[ISN] AOL To Modify AIM Terms of Service

[InfoSec News]

http://www.eweek.com/article2/0,1759,1776146,00.asp

By Ryan Naraine 
March 15, 2005 

America Online Inc. plans to make three small but significant
modifications to the terms of service [1] for its AIM instant
messaging product to head off a firestorm of privacy-related
criticisms.

The tweaks to the terms of service will be made in the section titled
"Content You Post" and will explicitly exclude user-to-user chat
sessions from the privacy rights an AIM user gives up to AOL.

"We're not making any policy changes. We're making some linguistic
changes to clarify certain things and explain it a little better to
our users," AOL spokesperson Andrew Weinstein told eWEEK.com.

The modifications will use similar language from the AIM privacy
policy to "make it clear that AOL does not read private user-to-user
communications," Weinstein said.

"We'll be adding that to the beginning of the section to make it clear
that the privacy rights discussed in that section only refer to
content posted to public areas of the AIM service."

More importantly, Weinstein said a blunt and inelegant line that reads
"You waive any right to privacy" will be deleted altogether.

"That's a phrase that should not have been in that section in the
first place. It clearly caused confusion, with good reason," Weinstein
conceded.

Over the last weekend, AOL representatives moved to quell public
criticism [2] of the terms of service after the issue was first
flagged [3] on Weblogs and discussion forums.

But, the company's damage-control moves did not sit will with legal
experts, who argued that AOL's stance that user-to-user IM
communications were exempt did not match the language in the terms of
service.

Justin Uberti, chief architect for AIM, also joined the discussion,
admitting the controversial section of the terms of service was
"vague" and needed to be reworded.

Uberti explained on his Weblog [4] that the amount of IM traffic on
the AIM network "is on the order of hundreds of gigabytes a day."

"It would be very costly, and we have no desire to record all IM
traffic. We don't do it," Uberti wrote.

For AIM users who remain distrustful, Uberti pointed out that the
application offers Direct IM (aka Send IM Image) and Secure IM in all
recent versions.

"In other words, you can send your IMs in such a way that they never
go through our servers, and/or are encrypted with industry-standard
SSL and S/MIME technology. I know this since I designed these
features. There are no backdoors; I would not have permitted any,"  
Uberti said.

[1] http://www.aim.com/tos/tos.adp
[2] http://www.eweek.com/article2/0,1759,1775743,00.asp
[3] http://www.eweek.com/article2/0,1759,1775649,00.asp
[4] http://journals.aol.com/juberti/runningman/