AOL antagonized by action (and Oz pilot humor)

You've got IT Blogwatch! In which AOL gets hit with a class action privacy suit. Not to mention Aussie pilot humor...

Juan Carlos Perez explains:

Three AOL LLC members have sued the company over its controversial release of member search-engine records, in what their lawyers are billing as the first such lawsuit seeking national class-action status. The three members are charging the Time Warner Inc. subsidiary with, among other things, privacy violation, false advertising and unjust enrichment.
...
The lawsuit seeks monetary relief for all affected AOL members in the U.S. whose search data was disclosed without consent from Jan. 1, 2004, to the present. The plaintiffs also ask the court to instruct AOL not to store or maintain users' Web search records and to destroy the Web search records it currently has.
...
The lawsuit stems from AOL's decision to post on its research Web site about 20 million search records from about 658,000 of its members, covering the three-month period between March and May. AOL didn't disclose the names of the members, but it grouped each member's records with a unique number. This made it possible to see what each individual searched for. The data included search queries and the Web sites the members clicked to.

When the issue became a privacy scandal in August, AOL apologized and pulled the data from the Web site. But by then, the data set had been downloaded multiple times, and the records remain available online.

Martin McKeay wonders about data retention:

One of the elements of the suit that I do find slightly surprising is that it contends that AOL hasn't done much, if anything, to prevent a similar situation from happening in the future.  I'm sure someone inside AOL is thinking, "We fired those responsible, what more could you want?"  But the suit brings to light a very good point: what has AOL done to prevent this from happening again?  Once the information was released, it became impossible to ever pull it all back. 
AOL is probably going to end up paying for their slip-up, but if they are able to prove that they've taken concrete steps to stop the same thing from happening again, they'll likely get off a lot lighter.  But I'm confident that this suit will show that AOL went back to doing business as usual.  They've probably made some minor policy changes that forbid this particular incident from being repeated, but I doubt they've addressed the underlying issue of storing too much data for too long.

GMSV's John Paczkowski wonders why it took so long:

It's taken longer than expected, but the uproar over America Online's data Valdez has finally found its way to the court system ... the suit accuses AOL of violating the Electronic Communications Privacy Act, of fraudulent and deceptive business practices, and beyond that of a peerless ineptitude in its handling of the matter
...
The suit seeks at least $5,000 for every person whose search data was exposed and, more interestingly, a prohibition that would prevent AOL from storing search data altogether. That might sound impractical, but with the company already staring down a Federal Trade Commission complaint, such damages might not be all that far fetched. No doubt Google and Yahoo will be watching this one very closely.

Techdirt's Carlo:

AOL's release of search data from 500,000 users was, without a doubt, a serious gaffe. But it really appeared to be the result of a mistake (and a healthy dose of ineptitude) driven by good intentions -- trying to give search researchers a large chunk of data to work with. Heads rolled, and the attention further brought the issue of online privacy into the light, and, all things considered, the information released wasn't all that harmful to individual users. This isn't to say that AOL's release of the data was acceptable, but rather to illustrate that the company has likely learned its lesson -- but when did that ever stop class-action lawyers from getting involved? ... What's worse is that it also seeks to block AOL from storing search data altogether -- a move that might preclude any further leaks, but would certainly prevent any useful application or new feature based on studying or utilizing past search info. This is absolutely silly ... At best, this suit will just line the lawyers' pockets; at worst, it will severely hamper innovation in the search engine space. After all, if AOL will settle, expect teeming hordes of vultures to turn their attention to the likes of Google and Yahoo next.

Danny Sullivan is thoughtful:

Of course, not all of these people actually can be identified. To date, exactly one person was positively identified. The New York Times guessed at her identity, and she herself confirmed it. No doubt, others can also be determined, but not every one of the people involved will be. So when the suit says: The search queries themselves contain information that identify AOL members who made each search. That's only correct for a subset of the total users. Similarly, the lawsuit states: The Member Search Data holds sensitive financial information about the AOL members ... Not all of them. In fact, probably not true for the majority of them.
...
It will be interesting to see if the court case ultimately finds that everyone should receive payment, given the potential harm they suffered, or if it will only pay to those who prove in some way they actually were personally identifiable or had personal information released in some way because of AOL's actions. Perhaps there will be a compromise between the two, if the case succeeds.

Joe "Duck" Hunkins quacks:

It frustrates me (or I should really say it pisses the heck out of me) that 1) Search engines think they should have rights to my search info with no obligation to tell me what they do with my info and 2) there is a lack of concern in the online community about this. John Battelle has been one of the few voices pointing out that this issue is big and getting much bigger, that these privacy issues need a lot more clarification, and that search companies are sneakily dodging many key issues with search and privacy.
Contrary to many comments I read from other onliners, the Government viewing my data is low on my list of privacy concerns because I doubt they’ll choose to or be able to effectively process the information in sinister ways. However it bothers me a LOT that my search “fingerprint” is getting used without my consent, understanding, or permission in an effort by Google, Yahoo, et al to sell me things and adjust my search and internet experiences.

Slashdotters discuss:

cunina: With luck, this will accomplish two things:
1) Scaring other ISPs and related companies into better privacy safeguards
2) Hastening the timely demise of AOL

pimpimpim: 3) making people aware of what their ISP / anyone with (or even without) a search warrant, can find out about them by just combining their non-anonymous search history.

raehl: AOL, like most ISPs, has a privacy agreement ... most of these agreements also force binding arbitration - if that is the case here, can you even have a class action lawsuit based on the privacy agreement? And if not, are there any actual LAWS violated here? I don't see any legal culpability.

Buffer overflow:

Around the Net

• Jonathan Schwartz: Robert Scoble , the next Katie Couric
• Security Incite: The Role of Aggregate Data in Security
• Realtime-ITCompliance: Data Breach Notifications: OMB Recommendations
• Ed Foster: Vendor-Specific License Tools Loom
• Official Google Blog: Our call from space
• Eric Bangeman: IBM files for summary judgment against SCO
• George P. Alexander Jr.: An Introduction To Implementing A Secure SharePoint Portal Environment
• Larry Cone: Letter to a PM - What is MS Project good for?

Around Computerworld

• Martin MC Brown: Power savings - the small things add up
• Frank Hayes: DEMOfall: It's getting weird in here
• Frank Hayes: DEMOfall: Phone home
• Michael R. Farnum: The good ol' days of security - what was the Silver Lining?
• Frank Hayes: DEMOfall: This time it's controversial
• Angela Gunn: Snarf that patch!
• Preston Gralla: FCC chief: The fix is in for AT&T
• Martin MC Brown: Three approaches to lowering power costs
• Eric Ogren: Microsoft's Windows Defender Beta 2 blows Webroot SpySweeper away in my free anti-spyware test
• Robert L. Mitchell: GUI passions run deep
• Shark Tank: Sometimes you just can't please 'em
• Douglas Schweitzer: Buggy browsers bug me !

And finally... Aussie pilot humor

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.