Are you using AOL IM at work?
November 5, 2002 9:29 AM   Subscribe

(Admittedly, if you need a positive spin on this, this new version of AIM will now be able to be used by financial companies, like your stockbroker, to contact you with a hot buy/sell tip. Due to the insecure nature of regular versions of the product, this was previously impossible.)
posted by crunchland at 9:30 AM on November 5, 2002

if your employer was keen on spying on you, the chances are excellent they've been reading your AIM conversations for some time. this is just AOL's (limited) entry into that market of software.
posted by moz at 9:37 AM on November 5, 2002

Much as I think bosses shouldn't make a habit of reading employee's email, IM conversations, phone conversations, internet histories, they really do have that right, so I don't see much to worry about here. (Well, not much extra to worry about, anyway...)

Still, interesting that they are offering this service. (Especially given what moz said.)
posted by Fabulon7 at 9:41 AM on November 5, 2002

All they need is a packet sniffer... AIM messages are plain text.

Put Trillian w/ SecureIM on both ends of the conversation and you're all set. Now get back to work you lazy bums.
posted by techgnollogic at 9:48 AM on November 5, 2002

If my employer snooped on me I'd quit, but my employer does have the right to see what goes on over their network. So far I haven't had problems, even though I have an SSH encrypted session to an external computer almost all of the time. Where I work and with what I do worrying about AIM is ridiculous anyway. All I really have to do is burn a few CD-Rs and I'll have done hundreds of millions in theoretical damages. Even if they take away CD-Rs there's still a pretty substantial chunk of IP within my mind. If you're out to screw your company they really won't be able to prevent it.
posted by substrate at 9:54 AM on November 5, 2002

That's why I ssh home and do all my personal work there. centericq fills all my IM needs.
posted by jammer at 10:01 AM on November 5, 2002

I think this smacks less of the "Big Brother" spin destined to be attached to it and more with providing a secure real-time communication platform.

As everyone has already noted - if a business wishes to monitor your online communications today, it's fairly easy (and already has happened where 'inappropriate' instant messaging has led to people being fired).
What this provides is a secure line for two people to communicate sensitive information with a higher level of confidence that hackers or even just casual listeners can listen in or pretend to be someone they are not on the other line.

I see this having great application in fighting child molestors by providing authentication services for who the child communicates with, as well.
posted by rich at 10:08 AM on November 5, 2002

Ofcourse there's already something called AIM Sniff, which is a utility for monitoring and archiving AOL Instant Messenger messages across a network. AIM Sniff will also monitor for an AIM login and then perform an SMB lookup on the originating computer in order to match NT Domain names with AIM login names. A very basic Web frontend is included for your convenience.

And all open source :)
posted by flow at 10:16 AM on November 5, 2002

This is also a massive lawsuit waiting to happen. True, Fabulon7, your boss has the right to spy on you, but does he have the right to spy on who you're talking to? Last time I checked, IM requires two people to be typing back and forth. If I'm at work and writing to my friend in another state, hell- another country, does my boss have the right to invade his privacy, all the while possibly violating differences in international privacy law? The only way the second party could agree to my boss's right to do that would be a covert change in the IM software's EULA, which of course is very possible.

Also, I don't get the marketing logic... they're going to sell the privacy-invading version and leave the original, "un-tappable" version for free? The only offices I've ever worked in that were liberal enough to allow AIM in the first place were offices that would have allowed me to remove a corporate edition and install any version I want. I fail to see how anyone other than a boss would willingly acquire a version of AIM that touts the ability to be tapped as a special feature.

The contrast, and scenario I am waiting for, of course, is for AOL to suddenly announce that all versions via both EULA and software "upgrades" are now prone to boss inspection, and that you can make yourself "personally secure" with their handly new premium edition for only $9.95 a month.

In either scenario, I'll be counting the weeks- make that days- after the release of this to see which happens first- the lawsuit or a hacker releasing a crack to prevent any third-party spying.
posted by XQUZYPHYR at 10:33 AM on November 5, 2002

XQUZYPHYR: Again.. this is less of a 'phone tap' and more of a mutually secure communication.

As far as the rights of the person you are talking to - in the finance world it is common practice to record telephone conversations. The phone recording usually has an intermitant 'beep' on the line. This has a variety of uses - one that I actually was involved with concerned a missed option right worth a few millions dollars. We went to the phone tape to review exactly what everyone had said about it.
I don't see this as a privacy-invasion version.. but then in this crowd, I'll probably be a minority.
posted by rich at 10:41 AM on November 5, 2002

Trillian can encrypt AIM conversations... kind of a neat side-benefit of using it.

I'm not sure how secure it is -- but it boasts 128-bit encryption and should be enough to ward off casual snoopers.
posted by ph00dz at 11:02 AM on November 5, 2002

The same people who actually need to worry about this in the first place will always find a way to waste their bosses time, no? But I agree with XQUZYPHYR's privacy issues here. Maybe AOL will have to write in a heading warning all of the possibility their text will be recorded, etc. And how about AOL? Anything for a buck? Geez! :)
posted by LouReedsSon at 11:08 AM on November 5, 2002

This is also a massive lawsuit waiting to happen. True, Fabulon7, your boss has the right to spy on you, but does he have the right to spy on who you're talking to?

Playing the devil's advocate, I'd say that the boss has a right to spy on whatever is transpiring on the company's network, using the company's bandwidth. It could be argued that the spyee knowingly sent the messages while the recipient was at work (when you IM someone, you almost always know if they're at home or work).

Besides, I can't file a lawsuit just because someone happened to read an IM message I intended for someone else. There have to be damages, meaning that the boss would have to do something about the message in such a way that I would (A) find out about it, and (B) be damaged by it.
posted by oissubke at 11:12 AM on November 5, 2002

oissubke, when I read CNN's website here at the office, that data is being transmitted over the company network with company bandwidth. That doesn't give them the right to CNN's content. That's like hacking into a radio feed because the waves are "going through your house." The fact that a company merely exists is not legal basis for anything that interacts with it becomming its sole property.

Unless it's mentioned in the IM conversation, there is absolutely no way to say that anyone "knew" anything without expressing consent or there being blatant proof they were notified in advance.

And this is far beyond "happening to read." We're not talking about seeing an open window someone left on their monitor. This is a software upgrade that specifically allows you to see the conversation.
posted by XQUZYPHYR at 11:42 AM on November 5, 2002

I'm suppose the issues would depend on how high up the person reading the IMs would be.

Many of my IMs from work are along the lines of "ok, am leaving now, see you in the parking lot," which would be unobjectionable as a telephone conversation, so I don't see IM as a problem. Admittedly, I do bitch about the company's software being buggy and subpar, but anyone who works with it knows that, so it would only be the drones high enough up they don't have to use it who wouldn't be making the same comments themselves. (Many of my IMs are also along the lines of "Software... loading... slowly... talk to me for two minutes before I go psychotic..." and then I drop the conversation when the system finishes its job.)
posted by Karmakaze at 1:09 PM on November 5, 2002

As far as the rights of the person you are talking to - in the finance world it is common practice to record telephone conversations.

in my state (the last time i checked) you have to have the consent of both parties to record a telephone conversation.
posted by lescour at 1:15 PM on November 5, 2002

in my state (the last time i checked) you have to have the consent of both parties to record a telephone conversation.

The odd part about these types of laws is that they are usually specific. It may be against the law in your state to record video with voice, but what about video alone? Surprisingly, the laws are more lax if you take audio out of the equation.

This might fall under the same kind of shortcoming in the legal system, as most states probably don't have a law prohibiting the monitoring of IM without consent. (But if audio is in there, you've got a case!)
posted by samsara at 2:55 PM on November 5, 2002

>Put Trillian w/ SecureIM on both ends of the conversation and you're all set.

I use Trillian's encryption all the time or I'll run an encrypted (ssh) VNC session, but if your company is logging keystrokes (and trust me many/some do) it really doesnt make a difference.
posted by skallas at 3:18 PM on November 5, 2002

I have the right to monitor any traffic that passes through my computer. I don't think the radio wave analogy really stands up here. Similarly a company has the right to view any data passing through their private network, whoever is sending it.
posted by ed\26h at 6:40 PM on November 5, 2002

XQUZYPHYR: You're confusing monitoring with 'sole right to content'.

The company is not monitoring the person on the other end of the call. They are not claiming sole ownership and redistribution rights. See - they're only going to take action against their own employee, not against the person they are talking to (as noted by oissubke) - which would really be the burden that damages incurred.

There is a slight difference in purpose, as well as the rights that you seem to be will be infringed upon. Also, you ahve to have the 'reasonable expectation of privacy.' Today, I doubt you could claim reasonable expectation of privacy when then person you're talking to is at work at a company that is concerned about mis-use of resources.

But, still everyone is ignoring the real purpose of this - for both parties to identify themselves securely to eachother. For financial companies, this would be a great app to put on top of trading systems and execution services. For children, this would be a great app to provide secure chat rooms for kids (if an effective security check could be thought up).
posted by rich at 7:15 AM on November 6, 2002

But, still everyone is ignoring the real purpose of this

If, by ignoring, you mean "mentioning it in the first message of the thread," then you're right, we have been ignoring the real purpose.
posted by crunchland at 8:44 AM on November 6, 2002