AOL Retools Security Team After Breach

Search Blunder Leads Industry to Examine Practices

By Published on .

NEW YORK ( -- AOL's recent security breach has claimed its first casualties. Two AOL research employees have been fired, while its chief technology officer, Maureen Govern, has resigned her position.
Jonathan Miller
Jonathan Miller

Ms. Govern managed the division responsible for exposing about 19 million search requests executed by more than half a million AOL subscribers over a three-month period this year. The blunder, first disclosed earlier this month, has put pressure on AOL and its rival search engines to reassure consumers of their privacy online.

John McKinley
Ms. Govern is being replaced on an interim basis by John McKinley, AOL's president of digital services, according to a memo AOL CEO Jonathan Miller sent to employees yesterday. Mr. McKinley served as AOL's chief technology officer prior to Ms. Govern.

"After the great lengths we've taken to build our members' trust and be an industry leader on privacy, it was disheartening to see so much good work destroyed by a single act," Mr. Miller said in the memo to employees.

Mr. Miller also noted plans to create a task force to review its current customer information privacy policy. It will be led by Vice Chairman Ted Leonsis and Exec VP Randy Boe, with senior representatives from corporate communications, integrity assurance, product and marketing. Education and awareness programs for employees "at all levels-on how to protect sensitive information and address privacy issues" are also being organized.

Implications for Google
It is apparent, however, that AOL's self-described "screw up" has implications for the entire industry. Google is particularly vulnerable because its fortunes are so closely tied with search, not to mention the fact that it owns a 5% stake in AOL. AOL also depends on Google's algorithms for its search results.

Despite those concerns, Google CEO Eric Schmidt told members of the press earlier this month that Google would not store user search data. Google, like other engines, keeps user queries ostensibly to refine its understanding of search behavior and intent.

Some privacy advocates are calling for the U.S. Federal Trade Commission to review AOL's search data retention practices, while others in the industry would rather the government stay out it.

"We would prefer the industry to come up with some standards on its own," said Ari Schwartz deputy director of the Center for Democracy and Technology.

Negative impact
Mr. Schwartz added that security breaches like AOL's could have a lasting negative impact on the search business. "People are either going to create new ways to protect their privacy or just stop using the technology."

AOL does substitute numeric IDs for its subscribers' real user names when collecting query data, but the company acknowledged that queries by themselves can hold personally identifiable data. It's common, for example, for people to query their own names during one search session, and then later on query highly sensitive interests using the same account.
Most Popular
In this article: