What on earth was AOL thinking?

I can't say it's going to happen to everyone who's data was include in AOL's 'anonymized' search query logs, but this incident has the potential to lead to some embarrassing disclosures.  Over the weekend, AOL briefly placed on-line a database containing over 3 months of poorly anonymized search queries made by their customers.  This database contains the queries of some 500,000 AOL users, with the only step taken to sanitize the data was that the querying account name was replaced a randomly generated number. 

The searches themselves contain more than enough information to locate more than a few of the AOL customers.  After all, haven't you ever used a search engine to get directions from your house to a friends?   With a couple quick queries to the database a skilled data analyst could correlate every other query made by that account and build quite an impessive listing of what your interests are.  And the report itself acknowledges that quite a few of the search terms contain adult language.  If you don't think anyone is looking over this database, think again.  I'm willing to bet every major government intelligence organization and police organization is already pouring over the database, as well as many of the bad guys.

AOL released this database intentionally.  This was not an accidental disclosure. AOL thought they knew what they were doing.  When they realized they were wrong, they pulled the file.   But this is the Internet, and once it's been released, it's too late.  By the way, the md5 sum for the original document is 31cd27ce12c3a3f2df62a38050ce4c0a.  I haven't found a copy of the database in the last five minutes, but I'm sure at least some of the people reading this article will be able to find it with a little more effort.  The information was made public, however briefly, and someone had to have downloaded a copy for future publishing.

The fact that this was made public also gives law enforcement officers some interesting possibilities since they can search the data without needing a subpoena.  They can profile any number of individuals just from the information in the AOL logs.  The government had recently been trying to get almost the same information from Google and had been met with stiff legal opposition.  But because AOL went public with the database, I believe law enforcement and federal intelligence agencies can use the information in any way they want.  Which could be the real reason this was made public in the first place.

AOL has done their customer base a huge disservice.  I'll be surprised if they don't see several lawsuits.  People are going to have secrets about their search habits revealed through information their ISP should have been keeping private.  Or did AOL change their EULA in a way similar to AT&T, stating they can use your information any way they want to?  I'm just glad I'm not an AOL customer.