Instant messaging (IM) is the dirty little secret of a lot of Canadian businesses.
It's being used to replace those silly pink phone message slips. Commodities traders rely on it to work out deals. People are booking their appointments on it.
Yet, out of the box, most IM products are hopelessly insecure, legally ambiguous and maybe downright dangerous.
"We've banned instant-messaging use outright," says Faye West, Internet service provider director of information systems for the Alberta Research Council. "We were concerned about the security and legal implications."
Companies I contacted either denied allowing IM at work, or said they had no idea if it was being used. However, America Online (AOL), which is just one of several IM providers, claims that 14 million people use their AOL Instant Messenger (AIM) service in the workplace.
They also say their combined (home and business) number of unique AIM visitors per month in Canada was 262,000 in February. So somebody is using this thing and a walk down most office corridors will disclose a lot of furtive typing in IM windows.
Corporations have good reason to be concerned about rampant use of what is sometimes called "insecure messenger.”
IM has become the new playground of the bad guys. They're sending out nasty "spim," the IM version of spam. They're passing around viruses such as Bropia and Kelvir, which are custom-designed to be sent by IM. Confidential company files are being transferred over IM, often without the knowledge of the firm's IT department. And now, AOL, the most popular IM service provider, is even making claims to own some of the content posted by its AIM users.
Changes to AOL's terms of service for its IM product created a firestorm of protest last month, centring on the controversial "you waive any right to privacy" sentence. Users all over the world, particularly in the privacy- conscious U.S., hit the roof thinking that AOL might be snooping on them. Heck, the media giant based in Dulles, Va., might even wind up publishing your first novel just because you sent it over their IM service!
Not so, says AOL vice-president Brian Curry, who admits "it's partially our fault.”
Just to make it clear, he confirmed in an interview that "we don't claim to own the messaging traffic that goes over our network. We had asserted ownership for information that was publicly posted by end users, such as rating a buddy or publishing information about yourself. In that case, we do make those claims. But for messaging traffic between individuals, we don't store that, we don't own that, that's just a misunderstanding."
AOL's published terms of service have been amended, though some legal and technical experts say they're still vague and possibly dangerous to a company's intellectual property. So, it just might be smarter to print out that great marketing plan, or idea for your next patent, and walk it down the hall to your colleague's office rather than risk sending it over IM.
What's really going on here is a sense that IM is poised to explode and everybody wants a piece of the action. Andrew Osis, CFO of Calgary-based Illumicell, calls IM "the new Internet ... the next thing to be commercialized."
His company has signed an agreement with Yellow Pages Group and Microsoft, whose IM product leads the pack worldwide, to make Yellow Pages data instantly available through IM. It's just one of a plethora of "presence-enabled" applications we can expect to see soon.
AOL's Brian Curry predicts that "when you visit a job-finding site or a financial-trading site, you'll see a little yellow running man in there.”
That AOL trademark icon will indicate a human presence - someone (or some thing, because it might be a "bot") who is waiting to give you instant customer service.
In a move into Microsoft's turf, AOL recently launched a public beta test of AIM Sync, a product that puts the little running man into your Microsoft Outlook to indicate when your contacts are online.
One key difference between Microsoft and AOL's IM architecture is that you have to establish your identity for Microsoft on their service, for example with a .Net passport or Hotmail e-mail address.
AOL has taken a different approach, allowing companies to create and authenticate their own screen names. Companies want to own the persona of their users, so if I work for a bank I look like somebody who works for the bank. Through partner companies such as FaceTime Communications, the bank could validate all screen names against its corporate directory and restrict their use to times when the employee is actually working on bank business.
There are, by the way, technical ways to ban instant messaging, such as the registry changes provided at winguides.com. However, a smarter approach is probably to buy a properly controlled IM environment from a company such as FaceTime or Akonix. Then, when something goes wrong, you'll have somebody to call. These products can also allow the documentation of IM traffic, which is vitally important for some industries such as securities companies.
Instant messaging has come a long way since 1996, when an upstart Israeli company called Mirabilis created the category with its ICQ ("I Seek You") product. In its first six months of Internet life, ICQ signed up 850,000 users. Its assets were acquired by AOL in 1998.
Now IM has become an indispensable tool for teens and pre-teens as they scurry home to hook up online with people they saw at school 15 minutes ago. As that generation moves into the workforce, companies are going to need even smarter policies to deal with the tap-tap-tapping that will be going on in those shiny glass towers.
Web watch:
(Tom Keenan is a professor at the University of Calgary and an expert on technology and its social implications. He can be reached at keenan@businessedge.ca)
