For reasons of its own AOL recently released a ~450 mb file containing three months of search records for 650,000 AOL users. They took it offline fairly quickly, but by that time the file had already crossed the globe seventeen or eighteen times. Christian Beckner at Defensetech writes (formatting his):
People are already poring through the data, finding some very disturbing search patterns among a number of AOL’s users. In theory, there is no personally-identifiable information on the database, but if people ran searches that identify things about themselves, it often becomes easy to figure out who they are. In many ways, this is a worse privacy loss than the laptop stolen from the Veterans Administration employee earlier this spring, if it had been compromised.
This inadvertent disclosure of data forces the need for a public debate on the retention and use of search data by private companies, and the propriety of its use by government agencies. In January we learned that Google refused a DOJ subpoena to supply the government with exactly this kind of data – a request with which Yahoo!, AOL and MSN complied. These companies are compiling petabytes of search data on their servers, effectively archiving the collective subconscious of hundreds of millions of people.
If you have an AOL account then it should probably behoove you to check the file and find out exactly what anybody on Earth can now find out about you. On this issue I think that John Aravosis deserves credit for sounding the privacy alarm in the general blogosphere faster than practically anyone else. John was right that we all ought to be concerned about how porous our information security has become. Have you ever served in the army? You may have lost your SS # and other private information two or three times over. Maybe you have insurance, or a credit history on record or your employer keeps private employee information on a disk somewhere. Stupid mistakes or theft has lifted thousands to millions of private records at a time from each of those examples.
If we live in an information age where information is currency then we ought to treat information like currency. 7-11 managers don’t leave the evening’s till sitting on a curb or in an unlocked cabinet. Banks don’t let a mid-level manager carry random safe deposit boxes home in his briefcase and the Treasury Department doesn’t transport newly-minted money by pizza delivery boy. Unless we start doing so our personal identifiers, particularly the oft-pilfered ones like Social Security #, will mean less than nothing and cleaning up defrauded accounts will become a significant drain on the U.S. economy.
John Aravosis once pointed out that either party could make a winning issue out of protecting Americans’ privacy. God knows this has traditional conservatism written all over it, even if privacy questions mostly come from Democratic circles these days. Sadly, other than some noise from Hillary Clinton the silence has been bipartisan.