Skip to main content

EFFector - Volume 19, Issue 29 - AOL's Data Valdez Violates Users' Privacy

EFFector Vol. 19, No. 29  August 8, 2006  editor@eff.org

A Publication of the Electronic Frontier Foundation
ISSN 1062-9424

In the 390th Issue of EFFector:

 * AOL's Data Valdez Violates Users' Privacy
 * Surveillance, DRM Bills Held In Check, For Now
 * Senate Sneaks Through Cybercrime Treaty
 * Voting Security Attacked In Court Again
 * EFF Partners with Craigslist for Nonprofit Boot Camp, 
August 19
 * Thank You, DefCon!
 * miniLinks (12): Going Digital  
 * Administrivia

For more information on EFF activities & alerts:
 http://www.eff.org/

Make a donation and become an EFF member today!
 http://eff.org/support/

Tell a friend about EFF:
 http://action.eff.org/site/Ecard?ecard_id=1061

effector: n, Computer Sci. A device for producing a desired 
change.

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* AOL's Data Valdez Violates Users' Privacy

As recently reported by the blog TechCrunch and now the 
major media, AOL intentionally released three months of 
search queries by 658,000 AOL users. Though AOL has removed 
the data from its site and rightly apologized, the grave 
damage is already done. The data is available all over the 
Net, and AOL may have violated its own privacy policy as 
well as existing federal law. Congress should heed the 
lessons of this Data Valdez and enhance protections for your 
privacy.

Particularly considering the uproar over the Department of 
Justice's demands for just this kind of information from 
Google only months ago, AOL's actions demonstrate a shocking 
disregard for user privacy. Search terms can expose the most 
intimate details of a person's life and, in doing so, cause 
great harm.

Consider just a few hypothetical situations. Would you want 
your employer or credit company knowing that you searched 
for "how to file for bankruptcy"? Would you want anyone to 
know you searched for "HIV positive clinic," "breast cancer 
health services," or another illness-related query? What 
about "rape victim" or "depression" plus "counseling"? What 
about searches that reference your political or religious 
affiliation, or your sexual orientation?

Though the data was associated with random ID numbers, that 
information could still be connected back to an individual 
given enough clues. Consider, for instance, what vanity 
searches for one's own name or MySpace profile could reveal.

This incident highlights the dangers of allowing search 
companies to store this kind of personal data. We're still 
investigating, but it appears this disclosure may violate 
the Electronic Communications Privacy Act (ECPA), which 
strictly regulates disclosure of your Internet 
communications, along with AOL's own privacy policy. 
Regardless, Congress should take note of this latest Data 
Valdez by creating stronger, crystal clear legal protections 
for user information and by limiting data retention.

DeepLink Follow-up, "Weblogs, Inc. CEO Tells His AOL Bosses 
To 'Not Keep Logs of Search Data'":
http://www.eff.org/deeplinks/archives/004866.php

News.com article about the disclosure:
http://news.com.com/2100-1030_3-6102793.html?part=rss&tag=6102793&subj=news

EFF Article, "Subpoenas and Privacy":
http://www.eff.org/deeplinks/archives/004385.php

For this post:
http://www.eff.org/deeplinks/archives/004865.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Surveillance, DRM Bills Held In Check, For Now

Before the Senate began its recess last week, Senator Arlen 
Specter tried to rush his awful surveillance bill out of 
committee. After being contacted by concerned constituents 
like you and groups like EFF, sympathetic Senators on the 
committee intervened to stop a vote. Specter is committed to 
bringing this bill back, so it's important to keep your 
calls and letters to the Senate Judiciary Committee coming:
http://action.eff.org/fisa

Meanwhile, despite rumors to the contrary, Senator Ted 
Stevens did not bring his telecom reform bill to a Senate 
vote. Unfortunately, the latest version still includes the 
audio and broadcast flag DRM mandates. These provisions 
would put Hollywood and federal bureaucrats in charge of 
restricting digital television and radio devices. Tell 
Congress to reject the tech mandates and protect innovation:
http://action.eff.org/broadcastflag
http://action.eff.org/audioflag

Worse still, Stevens' bill now includes a dangerous 
provision that would allow the imprisonment of webmasters 
who don't litter their sites with burdensome warnings 
labels. Though the proposal requires all "sexually explicit" 
sites to bare these labels, it won't impact the majority of 
adult websites because they are hosted outside United States 
jurisdiction. Yet this proposal does damage free speech 
online and violate the First Amendment, forcing sex 
education, teenage advocacy groups', and other legitimate 
websites to describe their lawful content inappropriately.

This provision has also sneaked into a Senate appropriations 
bill. When Congress returns from recess, we'll keep you 
updated on these bills and on how you can help fight them.

For the Center for Democracy and Technology's letter to 
Stevens about the web labeling provision:
http://www.cdt.org/speech/20060803labeling.pdf

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Senate Sneaks Through Cybercrime Treaty

After substantial pressure from the White House, the Senate 
ratified the sweeping Convention on Cybercrime treaty. 
Ratifying the Cybercrime treaty introduces not just one bad 
Internet law into this country, but also invites the 
enforcement of all the world's worst Internet laws.

The treaty requires that the U.S. government help enforce 
other countries' "cybercrime" laws -- even if the act being 
prosecuted is not illegal in the United States. Countries 
that have laws limiting free speech on the Net could oblige 
the FBI to uncover the identities of anonymous U.S. critics 
or monitor their communications on behalf of foreign 
governments. American ISPs would be obliged to obey other 
jurisdictions' requests to log their users' behavior without 
due process or compensation.

Instead of this one-way enforcement ratchet, Congress should 
be focusing on strengthening protections for your rights.

ZDNet's Declan McCullagh on the treaty: 
http://news.zdnet.com/2100-1009_22-5973735.html

For the original version of this post:
http://www.eff.org/deeplinks/archives/004864.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Voting Security Attacked In Court Again

Despite all of our efforts to dispel the false dichotomy 
between secure voting and accessible voting, a shrinking but 
vocal minority of the disability rights community continues 
to take steps to prevent more secure voting by claiming that 
it will violate their rights. In PVA v. McPherson, a few 
such groups has filed suit in federal court to force 
Californians back into insecure voting systems without 
verifiable paper trails. This argument was wrong when 
rejected by a federal judge in 2004, and it's still wrong 
now.

Secure, accessible voting can and should be our shared 
goals. In fact, EFF represented the Handicapped Voters of 
Volusia County (HAVOC) in Florida who insisted that their 
voting systems have a paper trail. They wanted to make sure 
their votes were counted as cast, too.

Many secure voting systems are also broadly accessible to 
voters with disabilities.  Our favorite current solution is 
the new generation of optical scan systems, led by the 
AutoMARK. Another option is the voter-verified paper trail 
attached to DRE electronic voting systems. While the current 
crop of voter-verified e-voting systems still aren't 
perfect, they are better than systems with no paper trail at 
all. 

EFF and a broad coalition of voting activists will likely 
participate in the PVA v. McPherson case, as we did in the 
similar 2004 case, Benavidez v. Shelly.

To read the complaint in PVA v. McPherson: 
http://moritzlaw.osu.edu/blogs/tokaji/PVA-Complaint.pdf

To learn about e-voting cases: 
http://www.eff.org/Activism/E-voting/

For the original version of this post: 
http://www.eff.org/deeplinks/archives/004863.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* EFF Partners with Craigslist for Nonprofit Boot Camp, 
August 19 

EFF is proud to partner with the Craigslist Foundation for 
its 2nd Annual Nonprofit Boot Camp, a conference aimed at 
fostering nonprofit leadership and collaboration. Join more 
than 1,300 emerging nonprofit leaders to get educated in all 
aspects of successfully starting and running a nonprofit, 
find inspiration, and get connected with peers and valuable 
resources.

Registration includes the conference and evening Networking 
Reception, as well as breakfast, lunch, and dinner. Learn 
more and register online at: 
http://www.craigslistfoundation.org/eflyer06/npbc06.htm

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Thank You, DefCon!

A huge thank you to the folks at DefCon and everyone who 
participated last week in the dunk tank, parties, and other 
shenanigans that raised funds for EFF. And special thanks to 
Vegas 2.0 for their excellent pre-DefCon fundraising bash. 
Every penny goes to keeping up the fight for your digital 
rights, and, this year, we raised more funds (and had more 
fun!) than ever before. We look forward to seeing you all 
again next year.

For more info about DefCon:
http://www.defcon.org/

For more info about the Vegas 2.0 Summit: 
http://www.vegassummit.org/

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* miniLinks
The week's noteworthy news, compressed.

~ Going Digital
Warner announced that 11% of their sales are digital...
http://www.recordoftheday.com/cgi-bin/rotd-mb/rotd_config.pl?read=84487

~ Kicking and Screaming
... even as they still persist in suing P2P tech companies.


~ Privacy Rights Clearinghouse Praised
Beth Givens gets some exposure on her excellent privacy 
work...
http://www.signonsandiego.com/news/business/20060801-9999-1b1givens.html

~ Not that Kind of Privacy Clearinghouse
...while AOL Research releases twenty million searches by 
over 500,000 users.
http://www.ipdemocracy.com/archives/2006/08/07/index.php#a001836

~ Cybercrime Treaty Passed 
Allows the global application of other nation's online 
surveillance laws...
http://news.com.com/2102-7348_3-6102354.html

~ Hong Kong Passes New Spying Law
...allowing, one day, the harmonization of Chinese and USA 
surveillance regimes?
http://news.bbc.co.uk/1/hi/world/asia-pacific/5249708.stm

~ A Five Minute Guide Against DRM
Linux Journal gives unvarnished arguments against digital 
rights management... 
http://www.linuxjournal.com/node/1000073

~ Committee Offers Brochure To Sell Telecom Bill  
...while the Senate provides (then hastily hides) a 
glamorous brochure for its DRM-laden telecom bill.
http://www.publicknowledge.org/node/574

~ Copyrighting Fashion
Copyright hits the fashion industry?
http://www.publicknowledge.org/node/576

~ Netting Net Neutrality
Hacking the Net Neutrality debate, Dan Kaminsky premieres a 
tool at DefCon to detect content-biased networks.
http://www.boingboing.net/2006/08/03/test_for_network_neu.html

~ First to File, Last to Pass
The latest Leahy-Hatch Patent Bill takes yet another look at 
patent reform.
http://www.techdirt.com/articles/20060807/0323215.shtml

~ Single Laugh Licensing
Meanwhile, IP lawyers show comedians how to sue over joke 
infringement.
http://living.scotsman.com/performing.cfm?id=1126262006

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
  http://www.eff.org/	

Editor:
Derek Slater, Activist
 derek@eff.org	

Membership & donation queries:
 membership@eff.org

General EFF, legal, policy, or online resources queries:
 information@eff.org

Reproduction of this publication in electronic media is 
encouraged. Signed articles do not necessarily represent the 
views of EFF. To reproduce signed articles individually, 
please contact the authors for their express permission.
Press releases and EFF announcements & articles may be 
reproduced individually at will.

Current and back issues of EFFector are available via the 
Web at:
  http://www.eff.org/effector/

Click here to change your email address:
  http://action.eff.org/addresschange

This newsletter is printed on 100% recycled electrons.
JavaScript license information