AOL's having a hard knock life. The once great metropolis is emptying as its users stream through the gates in its once impregnable walls to the anarchistic freedoms outside. Mindful of history, it's announced that it'll be knocking down what's left of those walls to fully join the sprawl and relying much more on advertising. It's the equivalent of a city abandoning the poll tax and hoping the revenue from the billboards will cover council expenses — expenses it's reducing by sacking thousands of staff.
However, that was last week's news. This week, we learned that the company's made over half a million search terms public — those secret little strings its users have been typing in to get answers to those awkward little questions they might not feel safe asking at home or work. Although the terms were anonymised by replacing the user names with numbers, it was quickly pointed out by just about everyone that the search terms alone were enough to give a shrewd idea who'd typed them in. AOL apologised profusely and pulled the list, but not before copies had been mirrored and instant search sites set up to let everyone get a good long look at the minds of middle America.
A disastrous mistake of colossal magnitude, said just about everyone. What an enormous breach of people's privacy, they continued, while eagerly sifting through the results with prurient pleasure. It's been a bit like an inadvertent Big Brother bomb unleashed over thousands of users, X-raying their interests and motives and broadcasting them to the world. Guilty, guilty, guilty AOL.
Well, yes. But hold on. Any judgement can only be made after considering mitigating factors. AOL made that list available for research purposes, and that generosity has already had positive effects on online privacy. As researcher Serge Egelman told Dave Farber, it's been useful in implementing the Platform for Privacy Preferences (P3P) — an effort to give people much more awareness and control of their privacy.
"We (the CUPS lab) have greatly benefited from the AOL data. In fact, the data set comprising 20,000 search terms gathered over a week was created for a study we conducted last summer. The study examines P3P adoption across search results from three popular search engines (Google, Yahoo, and AOL). [...] AOL was instrumental in conducting this study."
There are other effects: one of the most important and difficult aspects of privacy is getting people to know and care. Do you ever pause to think that every search term you type in, from "How do I murder my boss?" to "What is Prince Charles' voicemail PIN?", is being recorded? If you do, then you might start to ask "Why?" or "What if I don't want it to be?". If you don't, then nothing will happen except things you don't like. This story should have done some good here.
Of course AOL should have been more careful, but it's a matter of degree of care, not of absolute sin. The event has been a rather graphic demonstration of what I think of as the Rule of Auto-Ironic Subversion — "Every time you collect a list for security or privacy reasons, you may enable the exact harm you feared. ID database, anyone?