IBM Bans Siri as Security Threat; Apple Unclear How It Treats Data
Here's a good question for Apple's personal-assistant app, Siri: "What information are you collecting about me?"
Apple isn't saying much about the it stores from the service that has made the iPhone 4S a huge hit and how it's used. But the ability to collect that data is a cause for concern for big corporations like IBM.
The "Big Blue" computing giant says that Siri won't be helping IBM employees using iPhones check the weather, find directions or do quick Web searches. It's been banned by the company for security reasons. The company gives BlackBerry smartphones -- better known for security features -- to some employees, while others are allowed to use their own phone for company business, but that creates risks.
"We found a tremendous lack of awareness as to what constitutes a risk," CIO Jeanette Horan told the Massachusetts Institute of Technology's Technology Review.
So now, she says, "we're trying to make people aware." Using file-sharing services for documents is also prohibited, except IBM's MyMobileHub.
Because Apple sends all queries to its data center, the company is concerned that such information could reveal what employees are working on, jeopardizing corporate secrets.
Chester Wisniewski, a senior adviser at the cyber security firm Sophos, said IBM's approach may seem overly cautious, but addresses legitimate concerns.
"I think IBM is concerned because the voice recognition does not occur on the phone, rather it is done in the cloud," Wisniewski said. "Where are these cloud servers? Who operates them? Are the queries stored for any period of time? Are they securely erased after you get Siri's answer?"
Answers can be elusive; Apple's software license agreement for iOS, the iPhone's operating system, spells out that information will be collected by Siri or the Dictation feature and by consenting to use it users agree to let it be analyzed for the improvement of the system.
Collecting Your Nicknames
But the American Civil Liberties Union warned in a March blog post that Siri can collect: "The names of your address book contacts, their nicknames, and their relationship with you (for example, 'my dad,' or 'work'); Your first name and nickname; Labels you assign to your e-mail accounts (for example, 'My Home Email'); Names of songs and playlists in your collection."
The ACLU then details how you can opt out of using Siri.
Our request for comment from Apple was not answered at press time.
"This is standard operating procedure for Apple," Wisniewski said. "Everything is a secret, you don't need to know, nothing to see here, move along. "
He agrees with IBM that the level of security isn't good enough for enterprise use.
"Transparency is critical when sensitive information may be involved," Wisniewski said. "Most organizations might not think anything supersecret is being shared with Siri, and they are probably right. In fact Apple may be handling these transactions with incredible attention toward security. Or not.
"We simply don't know."
Posted: 2012-05-28 @ 4:22pm PT