http://www.eweek.com/article2/0,1759,1776146,00.asp By Ryan Naraine March 15, 2005 America Online Inc. plans to make three small but significant modifications to the terms of service [1] for its AIM instant messaging product to head off a firestorm of privacy-related criticisms. The tweaks to the terms of service will be made in the section titled "Content You Post" and will explicitly exclude user-to-user chat sessions from the privacy rights an AIM user gives up to AOL. "We're not making any policy changes. We're making some linguistic changes to clarify certain things and explain it a little better to our users," AOL spokesperson Andrew Weinstein told eWEEK.com. The modifications will use similar language from the AIM privacy policy to "make it clear that AOL does not read private user-to-user communications," Weinstein said. "We'll be adding that to the beginning of the section to make it clear that the privacy rights discussed in that section only refer to content posted to public areas of the AIM service." More importantly, Weinstein said a blunt and inelegant line that reads "You waive any right to privacy" will be deleted altogether. "That's a phrase that should not have been in that section in the first place. It clearly caused confusion, with good reason," Weinstein conceded. Over the last weekend, AOL representatives moved to quell public criticism [2] of the terms of service after the issue was first flagged [3] on Weblogs and discussion forums. But, the company's damage-control moves did not sit will with legal experts, who argued that AOL's stance that user-to-user IM communications were exempt did not match the language in the terms of service. Justin Uberti, chief architect for AIM, also joined the discussion, admitting the controversial section of the terms of service was "vague" and needed to be reworded. Uberti explained on his Weblog [4] that the amount of IM traffic on the AIM network "is on the order of hundreds of gigabytes a day." "It would be very costly, and we have no desire to record all IM traffic. We don't do it," Uberti wrote. For AIM users who remain distrustful, Uberti pointed out that the application offers Direct IM (aka Send IM Image) and Secure IM in all recent versions. "In other words, you can send your IMs in such a way that they never go through our servers, and/or are encrypted with industry-standard SSL and S/MIME technology. I know this since I designed these features. There are no backdoors; I would not have permitted any," Uberti said. [1] http://www.aim.com/tos/tos.adp [2] http://www.eweek.com/article2/0,1759,1775743,00.asp [3] http://www.eweek.com/article2/0,1759,1775649,00.asp [4] http://journals.aol.com/juberti/runningman/ _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Wed Mar 16 2005 - 05:34:25 PST