AOL security breach puts Web on notice
More than 600,000 users had their search queries posted online. Some individuals can be identified.
With each new cycle of high-tech products, computer power soars, plasma TV prices plunge, and cellphone functions multiply. But in the critical arena of privacy and data security, the wheels of progress seem to be moving in reverse.Skip to next paragraph
Subscribe Today to the Monitor
Although the benefits of a Google search or an eBay purchase for most people outweigh the Internet's many threats and nuisances, this firewall factor is taking a big toll in costs and consumer consternation.
In recent days a furor has emerged over a colossal miscalculation in which a team at America Online (AOL) publicly posted the Internet search topics of hundreds of thousands of customers online. The goal was to support academic research about Web traffic, and AOL users' names were replaced by numbers. But that didn't guarantee anonymity.
The result was a major breach of trust and privacy that went from abstract concern to concrete fear when The New York Times was able to trace the identity of a Georgia woman based on her search queries.
This comes as the Department of Homeland Security this week urged users of Microsoft's Windows software to take steps to shield themselves from the latest malicious software attack. It also follows a string of computer security breaches at several federal agencies this year. The most alarming case happened in May, when the theft of a Department of Veterans Affairs laptop jeopardized the personal information of millions of former US soldiers.
"The danger is growing" as sensitive personal information increasingly resides online or in databases, says Paul Saffo, director of the Institute for the Future in Palo Alto, Calif. "You leave a digital wake behind you in cyberspace, and that trail never fades. That's the problem."
It's a threat to consumers, but also to corporations like AOL or Google. They have much to gain by tracking online behavior – and using the information to develop new products or to target ad pitches to specific people. But they also lose to the extent that customers are put off by intrusive policies, or if data breaches result in lawsuits.
"Think twice about it," Mr. Saffo advises businesses. "You may discover that private information is the new dioxin or the new asbestos.... This is a vast liability."
AOL could face lawsuits from members of the online community who contend that their privacy was violated in the recent lapse.
The chief executive of Google said Wednesday that the company would not change its policies as a result of AOL's mishap. "We are reasonably satisfied ... that this sort of thing would not happen at Google, although you can never say never," chief executive Eric Schmidt said.
At least one rival search engine, Ixquick.com, is trying to build its business on a pledge of privacy – that it won't keep records of users' Internet addresses.
AOL, for its part, has apologized and removed the user data from the Internet, but not before some other groups had copied it to other sites where it remains available.