- The Washington Times - Monday, August 21, 2006

ASSOCIATED PRESS

AOL’s chief technology officer left the Sterling, Va., company and two other employees were fired in the aftermath of a privacy breach that involved the intentional release of more than 650,000 subscribers’ Internet search terms.

Although AOL had substituted numeric IDs for the subscribers’ user names, the search queries contained Social Security numbers, medical conditions and other data that could be traced to people.

Maureen Govern, the technology chief, will be replaced on an interim basis by John McKinley, who had held that position before becoming AOL’s president for digital services. The change takes effect immediately, AOL Chief Executive Officer Jonathan Miller said in a memo sent to employees yesterday.

“This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team,” Mr. Miller said in a second memo. “We are taking appropriate action with the employees who were responsible.”

The data release is among a series of breaches involving sensitive information in recent months. Unlike those resulting from computer hacking or missing laptops, however, the AOL data had been released intentionally as part of a program to assist academic researchers.

AOL, a unit of Time Warner Inc., apologized two weeks ago for what it termed a mistake made by a company researcher who had failed to seek proper clearances before releasing three months’ worth of search data. Though the information was meant for researchers, it was released to a public site and quickly circulated once a blogger discovered it.

The company fired the researcher who released the data and that employee’s direct supervisor, who reported to Ms. Govern, said one person familiar with the company’s decisions. The person, who spoke on the condition of anonymity because release of personnel information was not authorized, would not say whether Ms. Govern’s departure was voluntary. The person would not identify the two employees who were fired.

Although the search terms released were not tied directly to real names, many people type their own names to find out what is being said about them. They may later search for online mentions of their credit cards or Social Security numbers and perhaps for prescription drug prices, revealing their medical ailments. All the searches for each user name were linked to the same numeric ID in the released data.

AOL removed the information from its site once senior executives learned of it, but by then copies were widely available. Some people even created search sites just for the AOL data.

At least two groups have asked the Federal Trade Commission to investigate. In its complaint, filed last week, the Electronic Frontier Foundation accused AOL of breaking a promise to protect its subscribers’ privacy.

Kevin Bankston, staff attorney with the foundation, said he hoped the breach would prompt Internet companies to be more forthcoming about what data they keep and for how long. Congress, he said, may need to intervene.

“Rearranging personnel is not going to get to the root of this problem, a problem which extends far beyond AOL and to the rest of the Internet industry,” Mr. Bankston said. “As an industry, the search engines have been unacceptably tight-lipped about what their practices are regarding search logs.”

The fallout occurs as AOL tries to lure more people to its search services and other free, ad-supported features to offset a revenue decline that is likely to accelerate as the company stops charging for AOL.com e-mail accounts and software.

AOL continues to rank fourth in search, behind Google Inc., Yahoo Inc. and Microsoft Corp.’s MSN, according to data released this week by Nielsen/NetRatings and comScore Media Metrix.

Shares in Time Warner closed unchanged at $16.50 yesterday on the New York Stock Exchange.


Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide