News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Jerri Ledford's picture
Jerri Ledford

More posts | Read bio

August 16, 2006 - 1:30 A.M.

Will AOL step up and be responsible?

3 comments

Looks like AOL's playing the ostrich--hiding it's head in the sand, hoping the problem will go away.  In response to concerns that search data that was released to the public could lead to identity theft, an AOL spokesperson is quoted as saying, "There is no way to unscramble the identifier codes back into the account names."  The only problem with that is that journalists have been able to track down some of the users whose searches were exposed.

So, the users can be tracked down.  For that matter, by some reports, there were social security numbers and other sensitive (and identifying) information included in the search results.  The question now is: What's AOL going to do about it?

The Electronic Frontier Foundation (EFF) thinks that the company should be forced to notify users and to provide credit reporting services for a year.  That's a pretty good idea, but I think that, like the VA, AOL will find a way not to go to the expense.  And that's a pretty disturbing thought.  Not because it's not being done nearly as much as because it's another instance of a major data breach that's going un-punished.

Un-corrected would be the wrong word, because AOL did (after plenty of pressure) pull the search results off the site.  But there's certainly been no reason for AOL to stand up and be accountable as of yet.  If the EFF recommendations to the FTC are heeded, then possibly AOL will have to become responsible.  But if those recommendations fall on deaf ears, AOL will walk away from this mess without much of a scratch.

There appears to be a trend here.  It seems that if your organization is large enough, with enough pull, then you can put your customers' information at risk without too much concern for fallout beyond some negative media attention.  And give it enough time and the media will turn to other, more exciting news stories. 

So, when will it end?  When will organizations be forced to take responsibility for their carelessness?  Let's hope it's sooner, rather than later.

What People Are Saying

Add new comment

Why would AOL act

Submitted by Anonymous on September 9, 2006 - 10:24 A.M.

Why would AOL act responsibly in any case? They won't help me after one of their users stole my credit card information and used it to charge 100.00 in some sleazy chat room. I want to prosecute the scum, but after three emails AOL still will not reply to me. I have the IP address that the scum used and his (now defunct) AOL email address. They do NOTHING.

I'm not surprised that AOL is pretending nothing is wrong.

Report this comment

Hmmmm. Are we to believe a

Submitted by Another_Steve on August 16, 2006 - 5:07 P.M.

Hmmmm. Are we to believe a company that most likely already conducts very "deep" data mining activities for their own benefit is being truthful with the statement "There is no way to unscramble the identifier codes back into the account names"? Does AOL still have the original query logs (with account names intact)? (Likely, although to avoid prosecution their lawyer types may have already advised them to destroy the data...) Does AOL still have a copy of the data it released? (If not, they can easily find it available on the net). Having these two components, how difficult can it be to join the search queries from both sets of data to come up with the accounts they should be profusely apologizing to?

Report this comment

I have no idea if my

Submitted by Steve on August 16, 2006 - 11:52 A.M.

I have no idea if my information was in the AOL release or not. I ceased to be one of their customers about 3 years ago, and I haven't heard if the exposure included past customers. I do know that I'm one of the many folk whose info was on the VA laptop.

My prediction is that these companies and government agencies are going to regret refusing to protect the victims of their incompetence. I know that if I find myself a victim of identity theft, and the theft can be traced back to the VA or AOL (or any other entity that refused to protect the victims of its incompentence) I would be working up a major lawsuit against the C-levels that made these poor decisions. Of course the VA officers have some protection under the Tort Claims Act, but that protection is not absolute. The AOL officers have no such protection.

I have to believe that I'm not the only person who sees the ethical and legal responsibility these C-levels have to undo the damage caused by their company's mistakes. If not me sueing them, it will be someone else. With this much data exposed, you just know someone's going to get their identity stolen.

Report this comment

Related Posts

Do Railhead right or don't deploy until it IS right
We have met the enemy, and he is us.
Google and DoubleClick, sittin' in a tree (and Magneto Boy)
Federal encryption standardization

Today's Top Stories

Droid launch draws tech-savvy crowd
AMD graphics chip shortage hits PC vendors
Intel readies 2.3GHz, 3.5GHz WiMax support with Kilmer Peak
First iPhone worm spreads Rick Astley wallpaper
Mozilla fixes Firefox crash bug
Update fixes iPhone sync problem with Windows 7 for some
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.