UNITED STATES OF AMERICAFEDERAL TRADE COMMISSION)In the Matter of))AOL LCC,)DOCKET NO.a majority-owned subsidiary of)TIME WARNER INC.))REQUEST FOR INVESTIGATION ANDCOMPLAINT FOR INJUNCTIVE RELIEFThe Electronic Frontier Foundation (“EFF”), having reason to believe that AOL LLC(“AOL”) has violated the Federal Trade Commission Act, and that investigation and injunctiverelief is in the public interest, alleges that AOL committed unfair and deceptive trade practicesby intentionally and publicly disclosing Internet search histories of more than half a million AOLusers. Press reports, the analysis of commentators, and EFF’s own research show that these datainclude sensitive, personal information that can be linked to individuals.In support of its complaint, EFF alleges as follows.1. The Electronic Frontier Foundation is a 501(c)(3) nonprofit organization founded in1990 to protect civil liberties in the digital age. Based in San Francisco, CA, EFF is amembership-supported organization that litigates and educates the public on issuessuch as free expression, freedom of the press, fair use of copyrighted works,anonymity, security, and privacy as they relate to computing and the Internet.2. AOL is a Delaware corporation and a majority-owned subsidiary of Time Warner Inc.AOL maintains its principal place of business at 22000 AOL Way, Dulles, VA20166. Time Warner Inc. is a Delaware corporation and maintains its principal placeof business at One Time Warner Center, New York, NY 10019. AOL describes itselfto the public as “a Web portal that provides a variety of custom content on top oflinking you to relevant information available on the Internet.”1 AOL also providesInternet connectivity options and specialized client software to its registered users.2AOL’s mission statement says that the company is dedicated “to the simple premise1AOL, Welcome to AOL, (last visited Aug. 13, 2006).AOL, The New AOL — We’ve Changed, (last visited Aug. 13, 2006)(describing dial-up Internet connectivity and other services); AOL, AOL Products: AOL 9.0 Security Edition —Providing Consumers With a Safer, More Secure Online Experience, (last visited Aug. 13, 2006) (describing AOL client software). Although previously only available topaying members, Time Warner Inc. announced on August 2, 2006 that AOL would begin offering its client softwarefor free. Press Release, Time Warner Inc., Time Warner Announces that AOL Will Offer Its Software, E-mail andMany Other Products for Free to Broadband Users (Aug. 2, 2006), ,1222063,00.html.2

that our members and consumers deserve the best possible – and most valuable –online experience available anywhere.”33. AOL is a “corporation” as defined by Section 4 of the Federal Trade CommissionAct, 15 U.S.C. § 44.4. The acts and practices described in this complaint constitute “commerce” within themeaning of Section 4 of the Federal Trade Commission Act, 15 U.S.C. § 44.FACTUAL ALLEGATIONSAOL’s Collection of Personal Consumer Data andPrivacy Practices5. In addition to offering Internet users a search engine via its web sites and, registered AOL users may conductInternet searches using the search engine included in their AOL client software. AOLusers can type words and phrases into the software’s search box to generate anautomated list of links to web pages containing information relevant to theirinterests.46. The AOL Network Privacy Policy makes representations to consumers about how thecompany secures AOL users’ privacy and disseminates their personal information.This policy contains the following statements regarding the privacy and security ofpersonal information collected by AOL:Collection of Your AOL Network Information. Your AOL Networkinformation consists of personally identifiable information collected orreceived about you when you interact with the AOL Network’s Web sites,services and offerings as a registered user. Depending on how you use theNetwork, your AOL Network information may include . . . informationabout the searches you perform through the AOL Network and how youuse the results of those searches[.]***How Your AOL Network information is Used. . . .Your AOL Network information may be shared with the Network’saffiliated providers.5 You have choices about how your AOL Network3AOL, Our Mission, (last visited Aug. 13, 2006).AOL, AOL Products: AOL 9.0 Security Edition — Providing Consumers With a Safer, More Secure OnlineExperience (discussing features of latest AOL client software, including “enhanced AOL search” features).5According to AOL:42

information is used, and whether affiliated providers receive personallyidentifiable information about you as an AOL Network user. Affiliatedproviders that receive your AOL Network information may use thisinformation according to their applicable privacy policies.Your AOL Network information will not be shared with third partiesunless it is necessary to fulfill a transaction you have requested, in othercircumstances in which you have consented to the sharing of your AOLNetwork information, or except as described in this Privacy Policy. TheAOL Network may use your AOL Network information to presentoffers to you on behalf of business partners and advertisers. Thesebusiness partners and advertisers receive aggregate data about groups ofAOL Network users, but do not receive information that personallyidentifies you.***Your Choices About Your AOL Network Information. . . . [S]omeAOL Network services (AOL Search, for example) may offer you theability to control what information is collected or used when you use theseservices.You may also choose whether the AOL Network’s affiliated providersreceive personally identifiable AOL Network information. This choicedoes not apply to the sharing of AOL Network information necessary toprovide you the basic functionality of the Network (for example,recognizing you as an authenticated user on affiliated providers’ Websites or services). Additionally, the AOL Network may share personallyidentifiable AOL Network information with one or more of its affiliatedproviders when that information is necessary to carry out a specifictransaction or request you make for an offering from the Network or itsaffiliated providers, or as otherwise specified at the time you takeadvantage of that particular Network offering.***“The AOL Network’s affiliated partners include, or will soon include: AOL Internet Phone Service (AOL Enhanced Services L.L.C.)The AOL Network may in the future designate other affiliated providers.”AOL Network, Affiliated Providers, (last visited Aug. 13, 2006).3

Our Commitment to Security. The AOL Network has establishedsafeguards to help prevent unauthorized access to or misuse of your AOLNetwork information[.]6The policy is attached hereto as Exhibit A.7. The AOL Network Privacy Policy does not state that AOL will disclose users’ searchqueries or any other AOL Network information to third-party researchers or thegeneral public.AOL’s Disclosure of 20 Million Consumer Search Records8. On August 7, 2006, media organizations reported that AOL had publicly disclosedroughly 20 million search queries typed into the AOL client software byapproximately 658,000 AOL users during March, April and May 2006.7 The data,posted as a 440-megabyte downloadable file named 500Kusers.tgz, were publiclyavailable on the web site for ten days before AOL removedit.89. The news reports indicate that the personal data AOL disclosed included searchqueries revealing names, addresses, local landmarks, and medical ailments.9Hundreds of the search queries also included such personal information as credit cardnumbers and Social Security numbers, the disclosure of which may facilitate identitytheft.10 The disclosure also made public extremely sensitive search queries such as“how to tell your family you’re a victim of incest,” “surgical help for depression,”“how to kill your wife,” “men that use emotional and physical abandonment tocontrol their partner,” “suicide by natural gas,” “how to make someone hurt for thepain they caused someone else,” “revenge for a cheating spouse,” “will I beextradited from ny to fl on a dui charge,” and “my baby’s father physically abuses6AOL, AOL Network Privacy Policy (last updated Apr. 3, 2006), pp.See, e.g., Kenneth Li, “AOL Draws Fire After Releasing User Search Data,” Reuters, Aug. 7, x?type internetNews&storyID 2006-08-07T183427Z 01WEN3477 RTRUKOC 0 US-AOL-PRIVACY.xml; Jeremy Kirk, “AOL Search Data Reportedly Released,” IDGNews Service, Aug. 7, 2006, php.8Parmy Olson, “AOL Lets Info Slip,”, Aug. 8, 2006, rnet-data-cx po 0808aol.html.9See, e.g., Olson, “AOL Lets Info Slip”; Michael Barbaro and Tom Zeller, “A Face is Exposed for AOL SearcherNo. 4417749,” NY Times, Aug. 9, 2006, available at .html?hp&ex 1155182400&en 9b5fd9ff341e3216&ei 5094&partner homepage; Anick Jesdanun, “AOLApologizes for Privacy Breach,” Associated Press, Aug. 8, 2006, available at t.10See, e.g., Ellen Nakashima, “AOL Takes Down Site With Users’ Search Data,” Washington Post, Aug. 8, 2006,at D01, available at le/2006/08/07/AR2006080701150.html;Olson, “AOL Lets Info Slip.”74

me.”11 The data did not directly link consumers’ names or AOL screen names to theirsearches. However, each individual user’s search queries during the three-monthperiod were linked to a single unique identification number, creating a completesearch history for each user.12 The data also contained, inter alia, the domain namesof all web pages that the consumers visited as a result of their searches, and the timeand date of each search.1310. In addition to the search history data, AOL posted a description of the data set on, which included the following disclaimer:CAVEAT EMPTOR—SEXUALLY EXPLICIT DATA! Please beaware that these queries are not filtered to remove any content.Pornography is prevalent on the Web and unfiltered search engine logscontain queries by users who are looking for pornographic material.There are queries in this collection that use SEXUALLY EXPLICITLANGUAGE. This collection of data is intended for use by matureadults who are not easily offended by the use of pornographic searchterms. If you are offended by sexually explicit language you shouldnot read through this data. Also be aware that in some states it may beillegal to expose a minor to this data. Please understand that the datarepresents REAL WORLD USERS, un-edited and randomly sampled,and that AOL is not the author of this data.14This description is attached hereto as Exhibit B.11. This “caveat emptor” disclaimer reflects AOL’s awareness that the datawere sensitive. The data’s sensitivity shows that AOL users expected thattheir search queries would not be disclosed to the public.1512. After AOL’s disclosure was reported by the media, AOL Spokesperson AndrewWeinstein released the following statement, attached hereto as Exhibit C:This was a screw up, and we’re angry and upset about it. It was aninnocent enough attempt to reach out to the academic community withnew research tools, but it was obviously not appropriately vetted, and if it11Declan McCullagh, “AOL’s Disturbing Glimpse Into Users’ Lives,” CNET, Aug. 9, 2006, offers glimpse into users lives/2100-1030 3-6103098.html.12Nakashima, “AOL Takes Down Site With Users’ Search Data”; Dawn Kawanoto and Elinor Mills, “AOLApologizes for Release of User Search Data,” CNET, Aug. 9, 2006, apologizes for release of user search data/2100-1030 3-6102793.html.13500k User Session Collection, available at README.txt (lastvisited Aug. 14, 2006).14While the description was subsequently removed from, the text has been mirrored at README.txt, See id. (emphases in original).15See Gonzales v. Google, Inc., 234 F.R.D. 674, 684 (N.D.Cal. 2006) (finding that “the statistic that over aquarter of all Internet searches are for pornography indicates that at least some [internet] users expect some sort ofprivacy in their searches.”).5

had been, it would have been stopped in an instant.Although there was no personally-identifiable data linked to theseaccounts, we’re absolutely not defending this. It was a mistake, and weapologize. We’ve launched an internal investigation into what happened,and we are taking steps to ensure that this type of thing never happensagain.Here was what was mistakenly released: Search data for roughly 658,000 anonymized users over a three monthperiod from March to May. There was no personally identifiable data provided by AOL withthose records, but search queries themselves can sometimes includesuch information. According to comScore Media Metrix, the AOL search network had42.7 million unique visitors in May, so the total data set coveredroughly 1.5% of May search users. Roughly 20 million search records over that period, so the dataincluded roughly 1/3 of one percent of the total searches conductedthrough the AOL network over that period.The searches included as part of this data only included U.S. searchesconducted within the AOL client software.16Mr. Weinstein was later quoted in news reports as confirming that AOL releasedinformation that could be used to identify individuals.1713. AOL admittedly intended the disclosed data to be used by third-party researchers, inclear violation of its privacy assurances. Furthermore, the data were available toanyone who visited or any other web site that subsequentlymirrored or posted the data.14. The data are now freely available on the Internet to anyone who wishes to download,analyze, or otherwise use it. For example, Internet users can search the database byuser ID number, keyword, or web site result at sites such as and, or downloadthe complete database at t of Andrew Weinstein, AOL Spokesman, TechCrunch, AOL: “This was a screw up” (Aug. 7, 2006),available at a-screw-up.17See, e.g., Barbaro and Zeller, “A Face is Exposed for AOL Searcher No. 4417749.”18Should this data become unavailable online, EFF will provide a CD-ROM with the full database to theCommission upon request.6

15. On August 9, 2006, the New York Times reported in an article, attached hereto asExhibit D, that it had combined the data posted by AOL with other publicly availabledata to identify and locate AOL user No. 4417749, Thelma Arnold.19 Ms. Arnoldconfirmed to the newspaper that she had performed the search queries that led theNew York Times to contact her. The newspaper also reported that several bloggersclaim they have identified other AOL users’ search histories based on availableinformation.16. EFF has also identified online commentators who have discussed specific searchhistories that may identify particular AOL users or households conducting searches.In the interest of protecting the privacy of these AOL users, EFF has provided thisinformation to the Commission in an explanatory confidential appendix attachedhereto as Exhibit E.17. Based on its own preliminary analysis of the data disclosed by AOL, as well as thereview of others, EFF has determined that substantial amounts of various types ofpersonally identifiable information is likely contained in that data. For example, EFFhas identified 175 searches from 106 distinct users that appear to contain SocialSecurity numbers (i.e., “ - - ”), 8457 searches from 3739 distinct users thatappear to contain phone numbers, and 10835 searches from 4099 distinct users thatappear to contain street addresses. Additionally, 278 searches appear to containMySpace “friend ids,” unique numbers that identify particular personal web pageshosted at EFF has provided examples of some of thesesearches to the Commission in the confidential appendix attached hereto as Exhibit E.18. Furthermore, based on its review of the disclosed data, EFF found multiple examplesof search histories that may personally identify a particular AOL subscriber orhousehold, whether directly or in combination with publicly available information.These search histories reveal private, sensitive information about individuals’personal interests, medical concerns, sexual preferences, familial circumstances, andmore. EFF has also identified individual search queries that contain substantialamounts of personally identifiable information such as names, addresses, SocialSecurity numbers, birth dates and driver’s license numbers. In the interest ofprotecting the privacy of these individuals, EFF has provided examples of thesesearch histories to the Commission in the confidential appendix attached hereto asExhibit E. EFF can also provide a CD-ROM to the FTC containing the complete dataset as disclosed by AOL, if requested.19. No fewer than thirty states require that consumers be notified when security breachesresult in the unauthorized disclosure of personal information.20 Many of these laws19Barbaro and Zeller, “A Face is Exposed for AOL Searcher No. 4417749.”States that have passed breach notification laws in recent years, include Arkansas, Arizona, California, Colorado,Connecticut, Delaware, Florida, Georgia, Illinois, Indiana, Kansas, Louisiana, Maine, Minnesota, Montana,Nebraska, Nevada, New Hampshire, New Jersey, New York, North Carolina, North Dakota, Ohio, Pennsylvania,Rhode Island, Tennessee, Texas, Utah, Washington, and Wisconsin. ’’207

may well be triggered by AOL’s release of certain types of personal consumer datahere. However, in the absence of Commission action, there is no uniform, nationwidelegal protection for all consumers affected by AOL’s disclosure.20. Furthermore, companies currently have few market incentives to take measures toprotect consumers from similar data breaches in the future. When companies retainconsumer data for unnecessarily long periods of time, they create security risks.Public policy thus weighs in favor of requiring companies to keep consumerinformation only as long as absolutely necessary to provide the services thatconsumers request.21. AOL and other search engine providers are unlikely to police their own practices withrespect to search information security. When asked whether AOL’s data breach islikely to change Google’s search history retention practices, Google CEO EricSchmidt responded, “[w]e are reasonably satisfied . . . that this sort of thing would nothappen at Google, although you can never say never.”2122. To make matters worse, data disclosure by Internet companies is almost entirely outof consumers’ control. None of the consumers affected by AOL’s data breach couldhave taken steps to avoid this type disclosure, except by choosing not to use AOLsearch services or other search engines.23. The disclosure of a consumer’s detailed Internet search history, even if“anonymized,” can reveal a consumer’s identity. AOL had admitted that “searchqueries themselves can sometimes include [personally identifiable data],” and that theinformation AOL disclosed can be used to identify particular individuals. Further, asdemonstrated by the New York Times article described in ¶ 15, supra, the research ofcommentators described in ¶ 16, supra, and EFF’s analysis described in ¶¶ 17-18,supra, individual consumers have already been identified as a direct result of AOL’sdisclosure.VIOLATIONS OF THE FEDERAL TRADE COMMISSION ACTCount I – Deceptive Trade Practice24. Through the means described in ¶ 6 above, AOL represented, expressly or byimplication, that it implemented reasonable and appropriate measures to protectpersonal consumer information from public disclosure.25. In truth and fact, AOL did not implement reasonable and appropriate measures toprotect personal consumer information from public disclosure. Specifically, AOLmade 658,000 consumers’ detailed search data available to third-party researchersand the general public. Furthermore, AOL’s misrepresentations were material21Michael Liedtke, “Google to Keep Storing Search Requests,” Associated Press, Aug. 11, 2006, available EBSQ80.htm?sub apn tech down&chan tc.8

because they were likely to affect a consumer’s choice of or conduct toward use ofAOL’s service. Therefore, the representations made above in ¶ 6 were false andmisleading.26. The acts and practices of AOL as alleged by EFF in this complaint are deceptive actsor practices in or affecting commerce in violation of Section 5(a) of the Federal TradeCommission Act.Count II – Unfair Trade Practice27. As set forth in ¶¶ 8-14 above, AOL failed to employ proper security measures or takeprecautions to protect personal consumer information from public disclosure, whichcaused or is likely to cause substantial injury to consumers. The personal consumerinformation disclosed by AOL may, in some cases, be combined with other publiclyavailable data to identify individual consumers or expose them to the risk of identitytheft. This injury is not offset by countervailing benefits to consumers orcompetition, and is not reasonably avoidable by consumers. Furthermore, thispractice runs counter to public policy. This practice was, and is, an unfair act orpractice.28. The acts and practices of AOL as alleged by EFF in this complaint are unfair acts orpractices in or affecting commerce in violation of Section5(a) of the Federal TradeCommission Act.PRAYER FOR RELIEFWHEREFORE, EFF respectfully requests that this Commission:A. investigate the circumstances surrounding AOL’s disclosure of consumers’ personalinformation;B. order AOL to notify, via electronic and certified mail, each consumer whose searchdata has been publicly disclosed by AOL, and provide each consumer a copy of his orher disclosed record;C. order AOL to publicly disclose the full extent of the data breach, including whethersimilar consumer data has previously been made available to researchers or thirdparties;D. order AOL to expedite service cancellation and waive any cancellation or other feesupon service termination for all AOL subscribers who request cancellation as a resultof AOL’s disclosure of search data, including but not limited to those subscriberswhose data were disclosed;E. order AOL to pay for at least one year of credit monitoring service for each individualaffected by the data disclosure to help guard against identity theft;9

F. order AOL to refrain from collecting or storing logs of its users’ search activityexcept where necessary incident to the rendition of AOL’s services or the protectionof AOL rights and property, and to refrain in any case from storing logs of its users’search activity in personally identifiable form or for more than fourteen (14) days;G. order AOL to amend its privacy policy to clearly include all search queries in thecategory of “AOL Network information” that is protected by the policy, regardless ofwhether those data are identifiable to a particular consumer;22H. order AOL to refrain from explicitly or implicitly misrepresenting the extent to whichit protects or discloses any personal information maintained about consumers in thefuture;I. order AOL to provide clear and conspicuous links on its web sites to theCommission’s educational materials about Internet privacy;J. order AOL to obtain a biannual assessment and report from a qualified, objective,independent third-party professional, using procedures and standards generallyaccepted in the profession, within one hundred and eighty (180) days after service ofthe Commission’s order, and biannually thereafter for twenty (20) years after serviceof the Commission’s order, that:i. set forth the specific administrative, technical, and physicalsafeguards that AOL has implemented and maintained during thereporting period to limit data retention and protect the privacy ofconsumer data;ii. explain how such safeguards are appropriate to AOL’s size andcomplexity, the nature and scope of AOL’s activities, and thesensitivity of the personal information collected from or aboutconsumers;iii. explain how the safeguards that have been implemented meet orexceed the protections required by other parts of theCommission’s order; andiv. certify that AOL’s security program is operating with sufficienteffectiveness to provide reasonable assurance that the security,22Currently, the AOL Network Privacy Policy purports to apply only to personally identifiable information. SeeAOL, AOL Network Privacy Policy (last updated Apr. 3, 2006) (“When you register with and use the AOLNetwork, you provide the AOL Network with personally identifiable information (your ‘AOL Networkinformation’). This Policy explains the information practices that apply to your AOL Network information .”).10

confidentiality, and integrity of personal information is protectedand, for biennial reports, has so operated throughout the reportingperiod;L. take any and all action the Commission deems appropriate pursuant to the SafeHarbour agreement between the United States and European Union; andM. order any other relief the Commission deems appropriate.Respectfully submitted,DATED: August 14, 2006Cindy CohnKevin BankstonElectronic Frontier Foundation545 Shotwell St.San Francisco, CA 94110Telephone: (415) 436-9333Facsimile: (415) 436-9993/s/ Marcia HofmannMarcia HofmannDavid L. SobelElectronic Frontier Foundation1875 Connecticut Avenue, N.W.Suite 650Washington, DC 20009Telephone: (202) 797-9009Facsimile: (202) 797-9066Counsel for Complainant11

Apr 03, 2006 · 2. AOL is a Delaware corporation and a majority-owned subsidiary of Time Warner Inc. AOL maintains its principal place of business at 22000 AOL Way, Dulles, VA 20166. Time Warner Inc. is a Delaware corporation and maintains its principal place of business at One Time Warner