AOL CTO Shown the Door

BrewerDude writes "Reuters is reporting that AOL Chief Technical Officer Maureen Govern has resigned from the company. Is this an appropriate penalty for releasing 20 million keyword search results, or is it too harsh, or not harsh enough? What do the slashdot readers think is the appropriate outcome of this fiasco?"

The buck stops here

[BWJones]

Is this an appropriate penalty for releasing 20 million keyword search results, or is it too harsh, or not harsh enough?

Well, it would certainly be nice to see companies (and governments) go back to a model where "the buck stops here" and take responsibility for their actions. I don't know who ultimate thought "I know what let's do" and release these records for public consumption without even "anonymizing" them, but the CTO is an appropriately responsible party I would guess.

Re:The buck stops here

[laughingcoyote]

I doubt the CTO personally authorized the release, and after this I suppose all supervisors will lose some sleep over the prospect of being (unintentionally) torpedoed by a subordinate.

Any good supervisor does lose sleep over this. The job of a supervisor is, well, to supervise. That does mean accepting responsibility not only for your own actions, but for the actions of those who you are responsible for managing and overseeing.

At a "C" level position, that certainly is a lot of people to take responsibility for! And certainly, you won't be responsible for the individual supervision of each and every one. However, you -are- responsible to ensure that policies and procedures are in place to prevent catastrophic events and catch them before they occur.

Also, keep in mind we don't know everything. This could well have been her idea from the start, and the board agreed but said "Keep it quiet and if it blows up in our face it's your ass." They're not very likely to let us know that...

Apropriate?

[ackthpt]

Is this an appropriate penalty for releasing 20 million keyword search results, or is it too harsh, or not harsh enough? What do the slashdot readers think is the appropriate outcome of this fiasco?

The paradox is that the one who takes overall responsibility is axed, yet they have learned from the experience. They have also undoubtably done many things right, which their successor may goof on.

It's trading a devil you know for a devil you don't. Should have just docked her pay, made her stand in a corner of sommat.

Where's the connections...

[__aaclcg7560]

They fired the person who released the data and the supervisor, and the CTO was shown the door. I think the management structure was a bit too flat for me to not be suspicious. Was there people between the supervisor and the CTO who should've gotten the sack? Or was the CTO shoved onto her proverbial sword as public sacrifice to blow over the controversy? Or what are they really covering up? Inquiring minds want to know...

He should have been fired.

[Night+Goat]

Being allowed to resign isn't good enough. He should have been fired. It's ridiculous that once you get high enough on the corporate ladder, you don't get canned like the rest of us would. Us peons screw up a little bit, we get fired. But if you're a big cheese, and screw up hugely, you are allowed to resign. Life's not fair I guess.

Re:He should have been fired.

When you get that far up resigning is a lot like getting fired.

Scapegoat maybe?

[MoogMan]

I fail to see how this could be the CTO's fault...

CTO seems to be the wrong person.

Seems like the right person was the business man & legal council person who decided that AOL would keep these search records in the first place.

What the CTO did is merely reveal that AOL was deliberately holding on to this privacy time-bomb and exposed it in a relatively minor way. The person who actually leaked the data should be praised as a whistleblower.

I want whomever APPROVED STORING the logs to be fired; and whomever adviced that hanging on to this kind of data is worth the potential risks should be locked up and sued.

Re:CTO seems to be the wrong person.

[jesuscyborg]

Are you daft??? Do you really expect search engines to not keep tabs on what people are using their service for? EVERY search engine keeps records of searches; they'd be crazy not to. Most use them for good, to improve the results by figuring out how to adapt to the way people use it. Other companies hand sell them to the government and private companies...

I don't think there is any problem with retaining data, as long as they can be trusted to keep it safe and be held accoutable if they don't.

Re:CTO seems to be the wrong person.

Don't use search engines.

Re:CTO seems to be the wrong person.

[tomstdenis]

Your right to privacy stops at the their colocated servers. Get with reality man.

To expect privacy you have to be conducting yourself in a PRIVATE manner. Broadcasting your search requests in PLAINTEXT over the internet to a server which does not [nor must] guarantee privacy is not conducting yourself in a private manner.

Tom

Re:CTO seems to be the wrong person.

[Jahz]

Yes, I expect them not to. I have a right to my privacy, this is a clear violation of it. Keeping this type of data, even internally, should be illegal and result in criminal penalties against the executives who ok it.

You also have the right to read AOL's Term of Service and Privacy Policy when you use their free search engine.

You really are naive aren't you? You don't think that you bank keeps tabs on you? How about the state transit department when you use the automated (EZ-Pass, FastLane, whatever) payment system? What about the access card you use to get into work? Do you doubt that your gas station pumps don't know that you're going to put the cheap stuff in as soon as you swipe the card? The list goes on forever... get with it.

Re:CTO seems to be the wrong person.

[SpecTheIntro]

My right to privacy never stops- its an inherent right of humanity.

That's an interesting philosophical point, and one that's not really espoused by most of the philosophers on whose work our government is based. Is this something you believe personally, or is there a particular work you believe best defends this view? Because in the US, (and forgive me if you are not a US citizen), the right to privacy is an implied right, and not explicitly stated in the Constitution. It really only manifested itself in the 20th century after numerous Supreme Court decisions, and in those cases governs only a person's privacy from the government, not necessarily other private entities. Are you saying you think the right to privacy should extend further?

Re:CTO seems to be the wrong person.

[Bronster]

If I was them I'd be hanging on to them for at least a week to be able to diagnose problems, but that's just me.

See also: google's "spelling correction" magic which is based on statistical analysis of past search queries - this data is useful for improving their service.

Re:CTO seems to be the wrong person.

[wasted]

AOL can put whatever they damn well want in their terms and privacy policy. It doesn't give them any moral authority to violate my right to privacy.

I don't want to be construed as agreeing with the decision to release the data, but I think you over-estimate your right to privacy.

By using their site, do you agree to their terms, and those terms mean you agree to waive your privacy rights? Everyone has a choice whether or not to use the service, so if you use the service, and they have the relevant conditions in their terms, they aren't violating any rights.

Now I agree that making the data public was very stupid, and if I were an AOL user I would be very angry, but I don't believe it was legally or morally wrong if you voluntarily waived your rights to privacy. And I definitely believed that the person authorizing the data release should be given the chance to pursue other opportunities.

Re:CTO seems to be the wrong person.

[Korgan]

Sorry, but all search providers have a Privacy Policy, a Terms of Use and so on. The moment you use their search engine, you are explicitly agreeing to those contracts. Make no mistake, they are contractual.

If you do not agree to them, then do not use those services. Develop your own or get on the Tor project and block all cookies.

The metrics collected by search providers ARE important to improving the service. They're true metrics that cannot be ignored in anyway. You're being overly simplistic in a very complicated world here.

The simple reality is, they have a published privacy policy and what you're advocating can only be applied if they breach the terms of that contract. Otherwise, your use of their server is purely contractual and clearly defined by the policies of that organisation or company.

Dont like it? Don't use it. That simple.

Re:CTO seems to be the wrong person.

[ConceptJunkie]

You have the right not to give them the information in the first place. Once you give them the information, they have the right to do with it whatever they please. It is to your benefit that they have a stated policy describing what they will and won't do with the information. You are giving them information, they are giving you information back. It's a quid quo pro, even if what you are giving them isn't of any particular value.

If you don't want to risk your privacy being invaded, then don't give out the information in the first place. That's where your rights come in, and how you need to comport yourself if you want to maintain your privacy.

What if they said, "Give us naked pictures of your girlfriend." and you say, "OK, here you go, but according to my right to privacy, you aren't allowed to look at them."

Exactly who in this scenario is being foolish, naive and downright stupid in expecting them to abide by that, given that there is no reason, under the law or anything else, that they should?

Hint: It's not them.

Kudos to the CTO.

[lancejjj]

AOL Chief Technical Officer Maureen Govern has resigned from the company. Is this an appropriate penalty for releasing 20 million keyword search results, or is it too harsh, or not harsh enough? What do the slashdot readers think is the appropriate outcome of this fiasco?

Assuming she honestly resigned, big kudos to her for taking the responsibility and the heat, and not passing the buck down to the people who need the paycheck. It's not often that a person in power will take the fall - most often, 100% of the blame gets placed on lower-level people who were just doing what they were told.

I'm sure she didn't make the decision or understand the ramifications - after all, she is a CTO. And hopefully there are some people at AOL who would have known that this was a bad idea. But in the end, it was up to her to prevent this from happening. ... or the CEO.

this had to happen

[mrpeebles]

Forget moralizing the release of the keywords. From a business standpoint, this was terrible for AOL. They are trying to reinvent themselves as an internet service rather than internet access that, among other things, is responsible for your computer security. My memory, at least, is that recent AOL commercials have all stressed in particular that buying AOL helps protect you against "viruses". Then they release these search results, and eviscerate this new image they were building for themselves. Heads had to roll.

She's A Witch!

[x3nos]

Slashdot Mob: We have found a witch, might we burn her?
Bedemeer: How do you know she's a witch?
Slashdot Mob: Well she's dressed like one!
Govern: I'm not a witch! They dressed me up as one!
AOL Lawyers: Well, we did do the nose.
AOL Lawyers: And the hat.
AOL Lawyers: But she is a witch!
Slashdot Mob: Burn the witch!

Crocodile Tears but No Real Tears

I am not shedding any real tears for the CTO.

His losing this job still means that he will live comfortably in retirement -- far more comfortably than the millions of Americans who have never violated any ethical standard. When you reach that status of CEO, COO, CTO, president, or vice president, you have already acquired so much wealth that regardless of what happens to you, you will live well.

What concerns me is the 2 other people who were fired. They appear to be slaves whom the CTO ordered to release the private date of 10s of thousands of AOL customers.

If the slaves were only doing what the CTO told them to do, then the slaves should not be fired. The slaves should consider filing a wrongful-termination lawsuit.

Fiasco?

[SuperKendall]

The AOL release of search terms is (A) a boon to research on real-world searching habits, and (B) a wakeup call for those so stupid to think that anything they send over a PUBLIC network unencrypted is ever in any way private (which in this case it really wasn't either).

Were there privacy agreements in place with those who did the AOL searches? Not if you read the TOS carefully. We should all thank AOL for making it very publically clear that any searches may be later drug up under other conditions. Google promises never to release the search terms but still retains them and that means MANY different people within Google probably have access to that raw data, not to mention anyone at your ISP.

If anyone out there thinks this is bad, I encourage you to start your own search firm that clearly outlines you will never store search results and then get pummeled into gravel as companies that can try new search techniques using historical searches and data walk all over you with R&D. That's the whole tradeoff here that we all implicitly agree to by using these companies services, they are also getting our data. If you don't like it stop using the services but don't expect the companies to change something that is not very practical to change.

If you are worried about such companies having your data remember a few things:

1) You are one of hundreds of millions.

2) Your life is really not that interesting when looked at in great detail. This is true of anyone on Earth.

Find that in the Constitution, bright boy.

[LibertineR]

"My right to privacy never stops- its an inherent right of humanity."

Put away the love beads, hippie. You and others who believe that kind of nonsense need to get real.

If your Privacy rights were "inherent" as you say, the US would not have had to pass the National Privacy Act in 1988.

Re:Find that in the Constitution, bright boy.

[SpecTheIntro]

4th ammendment. WHy can't the government search my papers and posessions? Because I have an inherent right to privacy.

Nowhere in the Constitution or the Bill of Rights is a right to privacy from other private entities implied. The US has been lax to regulate privacy from corporate entities for that very reason: technically, it does not have the right. A law of that nature could easily be struck down in a court because there's no constitutional basis for privacy from anything but the government.

Re:Find that in the Constitution, bright boy.

[Pharmboy]

Or the Privacy Act of 1974, the most used and quoted privacy act in US history.

People confuse the 4th Amendment with the "right of privacy", when it is a very limited grant of privacy, that the government has to have a warrant to search through documents you have chosen to keep private in your own home, or the home itself.

The courts have constantly held that what you THROW AWAY or do in public (ie: speak), or do in your own home but in the plain view of the public (through an uncovered window) has no expectation of privacy. Using a search engine is accessing in the public and subject to their Terms of Use, and is not "private" in the traditional sense.

Just as if you dialed 411/information and asked them for a number "for a gunshop so I can kill me wife". A search engine is just a digital 411 in this respect, except they log the question instead of someone "listening". You can't expect privacy when accessing a publicly available service.

Real world case: Texas DA needed DNA to prove a case against a guy, but not enough evidence to get a warrant. They follow him, he spits on the sidewalk, they literally sample it an run DNA, get a match, which is used to obtain a warrant and get a sample from blood, which is used to tie him to a crime. He appeals, it is held up as he should not have an expectation of privacy for something he "throws away" in public.

Re:Find that in the Constitution, bright boy.

[LibertineR]

Forgive me for assuming that those who can write on this forum, can also read. Go read the 4th amendment yourself. I dont need to prove anything.

Re:Find that in the Constitution, bright boy.

[rm69990]

You mean this 4th amendment? The one that says:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

I fail to see how that supports your position. There is a difference between expecting documents sitting in your filing cabinet or on your hard drive to remain personal (which is supported by the 4th amendment), and information that you knowingly and intentionally turn over to a third party, while agreeing to their TOS that specifically state that they are retaining these records, and specifically require you to waive your right for privacy. If I take my medical history and tape it to the side of my mailbox or the windshield of my car, is that information still confidential? In the eyes of the law, it is not. If you post your medical history on the internet for all eyes to see, is it still confidential? Nope. If you mail me a personal document, is there some law that says I have to burn it and not store it in my filing cabinet? Nope. As soon as you release information to a third party, unless you have a confidentiality agreement with them, or unless they are your doctor or lawyer, you've waived your right to privacy, plain and simple. I find it funny that you wave the 4th amendment around, yet you can't provide any case law supporting your position, and a strict literal reading of the amendment itself does not support your position. Go ahead and try again though!