]

The Nuremberg Defense. At some point, people are personally responsible for the things that they do regardless of whether they were following orders.

So "killing millions on orders from psychopaths" == "releasing personal data on orders from idiots", I'm not buying it.

Nuremberg analogy is valid

[aeoneal (728354)]

So "killing millions on orders from psychopaths" == "releasing personal data on orders from idiots", I'm not buying it.

Obviously they're not the same thing. But the Nurember analogy is still valid. To do a thing that you know to be wrong, that can lead to expanding the already-pervasive abuse of personal knowledge by so many large companies, is not justifiable because your boss told you to do it.

Today the "little guy's" only defense against being taken advantage of by major corporations and the governme

Re:retained a lawyer?

[EndlessNameless (673105)]

The Nuremberg Defense didn't work at the Nuremberg Trials because the people involved did things that any sane person knows is terribly "wrong" according to just about every existing belief system.

Of course, don't let that small difference in scale dissuade you from bringing Godwin's Law into effect.

AOL did not provide any of the information necessary to identify the searchers. So while I disagree with the disclosure, this breach of privacy is on par with other acts of corporate idiocy I've seen, and based on that I would say that there wasn't any basis requiring him to refuse this order. There's no clear and compelling need to disobey an approved transfer of more-or-less anonymous data, unlike a situation where someone is ordered to kill innocent civilians by the truckful.

Finally, get a sense of proportion. Are you seriously comparing a poor privacy decision with a decision on a life-and-death matter? Tenuously exaggerated examples do not shore up tenuously supported arguments.

Re:retained a lawyer?

[TFGeditor (737839)]

"AOL did not provide any of the information necessary to identify the searchers."

Oh, really? A couple of NY Times reporters didn't let that stop them. They used the search data to find and interview User No. 4417749, Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga. Link to story below. Bugmenot login works.

http://www.nytimes.com/2006/08/09/technology/09aol .html?ex=1156392000&en=4908a895fec7a6a7&ei=5070 [nytimes.com]

Re:

[omeomi (675045)]

At a former job, we got a contract with the Navy to put our computer system on an aircraft carrier. One employee quit rather than work on a system that would be used to help kill people. Although I didn't have any qualms about that particular application, I understood her stand.

The Clerks argument! My favorite! Was it okay to blow up the Death Star the second time, while it was being repaired? Do you think the average storm trooper knows how to install a toilet main? ;-)

Re:retained a lawyer?

[creimer (824291)]

Personally, I know that if I were told by my boss to do something and then got fired for doing it, I'd be extremely pissed!

That's when documenting your work is important. As a lead tester at Atari a few years ago, I was in situations that I could've been fired for except all my documentation pointed back to management. When a new boss told me to stop doing that, I told him I would not. Then it became a cat-and-mouse game for the next six months as he tried to get me fired without getting himself fired in the process. I eventually left on my own for "personal reasons" and it turned out I was the third person out of a dozen senior testers to leave that year when my boss became the department manager.

Re:retained a lawyer?

[Silver Sloth (770927)]

What do you want on your CV

• Sacked for gross incompetence
• Left after being used as a scapegoat

The point of most unfair dismissal actions is not the money, it's the CV.

Re:retained a lawyer?

[clickclickdrone (964164)]

>It's the CV
I know of one senior guy who worked for a well known credit card company. He was brought in to cut costs. On day one all the department heads were brought in one by one. He ignored everyone's plans and spreadsheets and just gave them a slip of paper with 500k, 1 million or whatever written on it and said 'that's your budget'. A few months later he had another 35m to lose and noticed a single dept that cost that. He ordered it shut down and the staff made redundant. Within a few months the company's income was in freefall - he'd sacked their most profitable sales team. He had to go grovelling to the board to explain, rehire as many as he could at inflated salaries and was then fired. You can bet his CV reads 'Worked for xxxxx, achieved 70 million cost cuts'

Re:

[poot_rootbeer (188613)]

What do you want on your CV
        * Sacked for gross incompetence
        * Left after being used as a scapegoat

They're both equally effective at preventing you from getting hired anywhere else. The new HR director isn't going to give a sympathetic ear to your tale of scapegoatism, he or she is probably going to assume that you actually deserved the blame you got, and your story is nothing more than a save-face gesture.

Re:retained a lawyer?

[Karma Farmer (595141)]

Slashdot: why ignore the article when you can ignore the summary?

Re:retained a lawyer?

[Daniel_Staal (609844)]

The main point really is that he believes he was fired because he is being blamed for something that is not his fault: He did what he was told, and what he was told was authorized by his bosses and the appropriate people. Blaming the mailclerk for the mail isn't good policy. (He's a little more involved then a mailclerk I assume, but how much I don't know.)

Then, if he doesn't want to work there, he can quit. There is a huge difference in being able to tell a prospective employeer that you quit because of the culture of blame-passing, and having to tell them you were fired because you released private data to the public.

Re:

[Captain Hook (923766)]

Which is where compensation comes in, if there is a reasonable chance he won't be able to work again then AOL should have to pay for ruining the guys career.

That of course, is assuming that he really is as innocent in all of this as he claims to be.

Re:

[Fulcrum of Evil (560260)]

I recall similar defenses were raised at Nuremberg, and didn't go over very well.

Shut the fuck up about Nuremburg! Releasing anonymized search data is not the same as shovelling people into ovens!

Re:

[RingDev (879105)]

Getting fired likely means he loses his severence package. Not to mention the black mark on his resume over this. How is it going to look when he goes up for his next interview when he was used as a scape goat for the issue at AT&T. He has to fight, if for no other reason then to maintain his appearance.

-Rick

Re:

[tnk1 (899206)]

He doesn't want to work for AOL, I'm sure. He just wants to collect money off them for firing him.

Re:retained a lawyer?

[szembek (948327)]

Maybe it's not about getting fired. Maybe he's afraid of lawsuits coming his way if he is primarily blamed for authorizing the release of data.

Obviously

[by Anonymous Coward]

Almost everything a company does, especially publicly has to have multiple stamps of approval. Can't even order a pencil without paperwork. Right now AOL is headhunting for scapegoats to sacrifice to appease the masses. This had to have nearly everybody OKing it, if it was a mistake it would have gotten yanked back a LOT faster and legal actions would be pending, they aren't threatening anybody yet because they probably don't want their own records being pulled out and becoming massivly liable.

Not at all sure about why they thought it was a good idea, they must have thought the ID numbers were sufficient to conceal identities which also shows the lack of security knowledge most executives have.

Re:

[MindStalker (22827)]

well see, they aggregated all the people who searched for X and Y and Z and added them together and assigned that a number. So what if the aggregate generally turned out to be 1 case.

Yes I've seen MANY people aggregate too many variables or extremly unique variables then act surprised that it didn't really aggregate.

Personal Matters

[kurrik (776253)]

"An AOL researcher who put the queries online and a manager overseeing the project were dismissed, according to an AOL employee who did not want to be identified because the company does not comment publicly on personnel matters."

Yeah, wouldn't want anyone's privacy to be compromised??

Mr. Chowdhury is a comedic GENIUS!

[Jakhel (808204)]

who else would have the phenomenal insight to give us such gems as

http://i.somethingawful.com//sasbi/2006/08/docevil /8-21-06_21.gif [somethingawful.com]

http://i.somethingawful.com//sasbi/2006/08/docevil /8-13-06_26.gif [somethingawful.com]

and of course

http://i.somethingawful.com//sasbi/2006/08/docevil /8-21-06_9.gif [somethingawful.com]

think of the children

[bigdavex (155746)]

The Justice Department has repeatedly signaled its strong interest, through continued conversations with Internet companies and members of Congress, in having the data retained to help it fight terrorism and child pornography . .

I bet they have a stamp that says that.

One good thing came from this...

[erroneus (253617)]

...if ever there was any public doubt about how dangerous the release of search query data could be, this should do a lot to prove to "the public" otherwise.

And with this improvement in public awareness of how important it is to have private data safe-guarded and controlled, I think we'll see a little more interest in what business and government does with private data. I think that ultimately, we need to get a LOT more aggressive over the misuse of the SSN (social security number) and forever separate the

There is no privacy

[gelfling (6534)]

And empty suits like the weenies at AOL are just kneejerking to respond to some soccermom who screamed at them at the PTA meeting last night. Heads will roll, I didn't know thanks for your helpful crticism etc etc etc.

Whereas they're probably just mad at someone for forgetting to SELL the information.

A humble, novel suggestion

[MikeRT (947531)]

WikiSearch anyone? It's about time that people started realizing that these companies are not going to make this easy on anyone. I would gladly pay $5-$10/month to pay for the bills of an open source, accountable search service that doesn't keep so much data on me it makes the Stasi look like amateurs.

It just wants to be free!

[edmicman (830206)]

Whatever happened to the "information just wants to be free" argument? Where's that now?

Freeeedom!

[alienmole (15522)]

I'd say this only proves the point - this information wanted to be free badly enough to escape from AOL, leaving a trail of career destruction in its wake!

Re:

[MMC Monster (602931)]

Information wants to be free. Information also wants to be expensive. It depends on the type of information you are talking about.

Is it okay to use the data anyway?

[dthomas731 (761616)]

I have read many articles on the analysis of the released AOL data. Some of the articles start off something like this:

"I think the release of this data is a breach of privacy and should never have been made public. But ..."

Then they present their analysis. My question is if you are going to preach on the evils of releasing the data then do you have the moral right to analyze it? I think not.

The Real Problem

[Nom du Keyboard (633989)]

The real problem isn't that they let this data escape.

The real problem is that they shouldn't have been keeping it in the first place!

If it can harm a consumer by its release, then it can harm that same consumer by the fact that the have it in their possession in the first place. Just how is AOL that much better or more trustworthy than the world at large?

Re:Possible Solution

[CDMA_Demo (841347)]

Here's a potential solution to your "industrywide problem": Stop treating us (your users) as nothing more than a market. We're individual human beings. Right now, we just look like sacks of money to you and your "research" consists of trying to extract that money from us.

I agree, users are people too. To prove your point, here is a gem: http://www.somethingawful.com/index.php?a=4016 [somethingawful.com]

Re:

[tnk1 (899206)]

Mr. Bankston suggested that this was the kind of response that he and other privacy advocates feared. "This is not just AOL's problem," he said. "This is an industrywide problem that needs industrywide solutions."

Not even close to that simple. AOL didn't stand to make any money off this situation. The data was provided entirely "altruistically" for the benefit of researchers.

And what are these researchers "researching"? They are studying how to make searches more relevant, among other things.

Will

Re:Possible Solution

[trevor-ds (897033)]

That's a bit cynical, don't you think?

If they really wanted to make the most money possible, they would have sold these logs (non-anonymized) to the scores of direct marketers that I'm sure would love to have this data. Instead, they packaged it up and tried to make it available to academic researchers. These researchers honestly just want to make better search engines that run faster and return better results. Furthermore, when academics come up with a great new idea, it gets published so that anyone can read it.

Every once in a while, someone suggests an open source search engine. Check out Nutch [nutch.org] if you want to see work in this area. However, if open source search solutions are going to be any good at all, they'll have to rely on the decades of public, published information retrieval research that's already out there.

We are entering a time when companies are capable of totally outpacing academia because they have query log data, so they know exactly what users actually do. There is no way that an academic can get this kind of data unless a company releases it. Researchers at AOL, in good faith, tried to release data so researchers could have a chance at success. Ultimately, of course, that's good for AOL since they're not in the top three search engines out there. Public research can only help raise AOL's standing by helping to level the playing field. But, it's good for you too, because you can build your open source solution based on this research too.

Yes, the release was botched, and yes, the long term user identifiers were a mistake. But don't make AOL out to be some evil company that was only out to destroy your privacy. They made a mistake!

Re:

[db32 (862117)]

Except that some reporters used it to personally identify a 60yr old woman in flordia IIRC. They had her verify that those indeed were her searches and she explained what they were about. So...the concern here is that you CAN be identified by your searches without "personally identifiable information". Now tack that on to "how to murder wife" searches and "how to build bomb" searches and "child pornography" searches, hand it over to the government, and now there is a bit of an issue. You get arrested be

Re:Who the hell cares?

[SydShamino (547793)]

>>> so correct me if I'm wrong

You're wrong.

The IP address or user name of the person who searched has been removed, but it was replaced with a unique identifier that tracked all of the searches by the same person.

Many people search for things related to themselves. For example, if you have looked for a job in the last four years, you were foolish if you didn't search for your own name to see if your friends' blogs had descriptions of your late-night drinking binges and drug use. (You are probably foolish if you used AOL search to do this, but that's a different discussion.)

CNN ran a story where they were able to track down one older lady, just because she searched for her last name, searched for "drugstores near " or somesuch, and was the only person in her area with that name. They confirmed with her that the searches were hers. (She has a dog with problems urinating on her carpet, and she has friends with lots of diseases that she "researches" for them.) They picked someone to track down who hadn't searched for anything "naughty", but that doesn't mean they couldn't have if they had wanted to.

Re:

[grylnsmn (460178)]

But the important question is, is it AOL's responsibility for what users decide to search for?

How is AOL supposed to know if a subset of data includes privacy data? A 9-digit number could be a SSN, but it could also be a phone number (not all countries use 10 or 7 digits), an ISBN (minus the check digit), or any number of other numbers. A 16-digit number (or 15 digits) isn't necessarily a credit card number. Just because someone puts an address into a search engine doesn't mean that it's their own addres

Re:

[MindStalker (22827)]

People generally feel comfortable with the notion that their search queries are private. Sure they may not be private, but they feel private. Sure your phone conversations arn't completly private, but the phone comapny can't just dump your conversations onto the public.

Re:

[Qzukk (229616)]

Don't the users have some responsibility for their own private data?

How? By never giving it to anyone? Never getting a loan, insurance, or a magazine subscription? Always working for cash under the table and never filing taxes? Any one of those things releases your address, phone number, billing information, etc. out of your control. At some point you have to say the data has changed hands and so has the responsibility to protect it.

Sure it was dumb (was it really dumb at the time though, or are we only

It's the x-refs, not the data.

[Kadin2048 (468275)]

I think you bring up a good point.

As a society, or at least as a subset of one, we need to discuss this. Where should the "expectation of privacy" be when one is using a search engine (or the Internet in general)? It's a very open question.

On one hand, most people I think realize that the query to the search engine is not 'private.' As in, you can go and view at any given time, all the things that are being typed in to Google. (At least you used to be able to, or maybe this was Yahoo.) At any rate, the quer

Re:

[geobeck (924637)]

You are probably foolish if you used AOL search...

Maybe we should just leave it at that.

Re:

[pHZero (790342)]

The search terms were not linked to any specific person, however, each search term was linked to a user ID. So you can compile a list of all searches a specific person did.

Partner this up with the fact the some people may search for the name, credit card number, and social security number to see if they're posted anywhere, you have some serious privacy concerns.

Take for example, (and I'm making this up), user #5, these are his search terms:

Joe Schmo
014-56-1234
4729-1234-5678-9012
Pizza stores near 1 main str

Re:

[merlin_jim (302773)]

It was a bit more than just search, it was complete records of internet usage from the ISP.

No it wasn't, it was strictly search terms and if they clicked on a link, what link they clicked on - that's it