AOL axes staff over privacy breach
Published: 22 Aug 2006 08:40 BST
Two AOL employees have been fired, and its chief technology officer is resigning, after the release of Web search data from thousands of AOL members prompted widespread criticism of the company.
Chief technology officer Maureen Govern "has decided to leave AOL effective immediately", AOL chief executive Jon Miller wrote in an email to employees dated Monday.
Govern could not be reached for comment.
The researcher responsible for the data being posted online and the researcher's supervisor, who reports to Govern, were fired, according a source close to the matter who asked not to be identified.
Meanwhile, John McKinley, who is president of AOL Digital Services and served as chief technology officer from 2003 to 2005, will step in as interim chief technology officer until a permanent replacement is found, AOL said.
In a separate email to AOL employees, Miller said the company would create a taskforce to develop new best practices on privacy and will look at how long search and other data should be saved.
The company also is considering tightening restrictions on access to databases containing search data and other sensitive member data, looking into ways to ensure that such information is not included in research databases and adopting education programmes for employees on how to protect sensitive information, the email shows.
"After the great lengths we've taken to build our members' trust and be an industry leader on privacy, it was disheartening to see so much good work destroyed by a single act," Miller wrote. "This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team. We are taking appropriate action with the employees who were responsible."
AOL researchers posted the data on the user Web searches to a new AOL research Web site last month. It then pulled it and apologised for the security breach shortly thereafter, but not before other sites acquired the data and made it searchable. AOL has been widely criticised for releasing the data.
Last week, the Electronic Frontier Foundation (EFF), a digital-rights group in San Francisco, filed a complaint against AOL with the Federal Trade Commission (FTC). The complaint asked the FTC to look into AOL's possible violation of its privacy policy and federal law. The EFF also asked regulators to require AOL to notify all users affected by the leak and to stop logging searches except in extraordinary cases.
The World Privacy Forum also filed an FTC complaint against AOL last week, including an allegation that AOL released user search data in 2004.
While the members were kept anonymous, the data was so thorough and extensive that privacy advocates warned it would be possible to trace searches back to specific searchers, which several newspapers and other organisations were able to do.
"Whatever staff changes AOL chooses to make does not reduce the need for Congress and the FTC to step in," Kevin Bankston, staff attorney for the EFF, said in a telephone interview.
"To the extent the CTO's departure does have to do with this, I hope it indicates that AOL recognises this isn't an issue of fixing a unique incident but rather reconsidering their approach to how they handle search logs," he added.
Pam Dixon, executive director of the World Privacy Forum, said the FTC should investigate whether AOL partners and others have received sensitive user data from AOL over the years.
"I don't think firing employees is going to be a solution to the problem. It appears that these data disclosures were a symptom of a more systemic problem at AOL regarding data handling policies and practices," she said. "The 'tip of the iceberg' may well apply here; it will be up to the FTC to find this out, though."
It is unclear whether AOL's release of the user search data was illegal, but if AOL broke the law, the FTC should take action, said Ari Schwartz, deputy director of the Center for Democracy and Technology, which receives a small fraction of its funding from AOL.
Schwartz said he was not convinced of the need for new action by Congress — specifically, a bill offered by Representative Edward Markey that would restrict how long all Web site operators can "warehouse" consumer data. It would be preferable for the industry to come to an agreement on uniform, voluntary standards, he said.
The notion that search companies are retaining information about users' personal searches, which "should be routinely deleted", is a lingering concern, said Marc Rotenberg, executive director of the Electronic Privacy Information Center.
"AOL could do a real service to the online community," Rotenberg said in an email interview, "if it would commit to permanently (deleting) all personal search details and challenge other search companies to do the same".
Did you find this article useful?
159 out of 262 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
1 comment
-
I've been reading ZDNET's coverage on the AOL priv... Marilee Veniegas
