Showing posts with label aol. Show all posts
Showing posts with label aol. Show all posts

Tuesday, August 26, 2008

Privacy? We Got Over It.

Yesterday's Wall Street Journal had an interesting Op/Ed on privacy, highlighting contemporary expectations of privacy.

Information Age - WSJ.com

Privacy? We Got Over It.

August 25, 2008; Page A11

In 1988, Congress banned video stores from disclosing the titles of films that people rent. The issue arose because in the battle to block Robert Bork from the Supreme Court, someone leaked his video rentals.

Fast-forward to this summer, and a federal judge hearing a $1 billion copyright complaint by Viacom ordered YouTube to turn over online records about which computer addresses were used to watch which videos on the site. The judge dismissed privacy concerns as "speculative." How quickly our expectations of privacy have changed.

Privacy advocates objected that with access to Internet protocol addresses, it would be possible to track who watched what. Hundreds of millions of people have watched videos on YouTube since its founding in 2005 -- indeed, by one estimate, virtually everyone who uses the Web has watched a video on the site. This makes it surprising that there was such little public outcry about this potential loss of privacy. Google, which owns YouTube, has complied with the judge's order by using encryption to hide individual records, but it is indeed "speculative" how much people would object to disclosing this online behavior.

This incident is a telling moment. We seem to be following the advice of Scott McNealy, chairman of Sun Microsystems, who in 1999 said, "You have zero privacy anyway. Get over it." And the observation by Oracle CEO Larry Ellison: "The privacy you're concerned about is largely an illusion. All you have to give up is your illusions, not any of your privacy."

These comments could be dismissed as technology executives trying to minimize complaints about technology. But whatever we say about how much we value privacy, a close look at our actual behavior suggests we have gotten over it. A recent study by AOL of privacy in Britain found that 84% of people said they would not disclose details about their income online, but in fact 89% of them willingly did.

Amazon closely records our taste in books, Gmail scans our emails to deliver relevant ads, and electronic tolls track where we drive. Profiles on MySpace and Facebook are accessible, forever. The disclosure that Judge Bork liked to rent British comedies seems quaint in comparison.

Records about us are no longer kept in scattered manila files in dusty cabinets, but digitally, which means in permanent records that can be combined with other records to paint a full picture of our tastes and habits. Information held by different retailers, insurers and government agencies can be mined to create constantly updated files more complete than the most tenacious intelligence report on a suspected criminal a generation ago.

Privacy advocates do their jobs by reminding us of these risks, but our choices all seem to be in the direction of trading away privacy. The fantastic power and convenience of digital life has led us to change what we consider private in ways that we can only begin to understand.

Indeed, our expectations of privacy have changed radically over time. Stanford law professor Lawrence Friedman in his recent book, "Guarding Life's Dark Secrets," documents the total lack of privacy expectations through the medieval period, when people lived together with no option for privacy, to a period of privacy for some people and some purposes as part of what he calls the "Victorian compromise." Propriety was defined through social norms focused on reputation, which included significant freedom for otherwise scandalous behavior if it was done carefully, in private.

"If the nineteenth century was a world of privacy and prudery, a world of closed doors and drawn blinds," Mr. Friedman writes, "then the world of the twenty-first century is the world of the one-way mirror, the world of the all-seeing eye."

We now seem happy to trust companies with our information for benefits such as one-click buying and online searches for personally relevant results. In a digital world where it is possible to know more than ever about everything, including one another, the new vice may be the flip side of privacy -- concealing information about ourselves of legitimate value to others.

In the physical world, surveillance cameras, satellites and bio-recognition systems have redefined privacy expectations. We have learned that "privacy can be very dangerous," as federal appeals judge Richard Posner has observed. "Obviously if you're a terrorist, privacy is enormously important. So the more we think of privacy as endangering us, that will reinforce these commercial incentives to surrender privacy."

Privacy remains a virtue, or at least we still say it does. But the balance has been tipped by other values, such as transparency, a free flow of information and physical security. We're in the early stages of adapting to more digital and visible lives, with privacy expectations better defined by what we do than by what we say.

Friday, July 11, 2008

Privacy protections disappear with a judge's order

More commentary on the Viacom v. Google/YouTube case, this time from MIT's Technology review:

Technology Review: Privacy protections disappear with a judge's order

Privacy protections disappear with a judge's order

By Associated Press

NEW YORK (AP) _ Credit card companies know what you've bought. Phone companies know whom you've called. Electronic toll services know where you've gone. Internet search companies know what you've sought.

It might be reassuring, then, that companies have largely pledged to safeguard these repositories of data about you.

But a recent federal court ruling ordering the disclosure of YouTube viewership records underscores the reality that even the most benevolent company can only do so much to guard your digital life: All their protections can vanish with one stroke of a judge's pen.

"Companies have a tremendous amount of very sensitive data on their customers, and while a company itself may treat that responsibly ... if the court orders it be turned over, there's not a lot that the company that holds the data can do," said Jennifer Urban, a law professor at the University of Southern California.

In the past, court orders and subpoenas have generally been targeted at records on specific individuals. With YouTube, it's far more sweeping, covering all users regardless of whether they have anything to do with the copyright infringement that Viacom Inc., in a $1 billion lawsuit, accuses Google Inc.'s popular video-sharing site of enabling.

It's a scenario privacy activists have long warned about.

"What we're seeing is (that) the theoretical is becoming real world," said Lauren Weinstein, a veteran computer scientist. "The more data you've got, the more data that's going to be there as an attractive kind of treasure chest (for) outside parties."

U.S. District Judge Louis L. Stanton dismissed privacy arguments as speculative.

Last week, Stanton authorized full access to the YouTube logs -- which few users even realize exist -- after Viacom and other copyright holders argued that they needed the data to prove that their copyright-protected videos for such programs as Comedy Central's "The Daily Show with Jon Stewart" are more heavily watched than amateur clips.

"This decision makes it absolutely clear that everywhere we go online, we leave tracks, and every piece of information we access online leaves some sort of record," Urban said. "As consumers, we should all be aware of the fact that this sensitive information is being collected about us."

Mark Rasch, a former Justice Department official who is now with FTI Consulting Inc., said the ruling could open the floodgates for additional disclosures.

Though lawyers have known to seek such data for years, Rasch said, judges initially hesitant about authorizing their release may look to Stanton's ruling for affirmation, even though U.S. District Court rulings do not officially set precedence.

The YouTube database includes information on when each video gets played. Attached to each entry is each viewer's unique login ID and the Internet Protocol, or IP, address for that viewer's computer -- identifiers that, while seemingly anonymous, can often be traced to specific individuals, or at least their employers or hometowns.

Elsewhere, search engines such as Google and Yahoo Inc. keep more than a year of records on your search requests, from which one can learn of your diseases, fetishes and innermost thoughts. E-mail services are another source of personal records, as are electronic health repositories and Web-based word processing, spreadsheets and calendars.

One can reassemble your whereabouts based on where you've used credit cards, made cell phone calls or paid tolls or subway fares electronically. One can track your spending habits through loyalty cards that many retail chains offer in exchange for discounts.

Though companies do have legitimate reasons for keeping data -- they can help improve services or protect parties in billing disputes, for instance -- there's disagreement on how long a company truly needs the information.

The shorter the retention, the less tempting it is for lawyers to turn to the keepers of data in lawsuits, privacy activists say.

With some exceptions in banking, health care and other regulated industries, requests are routinely granted.

Service providers regularly comply with subpoenas seeking the identities of users who write negatively about specific companies, at most warning them first so they can challenge the disclosure themselves. The music and movie industries also have been aggressive about tracking individual users suspected of illegally downloading their works.

Law enforcement authorities also turn to the records to help solve crimes.

The U.S. Justice Department had previously subpoenaed the major search engines for lists of search requests made by their users as part of a case involving online pornography. Yahoo, Microsoft Corp.'s MSN and Time Warner Inc.'s AOL all complied with parts of the legal demand, but Google fought it and ultimately got the requirement narrowed.

In the YouTube case, Viacom largely got the data it wanted.

Google has said it would work with Viacom on trying to ensure anonymity, and Viacom has pledged not to use the data to identify individual users to sue. The YouTube logs will also likely be subject to a confidentiality order.

But privacy advocates warn that there's no guarantee that future litigants will be as restrained or that data released to lawyers won't inadvertently become public -- through their inclusion as an attachment in a court filing, for instance.

And retailers, government agencies and others are regularly announcing that personal information, stored without adequate safeguards, is being stolen by hackers or lost with laptops or portable storage drives.

"You just never know," said Steve Jones, an Internet expert at the University of Illinois at Chicago. "There are some circumstances under which what seems to be private information is going to be shared with a third party, and the court says it's OK to do that."

Copyright Technology Review 2008.

Saturday, November 03, 2007

AOL to permit opting out of targeted ads

Apparently, AOL is going to permit users to opt out of online targeted advertising. See: AOL's 'Do Not Track' Effect - eMarketer.

Monday, November 20, 2006

Privacy: The Problem That Won't Go Away

Information Week is always a good source of privacy reporting and today they've posted a really good article on the changing face of privacy and how companies need to adjust. The article is about eight printed pages long, but here are the topics covered:

Privacy: The Problem That Won't Go Away - Your privacy mistakes can easily become everyone's business. Here's how to keep your company--and your career--out of the spotlight
  • It's A Strategy, Not Just A Policy
  • Privacy Laws Will Change—Often
  • You Can Excel--Don't Just Avoid Screwups
  • All Data Is Sensitive
  • Retain The Right Data, For The Right Time
  • Helping Can Hurt You--Even With The Feds
  • Partners Can Be Your Biggest Problem
  • Technology Can Create New Problems
  • One Privacy Approach Can't Cover All

They've also posted two great sidebars: Technology To The Rescue: From anonymizers to network monitors to identity management sysems, there's a host of privacy-enhancing products and strategies available and Privacy File: 10 Events That Impacted The IT Landscape - Here's a quick scan of recent events, which have roiled the privacy waters at AOL, at the FBI, and in Europe.

Read it, learn it, live it.

Sunday, October 22, 2006

Search Engine Privacy Standard Proposed

Virante, an internet marketing company, has made an interesting proposal to protect the privacy of search engine users. It suggests that users should be able to opt out of having their search tracked by IP address or cookie by appending "#privacy" to the search query. Here's the release from Virante:

Press Release - Search Engine Privacy Standard Proposed To Protect Users:

New website proposes a new search standard, #privacy, to protect user privacy when performing search engine queries.

/24-7PressRelease/ - DURHAM, NC, October 22, 2006 - With recent data leaks at AOL, governments seeking information from Google on its users, and no simple user privacy solutions available, a standard for empowering user search privacy has finally been proposed. PoundPrivacy.org is spearheading a search privacy revolution with its proposed #privacy standard. Our proposal is that the #privacy flag could be added to the end of searches by users to tell the search engine 'don't track this query.' In response, the search engine should not track the user by IP address or cookie, and the query should not be made public in keyword tools. The website carefully addresses the one exception to this capability - queries in which a crime is likely being committed (like the solicitation of child pornography) should be excluded from the #privacy flag.

PoundPrivacy.org contains an open letter addressed to the major four search engines - Google, Yahoo, Microsoft, and Ask - requesting that they adopt the #privacy standard. Additionally, the site offers ideas on ways individuals who agree with the standard can support the campaign, including blogging about it, linking to poundprivacy.org, and sending out emails to friends.

About Virante, Inc.

Virante, Inc., is a leading internet marketing solution provider. For more information please visit Virante Web Marketing Solutions or contact us at Email Virante, (919) 459-1088, 1-800-650-0820.

Also check out www.poundprivacy.org.

UPDATE: Adam over at Emergent Chaos thinks this is a silly idea and I must say I agree with just about everything he says, other than the bit about the goat. I'm sure they're not that expensive.

Emergent Chaos: A Very Silly Idea: #privacy, and poundprivacy.org:

"This is silly on a number of levels:

  1. It propagates the simplistic 'opt-in/opt-out' thinking that the US marketing industry has been promulgating for decades. Look where that thinking has taken us.
  2. It defaults all queries to opt-in, implied by absence of an opt-out. Privacy should be a default, and the 'right' way to implement this would be with #trackthis.
  3. It will be prone to user error (typos) and forgetting. It offers no way to say, set a privacy cookie. Even Doubleclick does that.
  4. Implementation is left as an exercise for the search engines, who are supposed to both magically not track your queries, and magically track them if you might be violating a law. (I say magically because I have some understanding of how web logs actually work.)
  5. For some remarkable reason, no search engine has actually bothered to comment on the proposal. Certainly, no one has accepted it yet. So why am I blogging about it?
  6. Really, this idea is one level above an idea I had at the pub last night. Unfortunately, as it turns out, goats are expensive, and probably won't walk on treadmills. It's a good thing I sobered up before setting up a web site."

Sunday, August 20, 2006

World Privacy Forum files FTC complaint against AOL

First of all, apologies for the extremely light writing as of late. I was at the Canadian Bar Association's annual get-together in St. John's, Newfoundland last week, followed by a week of vacation in Toronto with one of my sons. Things will be back to normal in about a week. Unless there's a huge pile of work to catch up on, which may be the case.

Back to the business of this blog ....

The World Privacy Forum has filed a complaint (PDF) with the US Federal Trade Commission over AOL's disclosure of slightly de-identified search data to researchers:

World Privacy Forum Files FTC Complaint About AOL Data Releases

The World Privacy Forum filed a complaint today with the Federal Trade Commission regarding AOL's multiple releases of portions of its users' search query histories. The complaint discusses AOL search query releases from 2004 and 2006. The complaint alleges that the data release was intentional, and due to significant identifiability issues of the data subjects, that the releases are harming some AOL customers, and that AOL customers did not know their search histories would be made available to the public. The World Privacy Forum urges consumers to take precautions when using search engines. For more see the complaint (PDF). Also see the World Privacy Forum Search Engine Privacy Tips.

Via ComputerWorld: Privacy watchdog says AOL violated its own policy.

Sunday, August 13, 2006

Zimmer's thoughts on the AOL search data release

Michael Zimmer has spent some time in the last little while thinking about the recent AOL release of search data, a portion of which can be traced back to individuals. Check out some of his insightful posts:

Friday, August 11, 2006

AOL blunder revives debate over data retention law

The AOL search data blunder (see below) has revived discussion and interest in an American law that was proposed after the earlier fight with the Department of Justice over search data:

AOL gaffe draws Capitol Hill rebuke CNET News.com

Rep. Ed Markey, a Massachusetts Democrat, said Wednesday that AOL's disclosure of the search habits of more than 650,000 of its users demonstrates that new laws are necessary. AOL has apologized for the disclosure.

"We must stop companies from unnecessarily storing the building blocks of American citizens' private lives," Markey said.

Markey's proposal, called the Eliminate Warehousing of Consumer Internet Data Act (EWOCID), was introduced in February after Google's courtroom tussle over search records with the U.S. Department of Justice.

Republicans have kept it bottled up in a House of Representatives subcommittee ever since, but a Markey representative said Wednesday that he hoped "this most recent breach will light a fire under the GOP leadership."

Wednesday, August 09, 2006

Users identifiable by AOL search data

An intrepid reporter from the New York Times has provided a vivid illustration that the supposedly de-identified search data released by AOL is not really anonymous.

A Face Is Exposed for AOL Searcher No. 4417749 - New York Times

Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield.

No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers” to “60 single men” to “dog that urinates on everything.”

And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.”

It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her.

What this really illustrates is the risk posed by simply keeping data around. AOL says they keep the data for a month and this particular database was used internally for research to optimize the AOL service. The usual risk to consider is that the data will illicitly go out the back door, but in this case it went out the front door.

Now the cat's out of the bag: Someone has put the database online, allowing you to search the searches (http://www.aolsearchdatabase.com/). Many of the searches reveal sad details about the users and browsing is creepily voyeuristic. Now Thelma's data is out there, along with searches of over six hundred thousand others.

Thanks to Michael Geist for the link.

Monday, August 07, 2006

AOL gives loads of users' search histories to researchers

It really wasn't that long ago that Google, AOL, Yahoo! and MSN were in the privacy crosshairs over the potential release of user search records to the US Federal Government. (See: The Canadian Privacy Law Blog: US DOJ has subpoenaed Google's search records.) In that saga, the US Department of Justice subpoenaed Google's search records as part of a lawsuit to which Google was not a party. The search giant resisted and privacy advocates were upset to learn that MSN, Yahoo! and AOL handed over reams of supposedely anonymized customer information.

Now, Wired and others are reporting that AOL has handed over three months of search activity of 350,000 AOL users to researchers. The 400MB of data has been pulled off the web, but is already out there. Wired's 27B Stroke 6 blog quotes an EFF lawyer who believes this is a violation of the US Electronic Communications Privacy Act, the statutory damages for which probably add up to $658,000,000. Read more about it at 27B Stroke 6: AOL 's $658 Million Privacy Breach?

It appears that though the information isn't linked to IP addresses or user names, the data does show the sequence of searches from individual users and, in some cases, the user can be identified by searching for themselves.

Update: AP has a good report on this that features how this sort of release can disclose very intimate personal information even if user names are replaced with numeric identifiers:

AOL: Searches by 650K people got out - Yahoo! News:

"Although AOL had substituted numeric IDs for the subscribers' real user names, the company acknowledged the search queries themselves may contain personally identifiable data.

For example, many users type their names to find out whether sites have dirt on them and then separately search for online mentions of their phone, credit card or Social Security numbers. A few days later, they may search for pizzerias in their neighborhoods, revealing their locations, or for prescription drug prices, revealing their medical conditions. All those separate searches would be linked to the same numeric ID.

'Search query data can contain the sum total of our work, interests, associations, desires, dreams, fantasies and even darkest fears,' said Lauren Weinstein, a privacy advocate.

The company apologized for the disclosure.

'This was a screw up, and we're angry and upset about it,' AOL spokesman Andrew Weinstein said. 'It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant.'"

See also: AOL Removes Search Data on Group of Web Users - New York Times.

Saturday, February 04, 2006

Queries about search queries answered

With all the fuss about search engines and what they know about users, Declan McCullagh of CNET has asked some probing questions of Google, Yahoo!, MSN and AOL. The answers are interesting: FAQ: When Google is not your friend Tech News on ZDNet.

Technorati tags: :: :: :: :: :: :: :: :: :: :: ::

Thursday, January 19, 2006

Other search engines handed over data to US DOJ

I blogged earlier today that the US Department of Justice subpoenaed a huge amount of data on search requsts from Google. Google said no and is challenging the request in court (see: The Canadian Privacy Law Blog: US DOJ has subpoenaed Google's search records). It now turns out that the other major search engines handed over the data. See: Boing Boing: DoJ search requests: Google said no; Yahoo, AOL, MSN yes.

Technorati tags: :: :: :: ::

Saturday, August 27, 2005

AOL and E-Trade offer login tokens to users

The title of this recent Washington Post article is another example of the overuse of the term "identity theft": A New Key to Fighting Identity Theft. The article is not about assuming someone's identity and getting credit in their name, but it is interesting nevertheless ...

Both America Online and E-Trade are offering their users an additional level of login security by using RSA's number generating tokens for a two-factor authentication.

"That number acts as an extra, one-time password by matching up with an identical number generated at the same time by a computer at AOL or E-Trade's offices. Both the token and the computer had their clocks synchronized at birth, ensuring that each would generate matching random six-digit numbers at the same intervals.

The idea here is to ensure that password theft has no value. Each six-digit number's utility expires once it's used, but without it a regular user name and password alone won't log a customer in."

This is obviously a good thing, though it won't do a lot for real identity theft and we could end up with a whole mess of these things on our keychains.

Friday, August 19, 2005

No reasonable expectation of privacy in Internet subscriber information

InternetCases.com has a summary of a recent American decision in which the Court found that AOL subscribers have no reasonable expectation of privacy with respect to their identities. AOL disclosed a subscriber's identity to police without a warrant and the subscriber sued:

InternetCases.com: No reasonable expectation of privacy in Internet subscriber information:

"...First, by signing up for service, a subscriber knowingly discloses information to the ISP, which is accessed and used by the ISP to provide services. Second, AOL's terms of service provided that AOL would release subscriber information 'in special cases such as a physical threat to [its customer] or others.' Such a provision was especially relevant given the underlying facts of this case. Third, the Electronic Communications Privacy Act, 18 U.S.C. ss 2510 et seq. provides that subscriber information can be divulged in situations where the risk of physical injury justifies its release..."

Wednesday, August 17, 2005

Jail sentence for personal info theft

A former AOL employee has been sentenced to a year and three months in jail for stealing screen names and e-mail addresses from the company and selling them to spammers. More details here: AOL Worker Who Stole E-Mail List Sentenced - Yahoo! News.

Friday, March 18, 2005

AOL's EULA: Fear, confusion and a fanatical devotion to legalese ...

The editorial staff of the Harvard Crimson have produced an opinion piece related to the AOL Instant Messenger privacy fuss. Though the focus is on jargon-laden EULAs (end-user license agreements), privacy notices have may of the same characteristics:

The Harvard Crimson Online :: Opinion:

"You've Got Jargon: AOL’s two main weapons are fear, confusion, and a fanatical devotion to legalese

By THE CRIMSON STAFF

We do it without a moment’s thought. We click the box and accept the “terms” without pause. What are the actual terms? No one really knows—and, more often than not, no one really cares. But perhaps we should pay more attention to the content of these curious provisos—these End-User License Agreements (EULAs) that accompany most any piece of software. If the new changes to the terms of service of one of America Online (AOL) Inc.’s most popular applications are any indication, it’s easy to pull a fast one on unassuming customers without any real accountability. In their current, indecipherable form, however, it’s safe to assume that people will continue to “agree” to these terms without thinking. It is essential that EULAs be more up-front and comprehensible; they should be written in “plain English” to avoid any underhanded policies that might require signing away one’s soul—inadvertently.

The changes in question affect something very dear to almost any Harvard student, and increasingly almost any person who owns a personal computer, cell phone, or other trendy technological device that allows for epistolary e-interaction. And it stirs paranoia in anyone who generally enjoys the world of impersonal, anti-social online banter. That is, it affects the users of the ubiquitous AOL Instant Messenger (AIM).

AOL’s new terms, affecting anyone who downloaded AIM after Feb. 4, 2004 as well as anyone planning to update the program in the future, explain that, “by posting content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this content in any medium. You waive any right to privacy.” Frightening words, indeed....."

Monday, March 14, 2005

AOL goes back to the drafting board on its AIM Privacy Policy

CNET News is reporting that AOL is planning to redraft its "inartfully drafted" privacy statement to clarify that they do not require users to waive their rights to privacy. Or, depending upon whom you believe, to back off from their original plan to have users waive their rights to privacy.

AOL clarifies IM privacy guarantee | CNET News.com:

"America Online said late Monday that it plans to revise its user agreement in response to concerns that instant messages sent through the company's service could be monitored.

The new policy for AOL Instant Messenger, or AIM, will stress that the company does not eavesdrop on customer's conversations except in unusual circumstances such as a court order, an AOL spokesman said..."

I bet there's a room full of lawyers busily redrafting the policy while I write this.

As a more than casual observer of privacy incidents and damage control, it will be interesting to see what the blogsphere will have to say about this. Many, I am sure, will be waiting for the final re-draft before cutting AOL any slack. My next prediction: The mainstream media will pick up on the original story for tomorrow's papers. To AOL's distress, I predict that many will not cover the proposed re-draft, resulting in more adverse publicity and greater damage control efforts.

Rob Hyndman wades into the AOL debate

Fellow Canadian blogger and technology lawyer, Rob Hyndman, is quoted in eWeek discussing the AOL Terms of Service that have caused such a stir recently. I have to say that I agree with his observations about how easy it is to draft something heavily in favour of your client which may not be entirely appropriate given the circumstances. Read his contributions here:

AOL: AIM Conversations Are Safe:

"....Rob Hyndman, a technology lawyer based in Ontario, pointed out that the terms of service covers the entire AIM product and does not explicitly exclude instant messaging.

'I think the AOLs of the world don't take the impact their TOS [terms of service] have on users seriously enough, generally because they have market power and the customer doesn't,' Hyndman told eWEEK.com, arguing that the AIM terms of service appears all-encompassing."