• Wired, Tuesday, August 8, 2006 11:30 AM

AOL may be in breach of federal privacy law. The company inadvertently released the search activity of nearly 650,000 AOL users in an effort to provide data for search researchers. Nearly 20 million Web searches were captured. While users can only be identified by numbers, the accidental release of this information is a massive breach of consumer privacy. Electronic Frontier Foundation attorney Kevin Bankston says publication of the search logs is a violation of the Electronic Communications Privacy Act. If so, that law carries minimum statutory damages of $1,000 per person, which totals $658 million minimum. "This is a massive violation of federal law and shows a shocking disregard for AOL users' privacy," Bankston says. User IDs were not personally identifiable, however--user accounts were denominated by a number through which you could see someone's search activity over a three-month period. User search data is believed to be identifiable because so many people search their own names. Queries in the search logs ranged from celebrity names to the incriminating "buy ecstasy." Or they enter the intensely private "men that are abused by their wives" and "borderline personality disorder." Wired says at least one 14-year-old MySpace user from Indiana is identifiable, as is another woman who typed in her dating URL profile into the search box. On Sunday, AOL quickly pulled its AOL Research page and removed all the data several hours later. But the file was quickly copied and is now available on several peer-to-peer networks.

Read the whole story at Wired »