The Electronic Frontier Foundation (EFF) is asking the U.S. Federal Trade Commission (FTC) to force AOL to help the people whose search records it recently released.
In a complaint filed Monday, the EFF requests that the FTC investigate the incident and have AOL notify, via electronic and postal mail, all affected persons that their search results were released.
AOL should also pay for at least one year of credit monitoring service for each person, because the release of the records puts these people at risk for identity theft, the EFF charges. The EFF is a nonprofit organization focused on protecting civil liberties in technology contexts, such as computing and the Internet.
An AOL spokesman said the company, a Time Warner subsidiary, has no comment about the EFF complaint, but added that AOL can’t identify the accounts involved. “There is no way to unscramble the identifier codes back into the account names,” he said.
The FTC should also force AOL to refrain from collecting and storing logs of its users’ search activities, except when it has to retain these logs in order to properly provide a service. Even then, AOL should never store these logs in personally identifiable form for more than 14 days, the EFF said.
The complaint arises from the disclosure last week that AOL had made available on its AOL Research Web site about 20 million search records from about 658,000 of its members, covering the three-month period between March and May.
Although AOL didn’t disclose the names of the members, it did group each person’s records with a unique number, making it possible to see what each individual searched for. The data included search queries, as well as Web sites the members clicked on to.
AOL acknowledged the release had been a lapse in judgement and removed the data file from its Web site, but the records are now available on many Web sites. Bloggers and journalists have had a field day analyzing the queries, which contain all sorts of sensitive information, from credit card, telephone and Social Security numbers, to birth dates, full names and addresses.
Some queries show users sought child pornography, information about commiting suicide and murder and guidance about dealing with sexual abuse. The New York Times even managed to track down one of the affected members and, with her permission, interviewed and identified her.
With this faux pas, AOL engaged in deceptive and unfair trade practices that violate FTC rules, and as such the FTC should look into the matter and take action, according to the EFF.
In its complaint, the EFF also asks that AOL be ordered to obtain a biannual assessment and report from an independent professional about its privacy protection policies and methods.