AOL gaffe draws Capitol Hill rebuke

Democratic politician says flap shows new laws are necessary to force Web sites to delete data. Not everyone is convinced.

AOL's recent privacy gaffe that exposed user search histories may breathe new life into a proposal to slap strict rules on what data Internet companies may collect.

Rep. Ed Markey, a Massachusetts Democrat, said Wednesday that AOL's disclosure of the search habits of more than 650,000 of its users demonstrates that new laws are necessary. AOL has apologized for the disclosure.

"We must stop companies from unnecessarily storing the building blocks of American citizens' private lives," Markey said.

Markey's proposal, called the Eliminate Warehousing of Consumer Internet Data Act (EWOCID), was introduced in February after Google's courtroom tussle over search records with the U.S. Department of Justice.

Republicans have kept it bottled up in a House of Representatives subcommittee ever since, but a Markey representative said Wednesday that he hoped "this most recent breach will light a fire under the GOP leadership."

EWOCID is intended to cover far more than search engines. It seeks to import European-style privacy regulations by requiring all Web site operators to delete from their logs personal information, defined as everything from a name and e-mail address to--in some cases--an Internet Protocol address. Violations would be punished by the Federal Trade Commission.

Technology lobby groups including the NetCoalition, which represents companies such as Google, Yahoo and CNET Networks (publisher of, have expressed skepticism toward EWOCID. So have free-market advocate groups, such as the Pacific Research Institute in San Francisco.

"Rep. Markey's bill seeks to micromanage technology firms, which would be an enormous step in the wrong direction," said Sonia Arrison, the institute's director of technology policy. "Why on Earth would anyone think the FTC would do a better job at managing data than Google or Yahoo?"

Discussion of AOL's misstep, which exposed anonymized yet intimate details of its users' personal lives, also surfaced at the Search Engine Strategies conference in San Jose, Calif., on Wednesday.

Danny Sullivan, editor of Search Engine Watch, which hosts the event, asked Google Chief Executive Eric Schmidt whether Google would consider limiting the amount of time it retains user data in light of the AOL breach.

"We have actually had that debate," Schmidt said in response. "We are reasonably satisfied...that this kind of thing could not happen at Google," he added, before saying, "Never say never."

Later, Sullivan told CNET that the outcry over AOL's action "will definitely elevate the debate" over user privacy on the Internet. Unless anonymized data can be made "bullet proof" to attempts to tie it back to the individual, it should be deleted, he said.

"I think you have to delete it over time or separate out the data that lets you build a profile," Sullivan said.

At the federal level, privacy laws tend to be created erratically, spurred by one well-publicized emotional anecdote after another. Congress approved the Video Privacy Protection Act in 1988 after a newspaper published Supreme Court nominee Robert Bork's video rental records. The murder of actress Rebecca Schaeffer, whose killer found her address through California Department of Motor Vehicles records, led to the federal Drivers Privacy Protection Act.

Even though a Republican-dominated Congress is unlikely to adopt Markey's bill verbatim, especially in the face of opposition from Internet companies, the AOL disclosure could give the data-deletion idea more visibility when privacy legislation is being considered. Texas Republican Joe Barton, chairman of the House Energy and Commerce Committee, has said that he wants to enact a broad privacy bill by the end of the year--but he has not disclosed details of what it will include.

CNET's Elinor Mills contributed to this report.

Featured Video

Behmor's app controlled coffee maker links to the Web for better brewing

The $329 Behmor Connected Coffee Brewer boasts the guts of an SCAA-approved drip coffee maker melded with a Wi-Fi radio, plus Internet links and mobile app control all in the interest of creating better pots of java.

by Brian Bennett