AOL Releases The Unfiltered Search Histories Of 657,000-Plus Users; World Privacy Forum Filing FTC Complaint

For immediate release:

San Diego, CA, August 8, 2006 –The World Privacy Forum announced today that it would be filing a complaint with the Federal Trade Commission about the posting by AOL of a portion of its users’ search data on the Internet. The data, although not identified expressly by name, nevertheless included in some cases personally identifiable information such as individuals’ names, Social Security Numbers, and myriad other personal information. In some instances individuals who did not inadvertently identify themselves by searching for their own name may still potentially be identifiable to varying degrees by other combinations of information searched for such as addresses, names of friends and family, schools, interests, organizational information, and other information. In some cases, the precise time stamp AOL included with users’ click- throughs to external web sites may also potentially assist in further identifying some users to varying degrees.

AOL released three months’ worth of the detailed search queries of 657,000-plus of its users. The approximately 20 million search queries and the additional data on users’ click-throughs to web sites in the search results are generally highly revealing of individuals’ personal, financial, political, medical, religious, and other preferences as well as the businesses and people they associate with.

The phrases, words, sentences, and web sites that AOL users searched for in AOL Search from March to May of 2006 are chronologically listed according to a unique ID number assigned to each users’ account. Some searches in the AOL data include Social Security Numbers, names, driver’s license numbers, addresses, specific religious and sexual preferences, specific and detailed medical conditions, insurance and banking information, job search queries, various kinds of background check-related queries, travel information, and other highly personal information.

A key part of AOL’s privacy policy states:

“Your AOL Network information will not be shared with third parties unless it is necessary to fulfill a transaction you have requested, in other circumstances in which you have consented to the sharing of your AOL Network information, or except as described in this Privacy Policy.”

The AOL privacy policy does not state that a user’s search queries would be made public. The AOL privacy policy does not state that searches by a user would be collected over time and made public in a manner that allows a user’s activities to be monitored. Nor does AOL warn users that a search request that contains personally identifiable information (such as a name, SSN, driver’s license number, etc) will be made public.

In announcing the plans to file a complaint with the FTC, World Privacy Forum executive director Pam Dixon said: “For an Internet user, there may be nothing more revealing than a compilation of search requests. Search requests can and do reflect an individual’s health, finances, plans, desires, and interests. Over time, a list of searches can be similar to an intimate diary written for personal use.” Continuing, Dixon noted that “By making the searches of so many users public in a way that may allow some of them to be identified, AOL not only apparently violated its privacy policy, but it broke faith with its subscribers and exposed them to the potential of embarrassment, ridicule, the marketing and research use of their private thoughts and habits, and in some cases, the potential for identity theft and potential use of the data for legal purposes. These searches should not have been stored in the first place.”

AOL did not list users’ names with the search histories, however, the search data AOL released on its web site included the precise time stamp of when the searches were conducted. It also included a precise time stamp down to the second that recorded when users clicked through the search results pages to specific, identifiable web domains. With the public release of the time stamp information, the possibility exists for some of the external web sites that users visited to potentially link the AOL data to visits made to their sites. The capabilities for this correlation will depend on the visited site’s policies and practices, and some other issues. By using the detailed time stamp information, some web sites could in some cases potentially correlate their internal web logs to the AOL time stamp and query information with varying degrees of accuracy and certainty.

Some examples of the AOL searches include:

  • One AOL user typed in a descriptive sentence about a medical symptom that a family member was exhibiting. After perusing various web sites, the individual began searching for information about specific diseases. Then the user searched for an insurance web site, and subsequently made additional searches for and repeat visits to insurance web sites.
  • An individual searched for a full Social Security Number. There are three months of other search data that go along with that SSN search, including name information in search queries. While it is unknown if the search queries belong to the individual with the SSN, those name queries are now associated with that SSN. If the user searched for his or her own SSN, then other search terms they used over the three month period could potentially identify the person’s city of residence, specific groups that person is associated with, and many other private personal preferences. In any event, SSNs are widely available and the name and other information of the SSN owner can in some cases be readily determined.
  • An individual systematically searched for job applications at various companies, and either that individual or someone using their user information also conducted searches seeking drug treatment information. Whether or not the user actually applied at those companies on that day at that time is unknown from the data.

AOL has apologized for the data release. That is a beginning, but an apology cannot take back the user data that is now floating over the web and being replicated. The fact that AOL revealed users’ unfiltered query and click-through information and posted it to the web with highly specific time and date stamps is a gross violation of its users’ privacy. For some users, the release of the AOL data constitutes a privacy breach and a breach of appropriate security of personal information such as SSNs in combination with name and location data.

The AOL search data illustrate why a history of ‘mere searches’ in a search engine indeed contains personal content with a high degree of private and associative information that should be protected. There are continuing questions about why companies need to save detailed search queries in the first place. If AOL was going to at any point release its users’ detailed search queries and search result click-throughs with detailed time stamps, AOL should have clearly and plainly informed its customers beforehand of this specific use in its privacy policy. A search request is content and is not just technical routing information.

In the Internet age, people may find themselves held to account in uncomfortable and unexpected ways for lawful searches that they have conducted on the web. For this reason, the World Privacy Forum urges users to take precautions in their searching habits. This holds true for users in the U.S. and in other countries.

For consumer tips on privacy and search engine use, see the World Privacy Forum’s Search Engine Privacy Tips.

About the World Privacy Forum

The World Privacy Forum is a nonprofit, non partisan 501(c)(3) public interest research group that focuses on conducting in-depth research and consumer education in the area of privacy. Specific areas the Forum is focused on researching and benchmarking include consumer data privacy, workplace privacy, job applicant rights and privacy, background checks and public records, identity issues, medical and financial privacy, and large technological infrastructures, including databases. The Forum was founded in 2003. For more information see www.worldprivacyforum.org.