e-dokumen.id

me.”11 The data did not directly link consumers’ names or AOL screen names to theirsearches. However, each individual user’s search queries during the three-monthperiod were linked to a single unique identification number, creating a completesearch history for each user.12 The data also contained, inter alia, the domain namesof all web pages that the consumers visited as a result of their searches, and the timeand date of each search.1310. In addition to the search history data, AOL posted a description of the data set onhttp://research.aol.com, which included the following disclaimer:CAVEAT EMPTOR—SEXUALLY EXPLICIT DATA! Please beaware that these queries are not filtered to remove any content.Pornography is prevalent on the Web and unfiltered search engine logscontain queries by users who are looking for pornographic material.There are queries in this collection that use SEXUALLY EXPLICITLANGUAGE. This collection of data is intended for use by matureadults who are not easily offended by the use of pornographic searchterms. If you are offended by sexually explicit language you shouldnot read through this data. Also be aware that in some states it may beillegal to expose a minor to this data. Please understand that the datarepresents REAL WORLD USERS, un-edited and randomly sampled,and that AOL is not the author of this data.14This description is attached hereto as Exhibit B.11. This “caveat emptor” disclaimer reflects AOL’s awareness that the datawere sensitive. The data’s sensitivity shows that AOL users expected thattheir search queries would not be disclosed to the public.1512. After AOL’s disclosure was reported by the media, AOL Spokesperson AndrewWeinstein released the following statement, attached hereto as Exhibit C:This was a screw up, and we’re angry and upset about it. It was aninnocent enough attempt to reach out to the academic community withnew research tools, but it was obviously not appropriately vetted, and if it11Declan McCullagh, “AOL’s Disturbing Glimpse Into Users’ Lives,” CNET News.com, Aug. 9, 2006,http://news.com.com/AOL offers glimpse into users lives/2100-1030 3-6103098.html.12Nakashima, “AOL Takes Down Site With Users’ Search Data”; Dawn Kawanoto and Elinor Mills, “AOLApologizes for Release of User Search Data,” CNET News.com, Aug. 9, 2006, http://news.com.com/AOL apologizes for release of user search data/2100-1030 3-6102793.html.13500k User Session Collection, available at http://www.gregsadetsky.com/aol-data/U500k README.txt (lastvisited Aug. 14, 2006).14While the description was subsequently removed from http://research.aol.com, the text has been mirrored athttp://www.gregsadetsky.com/aol-data/U500k README.txt, See id. (emphases in original).15See Gonzales v. Google, Inc., 234 F.R.D. 674, 684 (N.D.Cal. 2006) (finding that “the statistic that over aquarter of all Internet searches are for pornography indicates that at least some [internet] users expect some sort ofprivacy in their searches.”).5

had been, it would have been stopped in an instant.Although there was no personally-identifiable data linked to theseaccounts, we’re absolutely not defending this. It was a mistake, and weapologize. We’ve launched an internal investigation into what happened,and we are taking steps to ensure that this type of thing never happensagain.Here was what was mistakenly released: Search data for roughly 658,000 anonymized users over a three monthperiod from March to May. There was no personally identifiable data provided by AOL withthose records, but search queries themselves can sometimes includesuch information. According to comScore Media Metrix, the AOL search network had42.7 million unique visitors in May, so the total data set coveredroughly 1.5% of May search users. Roughly 20 million search records over that period, so the dataincluded roughly 1/3 of one percent of the total searches conductedthrough the AOL network over that period.The searches included as part of this data only included U.S. searchesconducted within the AOL client software.16Mr. Weinstein was later quoted in news reports as confirming that AOL releasedinformation that could be used to identify individuals.1713. AOL admittedly intended the disclosed data to be used by third-party researchers, inclear violation of its privacy assurances. Furthermore, the data were available toanyone who visited http://research.aol.com or any other web site that subsequentlymirrored or posted the data.14. The data are now freely available on the Internet to anyone who wishes to download,analyze, or otherwise use it. For example, Internet users can search the database byuser ID number, keyword, or web site result at sites such ashttp://www.aolsearchdatabase.com and http://data.aolsearchlogs.com, or downloadthe complete database at t of Andrew Weinstein, AOL Spokesman, TechCrunch, AOL: “This was a screw up” (Aug. 7, 2006),available at a-screw-up.17See, e.g., Barbaro and Zeller, “A Face is Exposed for AOL Searcher No. 4417749.”18Should this data become unavailable online, EFF will provide a CD-ROM with the full database to theCommission upon request.6

15. On August 9, 2006, the New York Times reported in an article, attached hereto asExhibit D, that it had combined the data posted by AOL with other publicly availabledata to identify and locate AOL user No. 4417749, Thelma Arnold.19 Ms. Arnoldconfirmed to the newspaper that she had performed the search queries that led theNew York Times to contact her. The newspaper also reported that several bloggersclaim they have identified other AOL users’ search histories based on availableinformation.16. EFF has also identified online commentators who have discussed specific searchhistories that may identify particular AOL users or households conducting searches.In the interest of protecting the privacy of these AOL users, EFF has provided thisinformation to the Commission in an explanatory confidential appendix attachedhereto as Exhibit E.17. Based on its own preliminary analysis of the data disclosed by AOL, as well as thereview of others, EFF has determined that substantial amounts of various types ofpersonally identifiable information is likely contained in that data. For example, EFFhas identified 175 searches from 106 distinct users that appear to contain SocialSecurity numbers (i.e., “ - - ”), 8457 searches from 3739 distinct users thatappear to contain phone numbers, and 10835 searches from 4099 distinct users thatappear to contain street addresses. Additionally, 278 searches appear to containMySpace “friend ids,” unique numbers that identify particular personal web pageshosted at http://www.myspace.com. EFF has provided examples of some of thesesearches to the Commission in the confidential appendix attached hereto as Exhibit E.18. Furthermore, based on its review of the disclosed data, EFF found multiple examplesof search histories that may personally identify a particular AOL subscriber orhousehold, whether directly or in combination with publicly available information.These search histories reveal private, sensitive information about individuals’personal interests, medical concerns, sexual preferences, familial circumstances, andmore. EFF has also identified individual search queries that contain substantialamounts of personally identifiable information such as names, addresses, SocialSecurity numbers, birth dates and driver’s license numbers. In the interest ofprotecting the privacy of these individuals, EFF has provided examples of thesesearch histories to the Commission in the confidential appendix attached hereto asExhibit E. EFF can also provide a CD-ROM to the FTC containing the complete dataset as disclosed by AOL, if requested.19. No fewer than thirty states require that consumers be notified when security breachesresult in the unauthorized disclosure of personal information.20 Many of these laws19Barbaro and Zeller, “A Face is Exposed for AOL Searcher No. 4417749.”States that have passed breach notification laws in recent years, include Arkansas, Arizona, California, Colorado,Connecticut, Delaware, Florida, Georgia, Illinois, Indiana, Kansas, Louisiana, Maine, Minnesota, Montana,Nebraska, Nevada, New Hampshire, New Jersey, New York, North Carolina, North Dakota, Ohio, Pennsylvania,Rhode Island, Tennessee, Texas, Utah, Washington, and Wisconsin. ’’207

may well be triggered by AOL’s release of certain types of personal consumer datahere. However, in the absence of Commission action, there is no uniform, nationwidelegal protection for all consumers affected by AOL’s disclosure.20. Furthermore, companies currently have few market incentives to take measures toprotect consumers from similar data breaches in the future. When companies retainconsumer data for unnecessarily long periods of time, they create security risks.Public policy thus weighs in favor of requiring companies to keep consumerinformation only as long as absolutely necessary to provide the services thatconsumers request.21. AOL and other search engine providers are unlikely to police their own practices withrespect to search information security. When asked whether AOL’s data breach islikely to change Google’s search history retention practices, Google CEO EricSchmidt responded, “[w]e are reasonably satisfied . . . that this sort of thing would nothappen at Google, although you can never say never.”2122. To make matters worse, data disclosure by Internet companies is almost entirely outof consumers’ control. None of the consumers affected by AOL’s data breach couldhave taken steps to avoid this type disclosure, except by choosing not to use AOLsearch services or other search engines.23. The disclosure of a consumer’s detailed Internet search history, even if“anonymized,” can reveal a consumer’s identity. AOL had admitted that “searchqueries themselves can sometimes include [personally identifiable data],” and that theinformation AOL disclosed can be used to identify particular individuals. Further, asdemonstrated by the New York Times article described in ¶ 15, supra, the research ofcommentators described in ¶ 16, supra, and EFF’s analysis described in ¶¶ 17-18,supra, individual consumers have already been identified as a direct result of AOL’sdisclosure.VIOLATIONS OF THE FEDERAL TRADE COMMISSION ACTCount I – Deceptive Trade Practice24. Through the means described in ¶ 6 above, AOL represented, expressly or byimplication, that it implemented reasonable and appropriate measures to protectpersonal consumer information from public disclosure.25. In truth and fact, AOL did not implement reasonable and appropriate measures toprotect personal consumer information from public disclosure. Specifically, AOLmade 658,000 consumers’ detailed search data available to third-party researchersand the general public. Furthermore, AOL’s misrepresentations were material21Michael Liedtke, “Google to Keep Storing Search Requests,” Associated Press, Aug. 11, 2006, available EBSQ80.htm?sub apn tech down&chan tc.8

because they were likely to affect a consumer’s choice of or conduct toward use ofAOL’s service. Therefore, the representations made above in ¶ 6 were false andmisleading.26. The acts and practices of AOL as alleged by EFF in this complaint are deceptive actsor practices in or affecting commerce in violation of Section 5(a) of the Federal TradeCommission Act.Count II – Unfair Trade Practice27. As set forth in ¶¶ 8-14 above, AOL failed to employ proper security measures or takeprecautions to protect personal consumer information from public disclosure, whichcaused or is likely to cause substantial injury to consumers. The personal consumerinformation disclosed by AOL may, in some cases, be combined with other publiclyavailable data to identify individual consumers or expose them to the risk of identitytheft. This injury is not offset by countervailing benefits to consumers orcompetition, and is not reasonably avoidable by consumers. Furthermore, thispractice runs counter to public policy. This practice was, and is, an unfair act orpractice.28. The acts and practices of AOL as alleged by EFF in this complaint are unfair acts orpractices in or affecting commerce in violation of Section5(a) of the Federal TradeCommission Act.PRAYER FOR RELIEFWHEREFORE, EFF respectfully requests that this Commission:A. investigate the circumstances surrounding AOL’s disclosure of consumers’ personalinformation;B. order AOL to notify, via electronic and certified mail, each consumer whose searchdata has been publicly disclosed by AOL, and provide each consumer a copy of his orher disclosed record;C. order AOL to publicly disclose the full extent of the data breach, including whethersimilar consumer data has previously been made available to researchers or thirdparties;D. order AOL to expedite service cancellation and waive any cancellation or other feesupon service termination for all AOL subscribers who request cancellation as a resultof AOL’s disclosure of search data, including but not limited to those subscriberswhose data were disclosed;E. order AOL to pay for at least one year of credit monitoring service for each individualaffected by the data disclosure to help guard against identity theft;9

F. order AOL to refrain from collecting or storing logs of its users’ search activityexcept where necessary incident to the rendition of AOL’s services or the protectionof AOL rights and property, and to refrain in any case from storing logs of its users’search activity in personally identifiable form or for more than fourteen (14) days;G. order AOL to amend its privacy policy to clearly include all search queries in thecategory of “AOL Network information” that is protected by the policy, regardless ofwhether those data are identifiable to a particular consumer;22H. order AOL to refrain from explicitly or implicitly misrepresenting the extent to whichit protects or discloses any personal information maintained about consumers in thefuture;I. order AOL to provide clear and conspicuous links on its web sites to theCommission’s educational materials about Internet privacy;J. order AOL to obtain a biannual assessment and report from a qualified, objective,independent third-party professional, using procedures and standards generallyaccepted in the profession, within one hundred and eighty (180) days after service ofthe Commission’s order, and biannually thereafter for twenty (20) years after serviceof the Commission’s order, that:i. set forth the specific administrative, technical, and physicalsafeguards that AOL has implemented and maintained during thereporting period to limit data retention and protect the privacy ofconsumer data;ii. explain how such safeguards are appropriate to AOL’s size andcomplexity, the nature and scope of AOL’s activities, and thesensitivity of the personal information collected from or aboutconsumers;iii. explain how the safeguards that have been implemented meet orexceed the protections required by other parts of theCommission’s order; andiv. certify that AOL’s security program is operating with sufficienteffectiveness to provide reasonable assurance that the security,22Currently, the AOL Network Privacy Policy purports to apply only to personally identifiable information. SeeAOL, AOL Network Privacy Policy (last updated Apr. 3, 2006) (“When you register with and use the AOLNetwork, you provide the AOL Network with personally identifiable information (your ‘AOL Networkinformation’). This Policy explains the information practices that apply to your AOL Network information .”).10

confidentiality, and integrity of personal information is protectedand, for biennial reports, has so operated throughout the reportingperiod;L. take any and all action the Commission deems appropriate pursuant to the SafeHarbour agreement between the United States and European Union; andM. order any other relief the Commission deems appropriate.Respectfully submitted,DATED: August 14, 2006Cindy CohnKevin BankstonElectronic Frontier Foundation545 Shotwell St.San Francisco, CA 94110Telephone: (415) 436-9333Facsimile: (415) 436-9993/s/ Marcia HofmannMarcia HofmannDavid L. SobelElectronic Frontier Foundation1875 Connecticut Avenue, N.W.Suite 650Washington, DC 20009Telephone: (202) 797-9009Facsimile: (202) 797-9066Counsel for Complainant11

Apr 03, 2006 · 2. AOL is a Delaware corporation and a majority-owned subsidiary of Time Warner Inc. AOL maintains its principal place of business at 22000 AOL Way, Dulles, VA 20166. Time Warner Inc. is a Delaware corporation and maintains its principal place of business at One Time Warner