AOL CTO Shown the Door

BrewerDude writes "Reuters is reporting that AOL Chief Technical Officer Maureen Govern has resigned from the company. Is this an appropriate penalty for releasing 20 million keyword search results, or is it too harsh, or not harsh enough? What do the slashdot readers think is the appropriate outcome of this fiasco?"

The buck stops here

[BWJones]

Is this an appropriate penalty for releasing 20 million keyword search results, or is it too harsh, or not harsh enough?

Well, it would certainly be nice to see companies (and governments) go back to a model where "the buck stops here" and take responsibility for their actions. I don't know who ultimate thought "I know what let's do" and release these records for public consumption without even "anonymizing" them, but the CTO is an appropriately responsible party I would guess.

Re:The buck stops here

[MBCook]

The problem is that they were not anonymised enough. They took out the user IDs, but they replaced them with numbers. As we've all seen, there was still enough there to identify people that way. To really sanitize it they would have had to remove that part so you couldn't tell which searches were together and which were from seperate users, but that would have made the data less usefull.

They would also have to remove all the searches that are to specific like "birth certificate for Joe B. McWhatever SSN:123-45-6789" and other such stuff which would have been a major burden too.

Re:The buck stops here

[laughingcoyote]

I doubt the CTO personally authorized the release, and after this I suppose all supervisors will lose some sleep over the prospect of being (unintentionally) torpedoed by a subordinate.

Any good supervisor does lose sleep over this. The job of a supervisor is, well, to supervise. That does mean accepting responsibility not only for your own actions, but for the actions of those who you are responsible for managing and overseeing.

At a "C" level position, that certainly is a lot of people to take responsibility for! And certainly, you won't be responsible for the individual supervision of each and every one. However, you -are- responsible to ensure that policies and procedures are in place to prevent catastrophic events and catch them before they occur.

Also, keep in mind we don't know everything. This could well have been her idea from the start, and the board agreed but said "Keep it quiet and if it blows up in our face it's your ass." They're not very likely to let us know that...

Re:The buck stops here

[fritzk3]

Say it with me: "Welcome! You've got FIRED!"

well, considering other reasons

[yagu]

From the summary: Is this an appropriate penalty for releasing 20 million keyword search results, or is it too harsh, or not harsh enough? ...

Well, considering that others are shown to the door for working 20+ years, garnering good reviews, and creeping within a chip shot of expensive pension payoffs, it's probably reasonable to show this guy the door.

Probably the biggest crime, and one we'll never be in on, is how golden a parachute this guy jumped with.

Re:well, considering other reasons

[SilentTristero]

Um, Maureen Govern is not a "guy." See (e.g.) here.

Re:well, considering other reasons

[Kenshin]

guy
n.
      1. Informal. A man; a fellow.
      2. guys Informal. Persons of either sex.

Re:well, considering other reasons

[Dhalka226]

Where in the grandparent post did you see any judgment about anything OTHER than her looks? Her "worth" was never mentioned.

If we can't judge peoples' looks by their looks, well, that's going to be a bit problematic.

Re:well, considering other reasons

[Who235]

Good point. I was wrong. Nothing like that was there.

Now, after re-reading the post, I don't know why I thought it was.

Disregard my last post please, and thanks for calling bullshit.

Re:well, considering other reasons

[willpall]

Per your definition, only the plural form may refer to either sex. In it's singular form, guy always refers to a male.

The appropriate punishment...

[mythosaz]

Let it fit the crime.

AOL should release - without names, of course - the text of all the searches executed by recent AOL CTOs.

Re:The appropriate punishment...

I think he should have been demoted, into the Customer Service Call Center. See how he handles a couple of weeks trying to convince people to keep their AOL account.

"Why yes ma'am, I am responsible for releasing data on all your searches, but that's no reason to cancel your account!"

Re:The appropriate punishment...

[Frogular]

Slight problem...

AOL CTOs have been using Google.

Apropriate?

[ackthpt]

Is this an appropriate penalty for releasing 20 million keyword search results, or is it too harsh, or not harsh enough? What do the slashdot readers think is the appropriate outcome of this fiasco?

The paradox is that the one who takes overall responsibility is axed, yet they have learned from the experience. They have also undoubtably done many things right, which their successor may goof on.

It's trading a devil you know for a devil you don't. Should have just docked her pay, made her stand in a corner of sommat.

Re:Apropriate?

[cowboy76Spain]

Given the publicity this error has had (and its repercussions), the next CTO should have already learnt from the mistake. If he/she hadn't, I think AOL should select another CTO because, no matter your skills, common sense is still needed.

And if I even get to a job that someone has left vacant, one of my firsts worries will be asking what happened to the previous guys.

Where's the connections...

[__aaclcg7560]

They fired the person who released the data and the supervisor, and the CTO was shown the door. I think the management structure was a bit too flat for me to not be suspicious. Was there people between the supervisor and the CTO who should've gotten the sack? Or was the CTO shoved onto her proverbial sword as public sacrifice to blow over the controversy? Or what are they really covering up? Inquiring minds want to know...

Re:Where's the connections...

[Enoxice]

Was there people between the supervisor and the CTO who should've gotten the sack?

Are you suggesting they should've just burned down the whole division and started from scratch? The person that released the data (for obvious reasons), the direct supervisor (for not catching the error before it made it out, and the CTO (for not catching wind of it and stopping it). Personally, I want to think it was overkill to can the CTO, as well, but whatever AOL thinks they need to do to save face. It's their call.

Re:Where's the connections...

[pla]

Or was the CTO shoved onto her proverbial sword as public sacrifice to blow over the controversy?

? No no no! You clearly don't understand the business world, grasshopper...

She chose to "spend more time with her family", totally unrelated (in a golden-parachute-deflating sense) to the leak. No doubt the evil actions by her underlings, done entirely without her knowledge, made her job just too stressful to keep putting in those gruelling 10 hour workweeks for a paltry seven-figure salary.

Tsk! Did you even read the press releases? How can you remain skeptical in the face of such incontrovertible proof as the noble and cherished Press Release?

He should have been fired.

[Night+Goat]

Being allowed to resign isn't good enough. He should have been fired. It's ridiculous that once you get high enough on the corporate ladder, you don't get canned like the rest of us would. Us peons screw up a little bit, we get fired. But if you're a big cheese, and screw up hugely, you are allowed to resign. Life's not fair I guess.

Re:He should have been fired.

When you get that far up resigning is a lot like getting fired.

Re:He should have been fired.

[DirePickle]

You are not elligible for unemployment if you are fired. There is a difference between that and a layoff, which you are elligible with.

Re:How's this?

[stevey]

How about only being able to go online with AOL dialup?

Scapegoat maybe?

[MoogMan]

I fail to see how this could be the CTO's fault...

Re:Scapegoat maybe?

[mooingyak]

If the CTO doesn't want things like this to happen, then there should be procedures in place to prevent it. If she was completely blindsided by this, that's no better than if she was involved with the project and personally gave the okay. It's really only excusable if she's been CTO a relatively short amount of time and hasn't had a chance to get her shop in order.

CTO seems to be the wrong person.

Seems like the right person was the business man & legal council person who decided that AOL would keep these search records in the first place.

What the CTO did is merely reveal that AOL was deliberately holding on to this privacy time-bomb and exposed it in a relatively minor way. The person who actually leaked the data should be praised as a whistleblower.

I want whomever APPROVED STORING the logs to be fired; and whomever adviced that hanging on to this kind of data is worth the potential risks should be locked up and sued.

Re:CTO seems to be the wrong person.

[jesuscyborg]

Are you daft??? Do you really expect search engines to not keep tabs on what people are using their service for? EVERY search engine keeps records of searches; they'd be crazy not to. Most use them for good, to improve the results by figuring out how to adapt to the way people use it. Other companies hand sell them to the government and private companies...

I don't think there is any problem with retaining data, as long as they can be trusted to keep it safe and be held accoutable if they don't.

Re:CTO seems to be the wrong person.

Don't use search engines.

Re:CTO seems to be the wrong person.

[tomstdenis]

Your right to privacy stops at the their colocated servers. Get with reality man.

To expect privacy you have to be conducting yourself in a PRIVATE manner. Broadcasting your search requests in PLAINTEXT over the internet to a server which does not [nor must] guarantee privacy is not conducting yourself in a private manner.

Tom

Re:CTO seems to be the wrong person.

[Jahz]

Yes, I expect them not to. I have a right to my privacy, this is a clear violation of it. Keeping this type of data, even internally, should be illegal and result in criminal penalties against the executives who ok it.

You also have the right to read AOL's Term of Service and Privacy Policy when you use their free search engine.

You really are naive aren't you? You don't think that you bank keeps tabs on you? How about the state transit department when you use the automated (EZ-Pass, FastLane, whatever) payment system? What about the access card you use to get into work? Do you doubt that your gas station pumps don't know that you're going to put the cheap stuff in as soon as you swipe the card? The list goes on forever... get with it.

Re:CTO seems to be the wrong person.

[SpecTheIntro]

My right to privacy never stops- its an inherent right of humanity.

That's an interesting philosophical point, and one that's not really espoused by most of the philosophers on whose work our government is based. Is this something you believe personally, or is there a particular work you believe best defends this view? Because in the US, (and forgive me if you are not a US citizen), the right to privacy is an implied right, and not explicitly stated in the Constitution. It really only manifested itself in the 20th century after numerous Supreme Court decisions, and in those cases governs only a person's privacy from the government, not necessarily other private entities. Are you saying you think the right to privacy should extend further?

Re:CTO seems to be the wrong person.

[Bronster]

If I was them I'd be hanging on to them for at least a week to be able to diagnose problems, but that's just me.

See also: google's "spelling correction" magic which is based on statistical analysis of past search queries - this data is useful for improving their service.

Re:CTO seems to be the wrong person.

[wasted]

AOL can put whatever they damn well want in their terms and privacy policy. It doesn't give them any moral authority to violate my right to privacy.

I don't want to be construed as agreeing with the decision to release the data, but I think you over-estimate your right to privacy.

By using their site, do you agree to their terms, and those terms mean you agree to waive your privacy rights? Everyone has a choice whether or not to use the service, so if you use the service, and they have the relevant conditions in their terms, they aren't violating any rights.

Now I agree that making the data public was very stupid, and if I were an AOL user I would be very angry, but I don't believe it was legally or morally wrong if you voluntarily waived your rights to privacy. And I definitely believed that the person authorizing the data release should be given the chance to pursue other opportunities.

Re:CTO seems to be the wrong person.

[Simon80]

http://www.freenet.org.nz/misc/google-privacy.html I might add that if you follow the above instructions, you also may have to worry about cookies... not sure. enjoy

Re:CTO seems to be the wrong person.

[Dawn+Falcon]

In the EU there is just that - a right to privacy.

Re:CTO seems to be the wrong person.

[rm69990]

Really? Please point out which law, and more specifically, which paragraphs and sections of that law that state that when you utilize another entity's servers for personal gain (to find information), they are not allowed to retain the data. I'll be waiting...

Re:CTO seems to be the wrong person.

[Dr.+Donuts]

Actually, it's not a philosophical point.

Constitutional law is based on the premise that you have all rights. There is no such thing as an "implied" right. This is specifically the intent of Amendment X, "the powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people".

Amendment IV speaks directly to limitations of governmental power in matters of individual privacy. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

So in that regard, the Bill of Rights does indeed recognize privacy as a fundamental right, and one explicitly stated even if the word "privacy" isn't used directly in the verbage.

Courts resolve conflicts between individual rights, in addition to interpreting limitations of Government in the abridgement of individual rights. It's not a question of "extending" privacy's reach, but rather resolving the conflict of an individual's right to privacy vs. other conflicting individual rights.

Re:CTO seems to be the wrong person.

[Korgan]

Sorry, but all search providers have a Privacy Policy, a Terms of Use and so on. The moment you use their search engine, you are explicitly agreeing to those contracts. Make no mistake, they are contractual.

If you do not agree to them, then do not use those services. Develop your own or get on the Tor project and block all cookies.

The metrics collected by search providers ARE important to improving the service. They're true metrics that cannot be ignored in anyway. You're being overly simplistic in a very complicated world here.

The simple reality is, they have a published privacy policy and what you're advocating can only be applied if they breach the terms of that contract. Otherwise, your use of their server is purely contractual and clearly defined by the policies of that organisation or company.

Dont like it? Don't use it. That simple.

Re:CTO seems to be the wrong person.

[ConceptJunkie]

You have the right not to give them the information in the first place. Once you give them the information, they have the right to do with it whatever they please. It is to your benefit that they have a stated policy describing what they will and won't do with the information. You are giving them information, they are giving you information back. It's a quid quo pro, even if what you are giving them isn't of any particular value.

If you don't want to risk your privacy being invaded, then don't give out the information in the first place. That's where your rights come in, and how you need to comport yourself if you want to maintain your privacy.

What if they said, "Give us naked pictures of your girlfriend." and you say, "OK, here you go, but according to my right to privacy, you aren't allowed to look at them."

Exactly who in this scenario is being foolish, naive and downright stupid in expecting them to abide by that, given that there is no reason, under the law or anything else, that they should?

Hint: It's not them.

Kudos to the CTO.

[lancejjj]

AOL Chief Technical Officer Maureen Govern has resigned from the company. Is this an appropriate penalty for releasing 20 million keyword search results, or is it too harsh, or not harsh enough? What do the slashdot readers think is the appropriate outcome of this fiasco?

Assuming she honestly resigned, big kudos to her for taking the responsibility and the heat, and not passing the buck down to the people who need the paycheck. It's not often that a person in power will take the fall - most often, 100% of the blame gets placed on lower-level people who were just doing what they were told.

I'm sure she didn't make the decision or understand the ramifications - after all, she is a CTO. And hopefully there are some people at AOL who would have known that this was a bad idea. But in the end, it was up to her to prevent this from happening. ... or the CEO.

Search contents...

[fahrbot-bot]

Maureen Govern has resigned from the company. Is this an appropriate penalty for releasing 20 million keyword search results...?

AOL probably found her keyword searches for: "CTO", "fortune 500", "availability", "resume"...

Absolutely

[bgardella]

During my first IT job, the CTO resigned when a server crashed and 2 weeks worth of orders and return information was lost. Tape backup procedures failed. Not sure if she was pushed out or if she voluntarily fell on her sword, but I felt then as I do now that it was the right thing to do. If you are the head of a department that fails to do their job in some egregious way, you should bear full responsibility and pay accordingly. Too many execs find ways to point blame below them. In my case, she could have easily fired the dweeb managing the backup tapes. He's the one who screwed up, right? Maybe he even lied about keeping up to date. This was 1995. Have I seen anything like it since? Nope.

Shown the door?

[BigZaphod]

Was it a new door or something? Why didn't she see it before? Was it even in her building? Why is this even news? I've seen a lot of doors in my time. In fact, I'm looking at one right now. Why don't I get a slashdot story, huh? What is this preference for the rich and famous? How does one even become rich and famous in the first place if so much depends upon the exposure given only to those already with status.... Why doesn't someone show *me* the door, dammit?! I'm a person too! I demand to be shown the door!

Let me be the first

[eclectro]

2356894 new job
2356894 new job soon
2356894 macdonalds
2356894 mcdonalds
2356894 mcjob
2356894 postal service
2356894 going postal
2356894 guns

this had to happen

[mrpeebles]

Forget moralizing the release of the keywords. From a business standpoint, this was terrible for AOL. They are trying to reinvent themselves as an internet service rather than internet access that, among other things, is responsible for your computer security. My memory, at least, is that recent AOL commercials have all stressed in particular that buying AOL helps protect you against "viruses". Then they release these search results, and eviscerate this new image they were building for themselves. Heads had to roll.

Recent AOL CTO keyword searches...

[gwayne]

1. howto spin big fuckup
2. creating plausible deniability
3. crow recipies
4. top cto jobs -aol
5. job keygen crack
6. alcoholics anonymous
7. depression hotline
8. psychiatrist
9. gun shop
10. funeral parlor

Re:How's this?

[MrSquishy]

Tomato/Tomato
...I guess that only works when spoken.

Fiasco?

[SuperKendall]

The AOL release of search terms is (A) a boon to research on real-world searching habits, and (B) a wakeup call for those so stupid to think that anything they send over a PUBLIC network unencrypted is ever in any way private (which in this case it really wasn't either).

Were there privacy agreements in place with those who did the AOL searches? Not if you read the TOS carefully. We should all thank AOL for making it very publically clear that any searches may be later drug up under other conditions. Google promises never to release the search terms but still retains them and that means MANY different people within Google probably have access to that raw data, not to mention anyone at your ISP.

If anyone out there thinks this is bad, I encourage you to start your own search firm that clearly outlines you will never store search results and then get pummeled into gravel as companies that can try new search techniques using historical searches and data walk all over you with R&D. That's the whole tradeoff here that we all implicitly agree to by using these companies services, they are also getting our data. If you don't like it stop using the services but don't expect the companies to change something that is not very practical to change.

If you are worried about such companies having your data remember a few things:

1) You are one of hundreds of millions.

2) Your life is really not that interesting when looked at in great detail. This is true of anyone on Earth.

Find that in the Constitution, bright boy.

[LibertineR]

"My right to privacy never stops- its an inherent right of humanity."

Put away the love beads, hippie. You and others who believe that kind of nonsense need to get real.

If your Privacy rights were "inherent" as you say, the US would not have had to pass the National Privacy Act in 1988.

Re:Find that in the Constitution, bright boy.

[SpecTheIntro]

4th ammendment. WHy can't the government search my papers and posessions? Because I have an inherent right to privacy.

Nowhere in the Constitution or the Bill of Rights is a right to privacy from other private entities implied. The US has been lax to regulate privacy from corporate entities for that very reason: technically, it does not have the right. A law of that nature could easily be struck down in a court because there's no constitutional basis for privacy from anything but the government.

Re:Find that in the Constitution, bright boy.

[nolife]

The GOVERNMENT can't search. When you search the internet with a search site, you are using a private or publicly owned companies services. You don't see the difference there? You have a right to bear arms as well, you come to my house with a gun and I do not have to let you in with it! That is MY right because that is my property. If you do not like the terms, use someone else's search engine. You do not have the inherent right to private searching capabilities from one of those companies. Even thinking you do or should is strange. If you want to search the internet from a site that does not save the results, find one and use it. That is your right. If you can't find one, don't search the internet or make your own search tool. That is your right as well.

Re:Find that in the Constitution, bright boy.

[Pharmboy]

Or the Privacy Act of 1974, the most used and quoted privacy act in US history.

People confuse the 4th Amendment with the "right of privacy", when it is a very limited grant of privacy, that the government has to have a warrant to search through documents you have chosen to keep private in your own home, or the home itself.

The courts have constantly held that what you THROW AWAY or do in public (ie: speak), or do in your own home but in the plain view of the public (through an uncovered window) has no expectation of privacy. Using a search engine is accessing in the public and subject to their Terms of Use, and is not "private" in the traditional sense.

Just as if you dialed 411/information and asked them for a number "for a gunshop so I can kill me wife". A search engine is just a digital 411 in this respect, except they log the question instead of someone "listening". You can't expect privacy when accessing a publicly available service.

Real world case: Texas DA needed DNA to prove a case against a guy, but not enough evidence to get a warrant. They follow him, he spits on the sidewalk, they literally sample it an run DNA, get a match, which is used to obtain a warrant and get a sample from blood, which is used to tie him to a crime. He appeals, it is held up as he should not have an expectation of privacy for something he "throws away" in public.

Re:Find that in the Constitution, bright boy.

[LibertineR]

Forgive me for assuming that those who can write on this forum, can also read. Go read the 4th amendment yourself. I dont need to prove anything.

Re:Find that in the Constitution, bright boy.

[rm69990]

You mean this 4th amendment? The one that says:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

I fail to see how that supports your position. There is a difference between expecting documents sitting in your filing cabinet or on your hard drive to remain personal (which is supported by the 4th amendment), and information that you knowingly and intentionally turn over to a third party, while agreeing to their TOS that specifically state that they are retaining these records, and specifically require you to waive your right for privacy. If I take my medical history and tape it to the side of my mailbox or the windshield of my car, is that information still confidential? In the eyes of the law, it is not. If you post your medical history on the internet for all eyes to see, is it still confidential? Nope. If you mail me a personal document, is there some law that says I have to burn it and not store it in my filing cabinet? Nope. As soon as you release information to a third party, unless you have a confidentiality agreement with them, or unless they are your doctor or lawyer, you've waived your right to privacy, plain and simple. I find it funny that you wave the 4th amendment around, yet you can't provide any case law supporting your position, and a strict literal reading of the amendment itself does not support your position. Go ahead and try again though!

Re:Find that in the Constitution, bright boy.

[rm69990]

I went ahead and looked at some case law myself, and none of it supports your position.

According to The Supreme Court in Katz vs. United States http://caselaw.lp.findlaw.com/scripts/getcase.pl?n avby=case&court=us&vol=389&page=353

"That Amendment protects individual privacy against certain kinds of governmental intrusion, but its protections go further, and often have nothing to do with privacy at all. Other provisions of the Constitution protect personal privacy from other forms of governmental invasion. But the protection of a person's general right to privacy - his right to be let alone by other people is, like the protection of his property and of his very life, left largely to the law of the individual States."

In other words, the 4th Amendment does NOT apply to any entity other than the Government and does not protect a person's general right to privacy.

The ruling goes on to say:

"What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection."

Re:Find that in the Constitution, bright boy.

[Macthorpe]

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.'"

How does this have anything to do with AOL wanting to know what searches you have done? From a more appropriate area:

"Our goal is to better personalize your experience with the AOL Network. The AOL Network plans to use information about the searches you perform through the Network, and how you use the results of those searches, to help customize and improve an AOL Network user's search results and, over time, to provide more relevant content and offers to you."

So, in a publically accessible area of the site, they have told you that they are collecting search information. Not to mention there is a privacy policy that you should be reading before you use the service.

If there is someone to blame for your lack of privacy it is you, throwing your personal information on to a publically available and accessible service, operated by a privately owned company who have told you in explicit terms they are going to use your data however the see fit.

Stop throwing away your own goddamn freedoms, idiot.

Not likely

[brad77]

It's trading a devil you know for a devil you don't.

According to Ars Technica, Govern had only been at AOL for not quite a year. She replaced John McKinley as CTO after he was promoted to AOL's Digital Services group. He'll act as interim CTO until they find someone new.

It's more likely that they just traded a devil they don't know for a devil they do.