AOL security breach puts Web on notice
More than 600,000 users had their search queries posted online. Some individuals can be identified.
With each new cycle of high-tech products, computer power soars, plasma TV prices plunge, and cellphone functions multiply. But in the critical arena of privacy and data security, the wheels of progress seem to be moving in reverse.
Although the benefits of a Google search or an eBay purchase for most people outweigh the Internet's many threats and nuisances, this firewall factor is taking a big toll in costs and consumer consternation.
In recent days a furor has emerged over a colossal miscalculation in which a team at America Online (AOL) publicly posted the Internet search topics of hundreds of thousands of customers online. The goal was to support academic research about Web traffic, and AOL users' names were replaced by numbers. But that didn't guarantee anonymity.
The result was a major breach of trust and privacy that went from abstract concern to concrete fear when The New York Times was able to trace the identity of a Georgia woman based on her search queries.
This comes as the Department of Homeland Security this week urged users of Microsoft's Windows software to take steps to shield themselves from the latest malicious software attack. It also follows a string of computer security breaches at several federal agencies this year. The most alarming case happened in May, when the theft of a Department of Veterans Affairs laptop jeopardized the personal information of millions of former US soldiers.
"The danger is growing" as sensitive personal information increasingly resides online or in databases, says Paul Saffo, director of the Institute for the Future in Palo Alto, Calif. "You leave a digital wake behind you in cyberspace, and that trail never fades. That's the problem."
It's a threat to consumers, but also to corporations like AOL or Google. They have much to gain by tracking online behavior – and using the information to develop new products or to target ad pitches to specific people. But they also lose to the extent that customers are put off by intrusive policies, or if data breaches result in lawsuits.