A story floating about claims that Yahoo and AOL "gave themselves the right to read emails" and "access bank records," according to a report by PJ Media.

I've already seen people panicking in a way reminiscent of those reports that the tax cut eliminated deductions for small businesses.

Take a deep breath. I'm no lawyer, but I've covered contracts, users agreements, security, privacy, and data practices of large companies for many years. I've read the same materials used as the basis for the story and think the conclusions are largely bunk.

Let's take this bit at a time.

Your email was already being scanned

The "discovery" that Yahoo, at least, was scanning emails popped up in April in a CNET report. Many others jumped on. But CNET, to it's credit, remembered that Yahoo started scanning emails in 2013 to better target ads.

Yahoo previously had been a holdout. Google was doing it years earlier. According to CNET, AOL didn't have such a provision in its user terms, so that is a change.

Verizon had bought both AOL and Yahoo and rolled them up into a wholly-owned subsidiary called Oath. It was the new privacy policy from Oath that many reacted to last month, particularly in the context of Cambridge Analytica. However, if you've been using Yahoo mail or Gmail or some others, the contents of what you write were already under observation.

This is a big reason why I've had my own domain for years and pay for hosting. I still have to deal with the potential of an ISP looking over what I'm doing, but at least it cuts out one major data vacuum. Or you could use an encrypted email system like ProtonMail.

It's not suddenly open season on your bank account

The part that has kicked up the biggest reaction among the admittedly limited data set I'm working from -- people I know professionally who have talked about this -- was the thought that Yahoo and AOL, through Oath, had given themselves permission to browse through your bank account.

From what I can see, not a chance. The article at PJ Media pointed to the following section from the Oath FAQ for communications products & analysis of photos, attachments & other content:

How Does Oath Treat Information From Financial Institutions?
Oath aims to offer products and services of interest to our users and, to that end, Oath may analyse user content around certain interactions with financial institutions. This enables Oath to build features which facilitate interactions with such institutions as well as offer more relevant ads when users are served ads by the Oath network. Oath leverages information which financial institutions are permitted to send via email (governed by regulations on what financial institutions may send via email to ensure user privacy). Regulated financial institutions are required to send sensitive information via other means, such as brokerage statements.

If you read the entire FAQ, or at least the first few paragraphs, you see that automated systems "may analyse [sic] all communications content (such as Mail and Messenger content, including instant messages and SMS messages) and all photos and other content uploaded to your account". They can do this to plan new services, better target advertising, fulfill your authorized requests, provide reporting (including to third parties), and more.

Now reread the piece about information from financial institutions. The information Yahoo and AOL can look at is in emails or messages that you send and receive through their systems. If you send and receive emails or messages through other services, they don't have the right to look at them. They don't have them, period.

Oath also notes the federal limitations on what banks can send you about your account through unsecured means, like email or texts or instant messages. Not to shrug off concerns about the information that does get transmitted, but the sensitive items won't be sent that way

As for access to bank accounts through a change in terms of service, that is absurd on its face given the state of banking laws in the U.S. Have you ever called your bank and tried to get information? You need to prove you are who you say you are. And unless you've provided them with the name of the bank and the account number, how would they know which bank account to check?

Can a company make regular contact with your bank regarding your account? Yes, in the sense that you can set up repeating debits, say for a subscription of some kind, or to send you money, whether an employer or client. But that isn't the result of some terms of service.

Should you be concerned about your privacy and prying companies? Of course. Especially when some, like Yahoo, have had multiple major data breaches.

But your bank information is not open to them just because someone misread an FAQ.

Published on: May 30, 2018