AOL Watch: Invasion of Privacy

David Cassel (
Sat, 06 Jun 1998 01:16:13 -0400

		   I n v a s i o n   o f   P r i v a c y


AOL wants to spam their subscribers....

New policies make it harder to avoid AOL's pop-up advertisements -- since
requests not to receive ads will only be honored for 12 months!  "Near the
end of this period, AOL will notify you that your preference is about to
expire," keyword "Marketing Preferences" states -- and the ads will
resume, unless users re-affirm their decision.... 

Members who cancel and then reactivate their accounts will find another
surprise.  The clock measuring that one-year interval keeps ticking --
even during the period when they aren't AOL members!

More ad-related policies followed.  The keyword also announces AOL may use
e-mail ads (to "extend very special product and service offers" to
members.)  AOL also plans to "expire" requests not to receive those
e-mailed ads, or the ads AOL sends through the postal service... 

The new ad-grab has been downplayed.  In Wednesday's Community Update,
Steve Case told members the marketing preferences area had been
"re-designed", accompanying changes in AOL's Terms of Service area. 
"Despite this new format and style, there is little change in the way we
do business," Case had claimed.

Case's letter states the motive for the redesign was "to make it easier
for you to understand and make choices."  In fact, though, the procedure
for blocking advertisements is extremely difficult.  AOL divided them into
five different categories -- and for each category, users must click
through two separate screens before they can block its ads.  

David Sobel, a lawyer at the Electronic Privacy Information Center,
believes accounts should instead be set NOT to receive ads by default. 
"The industry generally has always been resistant toward that," he told
C|Net.  But aggressive advertising raised questions.  "How easy are they
making it to opt out?  It's always been difficult and it remains

In addition, the five blocks on AOL's ads must be activated separately by
each screen name!  Even after they've been activated, AOL warns
subscribers that "You may continue to receive some pop-up screen offers
while we process your request..."  (AOL's descriptions of plans for e-mail
advertisements, pop-up ads, and telemarketing calls all begin with the
same allowance for AOL's slowness...) 

It's another instance of AOL exploiting the personal information of their
subscribers for money.  (AOL cheerily described their policy of using
subscriber home phone numbers to telemarket products and services as
"extending very special products and service offers to members by
telephone...")  Users can also request not to be contacted by AOL
telemarketers -- though MSNBC's Brock Meeks reported in January that AOL
is required by law to honor "do not call" requests for a period of ten
years.  (At that time, AOL writes, "If you decide that you do not want to
receive these offers, you may return to this area to renew your

It's just the tip of the iceberg.  Elsewhere AOL frankly acknowledges that
"We make lists of members' names and addresses available" to pre-screened
companies -- and other policies also seem designed for AOL's benefit.  The
Member Agreement states AOL can block access to web sites they feel are
"injurious to AOL" -- and the new Privacy Policy includes similar
suspicious exceptions. (It states AOL will not read or disclose private
communications except to comply with legal processes, in the event of an
emergency -- or "to protect the company's rights and property....") 

In fact, suspicious provisions pervade the documents.  Wednesday AOL also
unveiled a new privacy policy -- but "Privacy Principle #4" seems like an
ANTI-privacy principle:  "We may use information about the kinds of
products you buy from AOL to make other marketing offers to you, unless
you tell us not to...."  

And "Privacy Principle #2"  reminds subscribers that "Our system
automatically gathers information about the areas you visit on our
service" -- a policy which concerns experts.  "AOL has a fairly bad record
going back several years now of not even being able to adequately control
the data they collect,"  EPIC's policy analyst told Brock Meeks in
January.  Once the data exists, it could be ultimately be used for other
purposes, including " 'divorce proceedings, government investigations. All
sorts of possibilities...' " 

But more significant changes lurk.  Years ago, the Electronic Freedom
Foundation noted that AOL has yet to "state clearly the boundaries within
which members are required to operate, or to present them with a specific
contract."  Yesterday AOL unveiled a new Terms of Service which will go
into effect July 15, "to provide a clear and complete explanation of our
policies," and outline each subscriber's "rights and responsibilities as
an AOL member."  Hitting the return key repeatedly is a TOS violation, as
is "inputting large images so the screen goes by too fast to read". 

Other important policies: 

* You will be considered in violation of AOL's Terms of Service if you
embarrass another member. 

* Slang versions of the words "breast" and "testicles" are not acceptable

* "Whether you are on AOL or using other Internet functions, it's
important to be polite." 

* "Partial or full frontal nudity is not okay." 

* "Discussions about or depictions of illegal drug abuse that imply it is
acceptable" are not allowed. 

* "You are required to follow our TOS no matter where you are on the

* "AOL reserves the right to treat as public any private chat room whose
directory or room name is published or becomes generally known or

* Users "may not allow former Members or other agents whose memberships
have been terminated to use their accounts." 

* "If your membership is terminated for violating this Agreement or the
Community Guidelines, AOL's express permission will be necessary before
you are allowed to use AOL again." 

* "Hate speech is never allowed." 

But AOL fails to clarify anything.  At the end of the section, AOL
declares most of these are "Guidelines", adding that "AOL makes the final

determination about whether content is objectionable or not."  Yet
Wednesday Case also sent e-mail to Community Leaders stating "Clear
policies are meaningless without consistent implementation."  He described
that as "a role that falls largely to you, the Community Leaders."

They may be unsympathetic.  In a surprise move, last month AOL announced
they would no longer sponsor numerous "Community Day" gatherings for their
Community Leaders, according to one Community Leader web page.  "AOL has
done it again," the page's author told AOL Watch.  "Remote staff have been
given another slap in the face..."  Travel subsidies will be drastically
reduced for the few events that do occur, and in-house staff will not
attend.  ( )  The page included a
petition -- and the webmaster confided there was a good reason it was
posted on the web.  "If we post it in the staff areas, it gets deleted!"

That's not their only problem.  One month ago, AOL unveiled a new
Non-Disclosure Agreement for Community Leaders.  "Once the online NDA is
available, you will have thirty days to accept the terms," a staffmember
announced May 13.  "If we have not received your agreement within the
thirty day period, we will assume that you cannot agree to the terms of
the NDA and we will adjust your volunteer duties accordingly." 

Both the non-disclosure agreement and the curtailing of off-line
gatherings suggest a distrust of AOL's employees.  The most controversial
provision states that "for one year after the end of my volunteer
relationship, I will not (a) attempt, directly or indirectly, to induce or
attempt to influence any employee of AOL to leave AOL's employ..."  It's
unclear what prompted AOL's suspicions -- but a web page created by one
AOL customer service staffers states that "There is a move to have the
union organizers stop by in June."

"I am a patent attorney," one Community Leader commented in an on-line
meeting with the volunteer program's "Manager of Information and
Planning".  "I see Non-Disclosure Agreements all the time, and this one is
no good."  One remote staffer reports turmoil.  "Several Community Leaders
commented that they were about to voluntarily relinquish their Community
Leader status -- and stop contributing their time to AOL -- in protest of
the agreement."

Another remote staffer raised concerns that pin numbers they entered with
their agreement would be compromised by hackers.  "We've seen our personal
information scrolled over chat screens, information that we have been told
is secure," they explained.  "So, please understand if there is questions
on this security."  But more reasons for concern surfaced last week..... 

Thursday AOL Watch reported that in several recent security lapses, AOL's
billing representative changed the passwords on accounts after callers had
provided only a home address and phone number.  Later that day AOL
conceded to Bloomberg News that the tactic had also been used to access an
account belonging to the ACLU. ( )

And the next day, the New Orleans Times-Picayune reported yet another
account had fallen to unauthorized access.

This incident was different.  The account belonged to Trent Reznor --
lyricist and keyboard player for the band "Nine Inch Nails".

"Apparently AOL isn't as secure as everyone thought," one ISP technical
support staffer posted to the Usenet newsgroup  "I honestly
don't understand how something like this could happen."

"One word," another poster answered.  "AOL."  The New Orleans paper
reported AOL had turned over control of the account to a woman when she
claimed to be Reznor's wife.  

The poster's only question?  "How did she manage to get through to
*anyone* at AOL so fast?"

The incident also raised serious concerns.  "Who's to say AOL wouldn't
start blabbling stuff about any of the rest of us?  After all, Tim McVeigh
wasn't a celebrity, and look how they screwed him over...  This isn't just
Trent's silly problem to be snickered at -- this has some serious
repercussions in terms of online confidentiality." 

In fact, it looks like security is a problem all around for AOL.  Earlier
this month, the Washington Post's "Crime Reporter" noted that "A purse, a
wallet, credit cards, a checkbook and cash were stolen from a conference
room at a business" at 22000 AOL WAY -- and it's not the first report.  In
October, it was "a computer and a monitor," and a year ago, it was a
laptop computer...

AOL's new privacy policy concedes that "It's a good idea to avoid
including information that could allow people to find you offline, such as
your phone number or exact street address".  But at least one AOL
subscriber demanded AOL show accountability on the issue.  Forwarding the
descriptions in last week's AOL Watch newsletter, they wrote "Dear AOL. 
Should you deliver information about my account in this manner, you will
face legal action."

AOL's reponse?  "Thank you for writing regarding the hoax e-mail now
circulating on the internet..."

Unfortunately, the ongoing security problems are all too real...,4,22538,00.html,4,22693,00.html

In an unfortunate coincidence, Monday AOL announced a deal with a company
named "Disclosure Incorporated".   

"AOL's commitment to protecting the privacy of our members is stronger
than ever," Steve Case wrote -- in January.  But four months later, at
least seven new incidents of security lapses surfaced...

Coincidentally, one of the provisions in AOL's TOS says "you agree to
indemnify and hold AOL harmless for any improper or illegal use of your

More importantly, according to AOL's new Terms of Service, "You understand
and agree that the cancellation of your account is your sole right and
remedy with respect to any dispute with AOL." 

In fact, the agreement is filled with discouraging clauses. 

  - AOL "does not guarantee that members will be able to access or use the
service at times or locations of their choosing, or that AOL will have
adequate capacity for the service as a whole or in any specific geographic

  - AOL's new Terms of Service specifies that they can block access to
sites which they feel are "injurious to AOL." 

  - AOL "reserves the right to change our fees or billing methods at 
any time".

- AOL will assess an additional 1.5% (or the highest amount allowed by
law, whichever is lower) per month late charge if your payment is more
than 30 days past due. 

- "You are responsible and liable for any fees, including attorney and
collection fees, that AOL may incur in its efforts to collect any
remaining balances from you." 

- And if subscribers don't billing discrepancies to AOL's attention within
90 days, "you agree that you waive your right to dispute such problems or

Many of AOL's new moves seem like naked attempts to maximize AOL's revenue
at the expense of subscribers.  Ironically, the "member agreement" portion
of AOL's new Terms of Service says it "clarifies" AOL's policy that
collecting screen names "for any purpose, including sending unsolicited
bulk e-mail or junk e-mail, is prohibited."  

Except, apparently, by AOL....


"Our kids' policies also require that advertising in kids' areas be
clearly marked," Steve Case wrote in yesterday's Community Update -- "and
the content on AOL and on Web sites linked from kids areas be appropriate
for children." 
Yet Wednesday all AOL mailboxes displayed the same banner ad.  "How Sexy
Are You?"

David Cassel
More Information -


    Please forward with subscription information.   To subscribe to this
    list, type your correct e-mail address in the form at the bottom
    of the page at -- or send e-mail to

    To unsubscribe from the list, send a message to MAJORDOMO@AOLWATCH.ORG
    containing the phrase UNSUBSCRIBE AOLWATCH.

Copyright © 1995-1998 All Rights Reserved.
Web service provided by Cloud 9 Internet