Wired points to a recent Technology Review interview with IBM chief information officer Jeanette Horan highlighting the issues of the "bring your own device" trend in which employees choose their own mobile devices to bring to the workplace and use for company business. But even when employees wish to use their own devices, IBM locks down a number of features for security reasons, cutting off access to Siri, iCloud, and Dropbox among other services.
Horan calls IBM's security outlook "extremely conservative", noting that the company is concerned about Siri queries being stored on Apple's servers. As Wired notes, Apple does indeed store such information in order to perform transcription and offer results, as well as keeping it for some time in order to help improve overall performance.
It turns out that Horan is right to worry. In fact, Apple’s iPhone Software License Agreement spells this out: “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text,” Apple says. Siri collects a bunch of other information — names of people from your address book and other unspecified user data, all to help Siri do a better job.
How long does Apple store all of this stuff, and who gets a look at it? Well, the company doesn’t actually say. Again, from the user agreement: “By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.”
Because some of the data that Siri collects can be very personal, the American Civil Liberties Union put out a warning about Siri just a couple of months ago.
Apple is far from the only company to store users' personal information on its servers, but its popularity unsurprisingly places the company in the spotlight and is a particular focus for those such as corporate security personnel seeking to maintain privacy and control over such data.
Top Rated Comments
Exactly. I'm surprised you don't hear about it more. Even though data protection is a common sense thing, I wouldn't put my company's stuff into my iCloud account. And I certainly wouldn't put anthing of critical value on my iPhone, even password protected.
IBM has a leading edge BYOD policy that is a model for other companies. Striking the right balance between personal and business use is always a challenge, but I've happily used my Mac and iPhone for years when neither are "official" company platforms. Most company's IT departments would never allow this type of thing. When an employee is permitted to connect their personally owned device to the company network, that comes with some limitations and constraints that provide a layer of data security to the company.
I hope with this attention it will cause Apple to realize they need to better support the enterprise in iOS. RIM has set the standard here with their new OS, in providing a walled off area for protected enterprise functions, while allowing consumer activities outside the box. I would like to see in iOS, this type of thing. There is no reason that you should have to enter a hard password to get to games, music, GPS, phone, and internet browsing. But to access VPN, company email/calendar/contacts, and selected other business apps, there should be the correct authentication and time out controlled by company policy. It would see that this could easily be built into iOS and I think would really give Apple the upper hand in enterprise acceptance.