Siri and iCloud Banned at IBM Headquarters over Security Risks

Wednesday May 23, 2012 7:00 AM PDT by Eric Slivka
Wired points to a recent Technology Review interview with IBM chief information officer Jeanette Horan highlighting the issues of the "bring your own device" trend in which employees choose their own mobile devices to bring to the workplace and use for company business. But even when employees wish to use their own devices, IBM locks down a number of features for security reasons, cutting off access to Siri, iCloud, and Dropbox among other services.

Horan calls IBM's security outlook "extremely conservative", noting that the company is concerned about Siri queries being stored on Apple's servers. As Wired notes, Apple does indeed store such information in order to perform transcription and offer results, as well as keeping it for some time in order to help improve overall performance.
It turns out that Horan is right to worry. In fact, Apple’s iPhone Software License Agreement spells this out: “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text,” Apple says. Siri collects a bunch of other information — names of people from your address book and other unspecified user data, all to help Siri do a better job.

How long does Apple store all of this stuff, and who gets a look at it? Well, the company doesn’t actually say. Again, from the user agreement: “By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.”

Because some of the data that Siri collects can be very personal, the American Civil Liberties Union put out a warning about Siri just a couple of months ago.
Apple is far from the only company to store users' personal information on its servers, but its popularity unsurprisingly places the company in the spotlight and is a particular focus for those such as corporate security personnel seeking to maintain privacy and control over such data.
97 comments


Top Rated Comments

(View all)
Avatar
applesith
57 months ago
IBM doesn't want proprietary information dictated to Siri because it will be stored on Apple's server. Not surprising.
Rating: 27 Votes
Avatar
Consultant
57 months ago
So they should ban all search engines and all Google products then?
Rating: 10 Votes
Avatar
mlmwalt
57 months ago

IBM doesn't want proprietary information dictated to Siri because it will be stored on Apple's server. Not surprising.


Exactly. I'm surprised you don't hear about it more. Even though data protection is a common sense thing, I wouldn't put my company's stuff into my iCloud account. And I certainly wouldn't put anthing of critical value on my iPhone, even password protected.
Rating: 9 Votes
Avatar
teknishn
57 months ago
Sooo, don't use the corporate wifi on your phone. I wouldnt want my bosses knowing what Im doing on the intraweb anyway.
Rating: 8 Votes
Avatar
Stella
57 months ago

This is an underhanded move by IBM. /QUOTE]

How is it ever underhanded!? IBM feel that SIRI is a security risk so they block it.

In fact, many organizations cut off access to certain websites / ports ( i.e., no FTP ). At my place of work we cannot get to social networks, FTP, nor can we get to the iTunes Appstore or MAS.

This story is a bit of a non story, really.

Rating: 7 Votes
Avatar
Joe-Diver
57 months ago

Its a completely understandable concern. Apple are in effect second to Google now when it comes to your personal information.


Personally I don't care because 90% of the "personal information" I've provided is false anyway.
Rating: 5 Votes
Avatar
convergent
57 months ago
I believe this much overblown story is being taken out of context, and possibly a complete misquote. IBM expressly forbids using ANY public cloud based service for company work, so this has nothing to do with Apple. Unless there has been a change in policy, the only forbidden use of Siri is from the lock screen before you've typed in your password. It is possible that the CIO is planning a policy change, but I'd be surprised.

IBM has a leading edge BYOD policy that is a model for other companies. Striking the right balance between personal and business use is always a challenge, but I've happily used my Mac and iPhone for years when neither are "official" company platforms. Most company's IT departments would never allow this type of thing. When an employee is permitted to connect their personally owned device to the company network, that comes with some limitations and constraints that provide a layer of data security to the company.

I hope with this attention it will cause Apple to realize they need to better support the enterprise in iOS. RIM has set the standard here with their new OS, in providing a walled off area for protected enterprise functions, while allowing consumer activities outside the box. I would like to see in iOS, this type of thing. There is no reason that you should have to enter a hard password to get to games, music, GPS, phone, and internet browsing. But to access VPN, company email/calendar/contacts, and selected other business apps, there should be the correct authentication and time out controlled by company policy. It would see that this could easily be built into iOS and I think would really give Apple the upper hand in enterprise acceptance.
Rating: 5 Votes
Avatar
Stella
57 months ago

IBM has secrets? dont they just release one ****** computer after another with slightly updated specs?


IBM no longer make PCs, and haven't done so for a number years....
Rating: 5 Votes
Avatar
NorEaster
57 months ago

This is an underhanded move by IBM. Reminds me of a situation in Atlas Shrugged when a large "unbiased" organization comes out and says they aren't sure if a new steel is safe to use in a public project like building a railroad, which of course makes everyone afraid to ride on said rails out of fear of the unknown. Same applies here, IBM is playing the "we can't be sure of its security" card to pretty much make people question the iCloud service.


And what exactly would IBM gain from making people question the iCloud service? Do you have any proof that IBM's motivation is what you claim it to be?

Have you thought that maybe IBM doesn't want security leaks? Imagine: You're the VP of hardware engineering and you're meeting with a component supplier to discuss manufacturing ramp-up of a new product you plan on releasing in 6 months. You use Siri to setup appointments and/or dictate a message to the supplier. Would you want this transmitted to a cloud-based server that you have no control over, especially knowing Apple's terms of service allow Apple and its business partners to use the data as they see fit?

This isn't a "Let's instill fear in the public" move by IBM; it's actually sensible on their part.

This mentality of bashing anything that could potentially be construed as anti-Apple really is pathetic.
Rating: 5 Votes
Avatar
Monkey Butler
57 months ago

This is an underhanded move by IBM. Reminds me of a situation in Atlas Shrugged when a large "unbiased" organization comes out and says they aren't sure if a new steel is safe to use in a public project like building a railroad, which of course makes everyone afraid to ride on said rails out of fear of the unknown. Same applies here, IBM is playing the "we can't be sure of its security" card to pretty much make people question the iCloud service.


It's important to remember that absolutely nothing in Atlas Shrugged is applicable to the real world.
Rating: 4 Votes
[ Read All Comments ]