AOL betrays user trust
08 August 2006
Changing ISP is like changing your bank. It's a real hassle. You have to tell everyone your email address has changed. You have to update all your banking and online shopping sites, so that you can be sure that those accounts remain secure. There will be many people who will regularly hop between ISPs, in the same way many people are rate-whores, flitting between credit cards. Most of us, though, settle down with an ISP and stick with it for a long time.
So choosing the right ISP is important. You would expect people to study the privacy policy, and terms and conditions to work out what kind of junk messages they will have to endure, what they'll be allowed to do, and how much it will cost. If they don't, then they can't complain later. If they do, then they know what they're buying and it's part of the contract between supplier and customer. But what if the privacy policy turns out to be lies?
The blogosphere is up in arms over AOL. It released the search history [link broken] of over 500,000 of its users. It replaced screennames with unique numbers, but that's not enough to completely conceal everyone's identity. Some people have searched for themselves, their friends or local amenities. Some of the more exciteable blogs are suggesting there is evidence of criminal intent in the searches, which goes to show how dangerous this data is. People leap to conclusions.
AOL apparently released the data as a contribution to the research community. Maybe they didn't study it closely enough or realise the privacy implications. You could argue that releasing the data was a foolish mistake. Yes, they're stupid, but at least they didn't mean harm.
Well, here is where it gets evil. There doesn't seem to be any doubt that they betrayed the contract they agreed with their users. Their own privacy policy says that 'information about the searches you perform through the AOL Network and how you use the results of those searches' is part of a user's 'network information'. That information, the policy adds, will only be disclosed as set out in the privacy policy. There's the usual stuff about law enforcement, managing their own network and any disclosure you've consented to. But there's nothing about releasing the entire data set into the public domain for research purposes.
AOL has pulled the data set now, but it's widely available online. The company could recover from making the mistake of releasing the data, provided it apologised [link no longer available] often and sincerely enough. Recoveries like that happen in business all the time. I don't think it will be able to recover so quickly from the breach of its own privacy policy. How can AOL ever expect customers and prospects to trust it again?
Related links:
- I'm quoted in a story on Macworld about this.
- Free chapter from The Customer Service Pocketbook
Labels: business, customer service