Not Good Enough (Part III)

Posted by on . One comment.

So, as difficult as computers are to use, and as obfuscated as they are to the uninitiated, we’re not done, and it’s not the worst part.

AOL exposes search logs of 500,000 users

AOL accidentally published online, recently, a log containing all of the AOL searches from March to May 2006 for about half a million users. These results were not associated with names, but with a little digging, it’s not hard to figure out where people live or who they might be by what they search for. AOL later apologized for the mix up and removed the data, but by then it had already been copied to other sources.

With this accidental leak comes the worry of another one–basically, publishing all of your searching online. As you might imagine, this would be fertile ground for marketers to sell you stuff, the government to find suspicious people, and for others to spy on you, all without your authorization.

Is that fear justified? Google’s CEO, Eric Schmidt, claims that they would never release that data:

“We have systems in place that won’t allow it to happen,” Schmidt told reporters Wednesday after a keynote discussion at the Search Engine Strategies conference here. “Our No. 1 priority is the trust our users have, and that would be a violation of trust, so the answer is that would not happen.”

However, during the keynote discussion, Schmidt had hedged a bit, saying, “We are reasonably satisfied…that this kind of thing could not happen at Google,” before adding, “Never say never.”

Now, while having reassurances like this make some feel better, it’s not good enough. If you were to give your personal internet history, your searches and your e-mails to someone you didn’t know personally, would this be acceptable?

Surprisingly, I imagine that most people would be comfortable with this. But keep in mind that AOL never intended to give away information that might violate users’ privacy–the slip up was accidental. The fact is, it’s simply wrong for so much of our information to depend on trust in a company when there’s no concrete way to guarantee its security. The possibility of accidental accidents and intentional accidents (government intrusion, possibly not just the U.S. either!) should lead companies to find better ways to secure their data.

We wouldn’t trust the government to keep a database of our information and not look at it. Having it in large accessible databases, however secure, is a time bomb.

Related Sources:

The “Data Valdez” versus the Privacy Ceiling

Death by Google Calendar: How I Identified you to rob you (note that the article is not really related and based on fallacious premises)

Comments

  1. The Blog of Justice » DRM in reverse says:
    September 16, 2006 at 2:25 pm

    [...] A while ago I wrote a flamebaitish entry where I said that your privacy should never depend on the trustworthiness of another person or company. After thinking about it a little, it occured to me that in essence, what we’re looking for is DRM, but in reverse. [...]

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>