Establishing Digital Trust: Don't Sacrifice Security for Convenience
MIT Technology Review's Brian Bergstein reports that IBM has banned the use of Apple's Siri personal assistant, along with several other services including iCloud and Dropbox, on its employees' devices. "Before an employee's own device can be used to access IBM networks, the IT department configures it so that its memory can be erased remotely if it is lost or stolen," Bergstein writes. "The IT crew also disables public file-transfer programs like Apple's iCloud; instead, employees use an IBM-hosted version called MyMobileHub. IBM even turns off Siri, the voice-activated personal assistant, on employees' iPhones. The company worries that the spoken queries might be stored somewhere."
"IBM’s restriction on services such as Siri follows the company’s 2010 adoption of a 'bring your own device' policy, allowing employees to use personal devices to access IBM networks and data," writes The Mac Observer's Jim Tanous. "The policy, which now sees 80,000 of the company’s 400,000 workers using their personal smartphones and tablets, has created security headaches for IBM’s IT and legal departments."
"IBM has good reason to worry," writes Business Insider's Julie Bort. "Whatever you say to Siri isn't between just you and your phone ... it is sent to Apple and Apple hasn't really spelled out where that data is stored, or for how long, who can use it and so on. Apple's iPhone License Agreement [PDF file] just makes people agree to let Apple have it: 'By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services,' the agreement says."
"Privacy was always a big concern for Siri’s developers, says Edward Wrenbeck, the lead developer of the original Siri iPhone app, which was eventually acquired by Apple," writes Wired's Robert McMillan. "And for corporate users, there are even more potential pitfalls. 'Just having it known that you’re at a certain customer’s location might be in violation of a non-disclosure agreement,' he says."