NEW YORK – AOL released the Internet search terms that more than 650,000 of its subscribers entered over a three-month period and admitted Monday that what it originally intended as a gesture to researchers amounted to a privacy breach and a mistake.
Although AOL had substituted numeric IDs for the subscribers' real user names, the company acknowledged the search queries themselves may contain personally identifiable data.
For example, many users type their names to find out whether sites have dirt on them and then separately search for online mentions of their phone, credit card or Social Security numbers.
• Click here to visit FOXNews.com's Cybersecurity Center.
A few days later, they may search for pizzerias in their neighborhoods, revealing their locations, or for prescription drug prices, revealing their medical conditions. All those separate searches would be linked to the same numeric ID.
"Search query data can contain the sum total of our work, interests, associations, desires, dreams, fantasies and even darkest fears," said Lauren Weinstein, a privacy advocate.
The company apologized for the disclosure.
"This was a screw up, and we're angry and upset about it," AOL spokesman Andrew Weinstein said. "It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant."
He could not say whether anyone has been disciplined, saying an internal investigation was continuing.
The disclosure comes as the Time Warner Inc. (TWX) unit tries to increase usage of its search services and other free, ad-supported features to offset a decline in subscriptions, a drop likely to accelerate with its recent decision to give away AOL.com e-mail accounts and software.
Although AOL gets search results and keyword ads from Google, which owns 5 percent of the company, AOL is trying to get people to search directly on its own sites in hopes of distracting them with an ad-supported video or two.
Ari Schwartz, deputy director of the technology watchdog group Center for Democracy and Technology, lauded AOL for responding quickly.
"We're glad to hear that AOL is treating this as a serious incident because it is a serious incident," he said.
He added that search engines should use AOL's disclosure to re-evaluate why they even retain such data.
"Old searches don't mean a lot to them and present a big risk to individuals," he said.
The AOL search data had been posted about 10 days ago but were not widely known outside the research community until Web journals began pointing to AOL's research site Sunday. AOL removed the file, but not before copies were already circulating on the Internet.
The data file included information on what search terms were used, when the search was conducted and whether the user clicked on any of the results.
One user, for instance, was repeatedly searching for information about divorcing someone whose husband is in the Army and about dating services in Oak Brook, Ill., while another kept searching for members of one family by name, along with a Chicago auto dealer and "naked Russian women."
All told, the file had information on 19 million queries from 658,086 subscribers from March 1 to May 31. The data only included searches conducted in the United States using AOL's proprietary software, which until last week was available only to paying subscribers. Searches made over the free AOL.com portal were not disclosed.
AOL's Weinstein said only 0.3 percent of all searches were released.
AOL, like other search engines, does make such data available to law-enforcement authorities with subpoenas. It complied with a Justice Department request for search queries as part of the Bush administration's effort to revive a law meant to shield children from online pornography. AOL said it did so without compromising users' privacy.
Google, on the other hand, fought the subpoena, and a judge ultimately ruled that the company didn't have to turn over specific search requests.
A display in the lobby of Google's headquarters in Mountain View, Calif., continually scrolls some of the searches being conducted through its site. The data, however, can be viewed only by people physically at Google, and multiple searches by the same person are not linked.
"It doesn't really matter if someone is peeking at you," said Alex Halavais, a professor of interactive communications at Quinnipiac University in Hamden, Conn. "When the data starts to get tied together, it becomes much more invasive."
He said such data would be useful for researchers like him, "but if I were an AOL subscriber, I would be a little more than upset."