Wednesday, August 09, 2006

AOL - Don't Ask, Don't Tell



"Sometimes mistakes will be made, but the alternative is that no one ever takes a risk, and progress just grinds to a halt." Dr Erik W. Selberg, head of algorithmic Web search relevance group, Microsoft

Oops. Seems AOL, intending to provide industry search experts with internal details of 20 million private search queries from its users, unintentionally made the results available to the web at large.

Though the samples were tagged only by numbers, users' identities and a wealth of personal information were easily discovered by tech savvy bloggers.

As a former employee and continuing member I tend to bend over backward defending AOL and touting its offerings. And I always mention the safety of surfing the web from inside AOL's secure proprietary software. I still believe in that protection, at least from outside predators.

Let's take a trip down memory lane to a simpler time at AOL, the 80's and 90's, before hacking became a daily cultural phenomenon. In those early days, we were reinventing communication. Making the Internet easy and accessible -- to non-geeks, regular people and businesses big and small.

There was no universal Internet Search back then. No Google. Yahoo was just emerging. But the tech geniuses at AOL had already come up with a search tool and made it available to AOL members through the magic of Keywords.

Type a key word or phrase into a special search window, and whoosh, you're there. Keyword search technology exists today inside AOL software and connects users to Internet search now powered by Google.

AOL employs an internal database to manage and record user accounts and activities. It provides research gurus with invaluable macro and micro marketing information.

Most companies from banks to boutiques use the same kind of benign Big Brother technology to service and market to their customers. But in the wrong hands, it's a dangerous weapon.

Even before hackers took over cyberspace, an invasion of privacy incident occurred at AOL with enormous consequences for one particular AOL user. I'm frankly surprised nobody's brought it up.

Here's the story: In 1998 there was an AOL member who was also a member of the armed forces. He paid for a personal AOL account. And created a screen name--an alias--to keep his online activities private.

Like millions of AOL members, he also created a profile reflecting his anonymous online persona. In his profile he identified himself as gay. Let's be clear, he didn't commit a crime. He didn't solicit children. He might not have been gay. Lots of people act out fictions and fantasies online.

This guy simply used his AOL account to express himself among other adults in supposed privacy online, operating under Don't Ask, Don't Tell, Don't Pursue. Which was also the military's policy at the time.

Can you see what's coming?

The guy sent an email from his AOL account to a fellow officer. She got curious, hit Keyword: Profile and looked him up. She saw that under Marital Status he'd entered: Gay. She notified superior officers.

A Navy investigator called AOL, supplied the screen name and profile and asked for confirmation of the guy's real name. A customer service moron--immediately thereafter fired--willingly supplied it.

Boom. The Navy started proceedings to discharge the guy for being gay. Bam. The guy sued the Department of Defense to stop his discharge, alleging invasion of privacy. Bing. The guy also sued AOL for violating his privacy by giving confidential information to the Navy. Hell, to anyone without a subpoena, search warrant, or court order.

The Navy settled. AOL settled. The guy kept his job, got a promotion and finished out his naval career with honor.

And all AOL employees lost access to the company's internal member database. Except of course those in tech support and customer service who can't help users without that access.

What's interesting to me is that it took a regrettable and preventable situation to make the bigwigs at AOL realize the company had grown up and needed to operate more responsibly.

Now that it's growth is dwindling, seems they're forgetting again.

And by the way, if you want to know the whole story, I've given you just enough information to help you search for it. You won't believe that poor guy's real name.

Labels:

0 Comments:

Post a Comment

<< Home