Intelligent Enterprise

The World Privacy Forum, an advocacy group, blasted AOL for mistakenly releasing data about 20 million search queries conducted by roughly 658,000 of its users during a three month period from March to May. The records, posted on a company Web page from July 31 to August 6, do not include personally identifiable information. The company has acknowledged, however, that search queries themselves can sometimes include personal information.

The WPF called AOL's mistake "a gross violation of its users'privacy" and said that some of the search queries that were released did in fact include individuals' names, Social Security numbers, driver's license numbers, addresses and insurance and banking information.

In some cases, that information could be used to commit identity theft.

The privacy group, which said Tuesday it would file a complaint with the Federal Trade Commission, noted that the search data included the precise time when the searches were conducted and when users clicked through search results to specific Web domains, making it possible for some Web sites to correlate the AOL records with their internal Web logs and identify some people "to varying degrees."

The 20 million search queries that AOL released, along with the click-through data, "are generally highly revealing of individuals' personal, financial, political, medical, religious, and other preferences as well as the businesses and people they associate with," WPF said in its statement.

Pam Dixon, the executive director of the World Privacy Forum, believes AOL should never have stored the search records.

"For an Internet user, there may be nothing more revealing than a compilation of search requests," she said in the WPF statement. "Search requests can and do reflect an individual's health, finances, plans, desires, and interests. Over time, a list of searches can be similar to an intimate diary written for personal use."

Privacy advocates including the WPF believe that search engines " not just AOL but also its major competitors, Google, Yahoo and Microsoft " have an increasingly important role to play in protecting user behavior as the companies collect and store more data about searches.

"A search request is content and is not just technical routing information" and therefore should be protected, the WPF said.

The World Privacy Forum also said that individuals may be identifiable by combinations of information searched for, such as specific religious and sexual preferences, job search queries, various kinds of background check-related queries, medical conditions, schools and names of friends and family.

The words that people entered in AOL Search from March to May of 2006 were listed chronologically according to a unique ID number assigned to each users' account, according to the World Privacy Forum.

"This was a screw up, and we're angry and upset about it," AOL said in a statement. "It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant."