It’s been almost three weeks since AOL’s research team released keyword search data for 658,000 users onto the Internet. Unlike other recent data breaches, in this case AOL employees voluntarily released the data, unwittingly circumventing their company’s privacy policies and security controls.
So it’s no wonder of profundity that the breach concerns privacy advocates and lay users alike. Not only must we protect ourselves from government intrusion into our search records, but now we have to be concerned about bad actors within Internet companies as well. Even academic researchers, the people who AOL thought would make most use of the data, are reticent to satisfy their curiosity.
AOL’s breach affected other companies as well. Google CEO Eric Schmidt was prompted to assure users that such a breach would never occur at his company. Asked at the SES conference in San Jose earlier in August why that was so, Schmidt said Sarbanes-Oxley procedures at Google made such a breach impossible.
Schmidt’s reassuring words, while expected, are disingenuous: Google employees can just as easily make an error in judgment, no matter how many perks and volleyball courts you give them.
At any rate, AOL’s data breach will have several repercussions online and off. Below, 10 consequences of the breach.
AOL may have to pay millions to monitor users’ credit
AOL better find that gold soon. Both the EFF and the World Privacy Forum filed complaints with the FTC last week. The former’s complaint says AOL should notify all affected users and pay for at least one year of credit monitoring. 657,426 user accounts x about $100 for one year of credit monitoring = over $65 million. AOL will probably get a volume deal on the credit reporting, but the cost won’t be negligible. (Unless ID Analytics offers to monitor the users’ credit for free, like with the VA Laptop case.)
Better marketing data for the scrupulous and unscrupulous alike
Marketers and SEOs can now tell their clients what the expected click-through rate will be based on where they place in AOL’s search results. If you’re ranked second, your click-through rate is 3.5 times less than No. 1. Second, 4.9 times less. SEOs also have greater insight into what the AOL demographic is searching for, too (hint: ring tones). Another benefit: understanding click paths.
Users’ identities revealed
The data may have been anonymized, but a little resourceful digging can reveal the names behind the numbers. Here’s hoping they’re not all interested in murder. A grad student working on a thesis, or a research firm trying to make a point, could have a field day figuring out who’s who.
Humans revealed to be shallow creatures. Again.
“The Web turns out to be every bit the domain of the unbounded id we always thought it was.”
Government focuses on security
Left hand, meet right hand. Even though our government wants to view search engine results, some lawmakers are trying to protect same. Maybe some of our elected representatives really are actually concerned about the Fourth Amendment? Of course, the renewed focus on security may come with a hefty price tag.
Data not only searchable, but presentable
Even lay users can have fun with the data. At least one Web site offers access to AOL’s data via an easy-to-use search. If you’d rather view the data offline, download the spreadsheet first.
AOL increases data security
So the 6 percent of people who still search on AOL can rest easy. AOL should champion a code of personal data stewardship among Internet companies.
AOL’s CTO resigns
AOL may face some serious legal consequences for the breach, so best to get rid of the scapegoat now. Two staffers were also discharged.
Data could help social search researchers
Talk about a free lunch. AOL researchers noted that 28 percent of all searches were refinements of earlier searches. So far, Yahoo’s approach is to match syntax through Yahoo Answers. Google’s approach is to offer refinement categories through a drop-down box.
AOL exposes itself to lawsuits
According to law experts, lawsuits are most likely to come from individuals — if they can show harm — and to play out differently in each state depending on tort laws.
I’m sure I left some consequences out, so leave your thoughts in the comments.