I'm Feeling Lucky_ The Confessions of Google Employee Number 59 - Douglas Edwards [126]
More curious was a September 4 Usenet post archived in Google groups. A writer calling himself "Nostradamus" had written, "Wait 7 days, and then maybe I'll answer this post. You see, I am going away in seven days, and you will not hear from me again." Seven days later was 9/11. Kulpreet, our in-house attorney, informed me that the FBI had already asked about it.
As soon as the names of the suspected terrorists were released, I ran them all through Google. Only one returned something interesting. A Palestinian relief organization headquartered in the United States showed up when I searched for Mohamed Atta. However, his name was nowhere to be found on the site. I clicked on Google's cached version of the page, a snapshot of the way the site had looked when we crawled it weeks earlier. That older version of the page referred to several cases the organization had been involved with, including that of a seventeen-year-old Mohamed Atta. Atta had been helped with medical treatment at an American hospital after being admitted with a gunshot wound. I checked the current version of the website again, but Atta's story no longer appeared—and as far as I could tell, his bio was the only one that had been removed. I had no idea how common the name Atta was, and I didn't know if this was the same Mohamed Atta who had been identified as a hijacker, but I wanted to help and the deletion seemed suspicious. Unsure what to do with the information, I consulted Sergey. He told me to pass it on to the FBI.
Sergey, too, had been thinking about how Google might be used to identify the terrorists, but his thinking went deeper than mine. First, he forwarded to Karen and me a Terrorist Activity Information form to post on the site so that users could report tips to the FBI. Then he very quietly asked a small group of us to begin checking our log files.
"Google is big enough at this point that it's entirely possible the terrorists used it to help plan their attack," he pointed out. "We can try to identify them based on intersecting sets of search queries conducted during the period prior to the hijackings." It made sense. While after 9/11 there were many queries about the World Trade Center and the explosive potential of a fully fueled jetliner, it seemed likely there had not been a great number before that date.
A quick note of explanation about what data was in our logs. We did not have personal information about users (names and addresses), but like most websites, Google placed a unique string of numbers on each user's computer when it connected to our site. This string of numbers is known as a cookie. In our logs, all searches were associated with the cookie and the IP address of the computer conducting the search. So if we saw one cookie connected to several searches relating to the bombing, we might be able to identify the user's Internet address. And by looking at other searches he had conducted, we might be able to determine his real-world identity. For example, if the user had searched on his own name (a relatively common occurrence), that search would be connected by his cookie to the other searches he had done.
Sergey compiled a list of words to look for in the logs, including "Boeing," "aviation school," "Logan airport," and "fuel capacity." In a first run, the logs team found about a hundred thousand queries a day that matched some of his criteria. I added a set of terms I derived from searches across message boards where the names of the hijackers had appeared before 9/11, though I realized it was likely those messages were coincidental posts by unfortunate users sharing the hijackers'