From the EFF:
AOL’s data leak is a disaster, but there may be some silver lining. By putting the spotlight on the dangers of Internet companies storing massive amounts of private information, the data leak could spur better business practices and Congressional action to protect privacy.
While AOL rightly apologized and began investigation into its practices, Google CEO Eric Schmidt unfortunately appeared to shrug off the issue, essentially saying “trust us.” That’s not an adequate response, as the LA Times and USA Today made clear in editorials this week:
- LA Times: “The companies say they keep their logs private unless forced by a subpoena or court order to share the data with investigators or lawyers. That’s a start, but it would be far more comforting if they had clear data-retention policies limiting how long the information could be linked to individual accounts or Internet addresses.”
- USA Today: “[AOL's] screw-up raises larger questions, however, about whether companies like AOL and Google should be storing search requests…. AOL’s blunder … shows their privacy safeguards fall well short of foolproof.”
Those questions should also be taken up by Congress, as Rep. Ed Markey repeated this week. This issue isn’t just about mistaken public disclosures — the logs can be a dangerous honeypot of information for the government or any individual litigant wielding a subpoena. Congress must consider clarifying privacy protections and limiting data retention.