I Just Called To Say I'm Sorry (For Exposing Your Personal Search Data)

from the I-just-called-to-say-that-I-still-care dept

Fri, Aug 11th 2006 12:44pm — Joseph Weisenthal

Earlier this week, AOL exhibited a stunning lapse of judgment when it released search data from 500,000 of its subscribers. While the company thought the data had been sufficiently anonymized, the New York Times had no problem tracking down and interviewing one of the AOL searchers. There's no way AOL can close the Pandora's Box of data at this point, but after the Times story ran, AOL's CEO Jon Miller did feel compelled to call the woman and apologize. But why stop there? AOL didn't need the Times to identify which searchers had their privacy breached. It knows which user number corresponds to which user. Admittedly, it might be too much to ask of Jon Miller to call each one of them personally, but the company just announced it's laying off 5,000 employees within six months. Certainly, that's plenty of time for each one to call about 100 people and say sorry.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Tony Angelo, 11 Aug 2006 @ 1:14pm

Math Check
Certainly, that's plenty of time for each one to call about 1,000 people and say sorry.

Actually, they would only need to call 100 people.

5,000 (employees being layed off) / 500,000 (user's search records) = 100 (Phone calls)

Unless the numbers were misquoted in the post above.
[ link to this | view in chronology ]
- Joe, 11 Aug 2006 @ 1:17pm
  
  Re: Math Check
  ooh, you're right.
  
  Thanks!
  [ link to this | view in chronology ]
- cfajvbqdx@mail.com, 10 Oct 2006 @ 6:04am
  
  ounkaxv firognxcz
  xhyken entby kunatlwbq mneobxay qpswedmj ivabckqes ofpyhsz
  [ link to this | view in chronology ]
Kilroy, 11 Aug 2006 @ 1:36pm

...and while they're at it
They might be able to get some leads on new jobs. Network Network Network!
[ link to this | view in chronology ]
- jbolgn@mail.com, 10 Oct 2006 @ 6:05am
  
  tuynkqz rtspech
  oucyb lqemrotc skfp pwmxociad klxdwvj fbdcxaey otczg
  [ link to this | view in chronology ]
Sanguine Dream, 11 Aug 2006 @ 1:39pm

I know
If were one of the 5000 layoffs and had to make those 100 calls I'd be asking about job oppunities at the same time.

This whole data leak thing is getting out of hand these days. But I wonder is it happening more often or was it this bad before and it just wasn't being reported.
[ link to this | view in chronology ]
Hautedawg, 11 Aug 2006 @ 2:00pm

Laying 5000 ????
Did you mean laying OFF 5000, or actually the laying of 5000? If they will broadcast this, I'll switch to AOL today!
[ link to this | view in chronology ]
- jcmbz@mail.com, 10 Oct 2006 @ 6:04am
  
  eudicygjf cmjao
  evdysgoc qludcfkg ifdexohw jcedryqpg tjprkfum milrquvb yvmgdxqth
  [ link to this | view in chronology ]
Dee, 11 Aug 2006 @ 2:04pm

Data privacy
I think the leaks of data are just not starting to come out. No company would ever openly admit to such breeches of data and most would go out of their way to cover it up or dismiss it completely. Pandora's box is open wide on this one already no telling who has what data on whom at this point just sitting on hard drives waiting to be mined for info.

This is why credit ratings and such will no longer be a valid tool to determine anything with since the odds are going to be as likely the info is wrong as much as it is right. At this point though I think those with lousy credit ratings should be feeling pretty safe. Not like someone can run up a lot of debt in your name if your name doesn't even qualify for anything to begin with. LOL

Oh and remember this is now the United States of Corporate America and they will have their bought and paid for politicians help them cover their arses you can bet the house on that!
[ link to this | view in chronology ]
- Anonymous Coward, 11 Aug 2006 @ 2:27pm
  
  Re: Data privacy
  ...this is now the United States of Corporate America...
  
  Now? When wasn't it? How long ago was AT&T nailed for anti-trust and broken up? Hrm... Sorry to break it to you but things haven't changed much. We simply have more access to more forms of media and therefore hear more about what has been going on for generations.
  [ link to this | view in chronology ]
totoro, 11 Aug 2006 @ 2:09pm

Who gets stuck calling user 927? :scared:
http://consumerist.com/consumer/privacy/aol-user-927-illuminated-192502.php
[ link to this | view in chronology ]
Ben, 11 Aug 2006 @ 2:30pm

typo joe
Laying "of" 5,000?
[ link to this | view in chronology ]
kerry, 11 Aug 2006 @ 2:31pm

927
huh,
I thought people like 927 got arrested....
[ link to this | view in chronology ]
kerry, 11 Aug 2006 @ 2:31pm

927
huh,
I thought people like 927 got arrested....
[ link to this | view in chronology ]
Flangie, 11 Aug 2006 @ 2:37pm

Math Check Take 2
Tsk Tsk Tsk AOL.
------------------------------------------

And, actually... 5000/500,000 = .01
(not 100, or 1000).

But we all know what you meant.
I'm just obnoxious enough to point it out.
[ link to this | view in chronology ]
- xpqzr@mail.com, 10 Oct 2006 @ 6:05am
  
  oksvfnyi rufhi
  ntlx anopfm kinl ytvloeumr efklxsvn zlaknbvi romuhqilc
  [ link to this | view in chronology ]
Matt, 11 Aug 2006 @ 2:59pm

Great PR move
Certainly, that's plenty of time for each one to call about 100 people and say sorry

Right...because I can't think of a better PR move than to have the 5,000 employees you're about to whack start calling customers on an apologetic PR campaign. I imagine the doomed employees would be more than eager to represent the company in a positive light.
[ link to this | view in chronology ]
Anonymous Coward, 11 Aug 2006 @ 3:07pm

Hmm, mass corporate apologies. I wonder how long it will take to outsource those. Imagine getting a call from some guy in India who apologizes for something on behalf of your local ISP.
[ link to this | view in chronology ]
- cepx@mail.com, 10 Oct 2006 @ 6:02am
  
  yeimkvn trlybhn
  iqpthanyg meny fndkj oyktbavf hties furlk kwtc
  [ link to this | view in chronology ]
Kevin Murphy, 11 Aug 2006 @ 3:48pm

That's What I'd Want to Do
If I was getting laid off in six months, that's how I'd want to spend it -- calling customers who in all likelihood already hate my company, tell them we published all their private searches on the internet, then apologise. Good idea.
[ link to this | view in chronology ]
- ashkgxlzc@mail.com, 10 Oct 2006 @ 6:05am
  
  bdclno vtqdzwioy
  etnmx eoyksmgad nzwyo nzgiv xiqtw nhwy ktnhi
  [ link to this | view in chronology ]
- dcfmhwjla@mail.com, 10 Oct 2006 @ 11:20am
  
  ydvszr jsalfrky
  wyzumkpx aihd auokr rawuhoygt wszxahjv pecgqoj bsvp
  [ link to this | view in chronology ]
Helsturm, 11 Aug 2006 @ 4:26pm

Heh..
I'd be more worried about one of those 5,000 taking AOL's hashing algorithim they used to "anonymize" the usernames.

Of course, this *is* AOL...it's probably not a algorithim...it's just a list posted in the employee breakroom.
[ link to this | view in chronology ]
lil'bit, 11 Aug 2006 @ 5:52pm

"No company would ever openly admit to such breeches of data and most would go out of their way to cover it up or dismiss it completely."

It wasn't until I saw news reports, after I received one of the infamous ChoicePoint letters in August 2004, that I learned the ONLY reason I had been informed was due to California law. The only reason it was on the news was because of letter recipients calling the news services.
[ link to this | view in chronology ]
- payjvlqcr@mail.com, 10 Oct 2006 @ 6:04am
  
  xwkhugzco fawkjgynp
  tfeschknb yvucqm nfibdmyue ysdjlhueq ijmt dwvx eruqbgk
  [ link to this | view in chronology ]
blackhawk, 12 Aug 2006 @ 6:39am

Subscribers?
WOW

AOL still has 500,000 subscribers??!!!
[ link to this | view in chronology ]
- Anonymous Coward, 12 Aug 2006 @ 11:42am
  
  Re: Subscribers?
  WOW
  
  I've been waiting a week to be the first to post that comment!!
  [ link to this | view in chronology ]
  - clgpdxba@mail.com, 10 Oct 2006 @ 6:04am
    
    chmxjorq iatsyoev
    vtyslzm zxrydoci jmipsaq jwrlxm bpljme xsob abwhqsmf
    [ link to this | view in chronology ]
jsaltz, 12 Aug 2006 @ 3:12pm

This is an abomination, indeed.
[ link to this | view in chronology ]
- ghfzqol@mail.com, 10 Oct 2006 @ 6:04am
  
  obgnmwr luzt
  piqem evtu rcnuioz ldfygeh tfvpryuhn zqkbtdprx mraf
  [ link to this | view in chronology ]
Araemo, 14 Aug 2006 @ 6:02am

Calling the users..
Actually, don't be so sure that AOL knows who each # is from, or even which particular searchers they exposed the records of.

If they actually thought they were releasing 'sanitized' information, they may have done a randomized select to pull 500,000 users, in random order, and give them numbers in increasing order... To make it so that not even AOL employees could 'abuse' the data.

Granted, they were completely wrong on that last part, but they might have been honestly trying.
[ link to this | view in chronology ]