AOL recently made 19 million AOL search transactions available on the Internet, ostensibly made anonymous by replacing user IDs with a number. That’s not good enough, AOL. A careful examination of the search contents could reveal the identity of some of the apparently not-so–anonymous users. Well, the blogs went wild, excoriating AOL for its inappropriate behavior. AOL apologized. Many people bemoaned the loss of people’s right to privacy. I bemoan it too, but that’s not the point of this posting.

Your employees do business-related searches on the Internet. They are essentially leaking corporate secrets onto the Internet. Their searches could be found and analyzed by a competitor, resulting in your competitor having an upper hand over you in competitive situations.

So what are you going to do about it? Stop them from using the Internet? Create your own Internet crawler and search engine? Or live with it?

Total secrecy is impossible to achieve in a practical way.

There’s a larger lesson here, too. Total control doesn’t make sense in most situations.

What am I missing? Let me know…

Submit a Comment | Permalink

Not only does total control not make sense in this environment but even introducing technology to maintain a modicum of control is a misplaced expenditure. The internet represents a vast source of knowledge and information of varying quality and accuracy. That your organisation would have individuals searching for specific information does not offer any competitive advantage to any other organisations to know, even when aggregated as a wider intelligence of that search. The vast majority of internet use for research and knowledge creation is for low-level operational stuff rather than inventions and ground-breaking ideas. Furthermore, these searches are highly unlikely to represent the operations of a coordinated study but rather the investigations of an individual who is unlikely to be an expert in the subject area.

By introducing greater levels of control over searches the message to the workforce is actually 'dont use the web for research' which negates many of the competitive advantages offered up by sensible web usage policies.

Even more importantly, the creation of local search technology may be fine if you are the CIA or PITA but is a distinct negative interms of return on investment and keeping pace with competitors. Search engines themselves are evolving rapidly and any home-grown options will not grow at the same pace, thereby locking corporations into trailing edge knowledge and solutions.

Give it some time. This latest scandal and the ensuing popular demand will lead to a new kid on the block for search technology that guarantees discretion of search regardless of the wishes of government.

Government agencies have dealt with this issue for quite some time. For example, patent examiners have to be careful about leaving tracks on the Internet when they do searches as part of patent claim investigation. Intelligence agencies face an obvious problem. There are anonymizer services and products available that can be used when this is a major concern, but of course you have to trust the anonymizer. There are also issues of enabling employees to use anonymizer services and bypass any URL filtering you may employ to assure that employees do not access illegal or dangerous (such as spyware-laden) websites.

The reverse of this problems also has interesting issues: many enterprises make great use of their customers search strings. In March of 2006 Whit Andrews of Gartner wrote "Denial-of-Insight Attacks Could Cripple a Critical Value of Enterprise Search," <a href="http://www.gartner.com/Disp...">exploring why and how the quality of search records needs to be protected.