The AOL Fallout Continues
Two weeks after AOL published private search log data from more than 600,000 users, the researcher responsible for the breach, as well as the researcher’s supervisor and Chief Technology Officer Maureen Govern have been fired.
AOL Digital Services President John McKinley, who Govern replaced last year, will take over as interim CTO until a permanent replacement is found.
Wow.
Though the firing was a necessary step, it still came as a surprise and was somewhat hard to swallow. It’s unusual to see someone as high up the ranks as Govern take a fall, but if AOL hopes to re-brand itself as a “consumer-focused Internet company”, it’s something that had to be done. It’s vital that AOL acknowledge the screw-up and show users that what happened was not acceptable by any means, and that it won’t happen again. Today’s firing is an unfortunate, but important, first step in doing that.
In the hope of rebuilding users’ trust, AOL has also promised to put together a task force to “develop new best practices on privacy” and to determine how long search and other data should be saved.
I’m glad to see AOL is stepping up and doing what needs to be done. Earning back the trust of its users will be an ongoing daily process that must take center stage from here on out.
Of course, simply playing musical chairs will not solve the problem at hand. This problem extends much further than Govern’s desk and far beyond AOL. What happened at AOL could have easily happened at Google, Yahoo! or any of the other engines. Privacy concerns run industry-wide and will only be solved through increased transparency.
Up until this point, the search engines have been relatively silent about what information they store, who has access to it and how long they’re holding it for. Two months ago when the engines were asked how long they kept search data, reps from Google and Yahoo! both responded “for as long as it is useful“. I don’t know about you, but that answer doesn’t exactly squash my concerns. In fact, it heightens them.
Also scary: When AOL was asked the same question, they responded “roughly up to 30 days”. The breach showed us that wasn’t entirely truthful either.
Hopefully the breach has woken up complacent users who were far too willing to hand over all their personal information to the search engines in return for never having to enter in a password. Hopefully the idea that their personal information and supposed-secure queries are not so secret after all will force them to demand answers and hold the engines accountable.
If users care about their safety and privacy, the days of the engines picking and choosing what they tell us must come to an end. The engines need to take a more transparent stance with their privacy policies. Ideally, they should be working together to form one clear initiative. Searchers should know what information is being stored, they should have control over how the information is used, and there should be iron-clad system in place to prevent it from being misused by others. Anything else is both unacceptable and unsafe.
What happened at AOL was a gross reminder that the data the engines collect is saved and could therefore be leaked out to unscrupulous third parties.
Like I said before, good for AOL for taking the initial steps necessary to correct the problem, but now it’s time for the other engines to follow suit, and for you as a user to demand that they do. You wouldn’t let your family go to a doctor who refused to explain their privacy policy, so why would you agree to use an engine who won’t explain theirs? You shouldn’t.