Wired points to a recent Technology Review interview with IBM chief information officer Jeanette Horan highlighting the issues of the "bring your own device" trend in which employees choose their own mobile devices to bring to the workplace and use for company business. But even when employees wish to use their own devices, IBM locks down a number of features for security reasons, cutting off access to Siri, iCloud, and Dropbox among other services.
Horan calls IBM's security outlook "extremely conservative", noting that the company is concerned about Siri queries being stored on Apple's servers. As Wired notes, Apple does indeed store such information in order to perform transcription and offer results, as well as keeping it for some time in order to help improve overall performance.
It turns out that Horan is right to worry. In fact, Apple’s iPhone Software License Agreement spells this out: “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text,” Apple says. Siri collects a bunch of other information — names of people from your address book and other unspecified user data, all to help Siri do a better job.
How long does Apple store all of this stuff, and who gets a look at it? Well, the company doesn’t actually say. Again, from the user agreement: “By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.”
Because some of the data that Siri collects can be very personal, the American Civil Liberties Union put out a warning about Siri just a couple of months ago.
Apple is far from the only company to store users' personal information on its servers, but its popularity unsurprisingly places the company in the spotlight and is a particular focus for those such as corporate security personnel seeking to maintain privacy and control over such data.