comScore
Uncategorized Wednesday, May 23rd 2012 at 9:41 am

IBM Bans Siri at the Workplace, Says it’s a Security Risk

By ( ) Comments

For some, Siri is an invaluable assistant, allowing for easy searching of the web and email dictation. For others, it’s a source of constant entertainment as it bumbles its way through human communication. For IBM, Siri is a security risk. So much so, that they have banned the use of Apple’s voice assistant at the workplace.

In an interview with the MIT Technology Review, IBM’s chief information officer Jeanette Horan said that Siri — along with a host of other potentially secret-leaking services like DropBox — is banned in IBM offices. From the article:

Before an employee’s own device can be used to access IBM networks, the IT department configures it so that its memory can be erased remotely if it is lost or stolen. The IT crew also disables public file-transfer programs like Apple’s iCloud; instead, employees use an IBM-hosted version called MyMobileHub. IBM even turns off Siri, the voice-activated personal assistant, on employees’ iPhones. The company worries that the spoken queries might be stored somewhere.

“We’re just extraordinarily conservative,” Horan says. “It’s the nature of our business.”

The concern for IBM is that everything you say into Siri is stored at an Apple data center. For those unfamiliar, Siri works by recording your query, whisking it away to a data processing center over your data connection, and then returning the results. The heavy lifting of natural language processing is done elsewhere, as well as on your phone.

Apple stores your voice queries at its data center in order to improve Siri’s results. The idea is that all those question and answer sessions we have with Siri could eventually be used to make Siri more clever and responsive. It also sends and stores some personal information — like nicknames and location — but is apparently stored in a semi-anonymous manner.

In fact, as Wired points out, all this is spelled out in the iPhone Software License Agreement — a document no one in their right mind read when purchasing an iPhone. From the agreement:

When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and, for Siri, to also process your requests. Your device will also send Apple other information, such as your first name and nickname; the names, nicknames, and relationship with you (e.g., “my dad”) of your address book contacts; and song names in your collection (collectively, your “User Data”). All of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services.

What’s missing in this disclosure is what that information is used for, how long it’s stored for, and whether or not those queries can be traced back to you.

Before you freak out and disable Siri, it’s important to remember that for an everyday person, the information stored by Apple is extremely vague. A series of questions about the weather or telling Siri to search the web for pictures of Eddie Money doesn’t reveal a whole lot about you. However, using Siri’s dictation feature to write private emails could be a smidge disconcerting for some.

Also, Wired points out that the location data might give away key business dealings if it were linked back to the speaker.

While we’ve seen that even disparate information from cellphones can tell you a lot about a person, it relies on being able to tie that information to an individual. While Apple may be storing your Siri queries, those scraps of information may not be organized. Trying to piece them together might be like trying to reconstruct a letter from a bag of shredded documents. Given the flack that Apple took for their location services “tracking” people last year, the company has probably taken great pains to keep what information they have safe and obscure.

While IBM may not trust Siri, I probably won’t be staying up late fretting over whether or not my iPhone is building up a dossier of my silly questions. But then again, I don’t have billion dollar business deals and corporate secrets to worry about.

(Wired, MIT Technology Review, totally fake screenshot via iFakeSiri)

Relevant to your interests

Filed Under |
  • Anonymous

    For ha ha’s I asked Siri the same question, her response was “Shut the fuck up you ugly asshole, I don’t know what you mean by “My secrets are safe with you right Siri?”

    Been a while since I’d used Siri, I’d forgot I’d changed my name to “Shut the fuck up…”   :)   Someday I’ll remember to ask her something she can’t answer in public, should be fun…

  • BK – disillusioned Apple p

    This is what I as a former Apple fan have endured and am currently seeking legal advice. I am now concerned as to what Apple are hiding?

    In response to an email from Martin Reed, a Data Privacy officer dated 25 March 2013, which wrongly again tries to confuse my request to provide me information about the personal data extracted by Dictation software and the operating system so I may make an informed decision about which sensitive information to delete with my Apple ID which grants me purchasing rights and access to services.

    Further to advice from solicitors, I asked Apple to escalate the legal department to which Apple had forced me to write and address the issues regarding my consumer rights and data protection rights. This was because the Apple agent Martin Reed had not only failed to address the issues in my letters but undermined requests by confusing my Apple ID with my personal contacts and unknown ‘other information’ despite numerous clarifications. The personal contacts and ‘other information’ is extracted but not declared and presently held without my permission contrary to the Data Protection Act.

    The correspondence from Martin Reed, a Data Privacy Officer on 22 March 2013 said: “Your other questions and concerns are being reviewed and we expect to reply within a further 5 working days.” I was wrongly given the impression that all my correspondence would be properly reviewed by Apple’s legal department and the serious issues raised would be addressed in full. However, it appears that Apple is refusing to address the following issues: Firstly not declaring that a computer purchased from Apple with new software will invade an Apple consumers privacy upon use; secondly, the personal records extracted from Apple software and the new operating system will not be declared contrary to the Data Protection Act; thirdly this will compromise the ability of an Apple consumer to have sensitive personal data to be deleted contrary to the Data Protection Act; fourthly, it is disappointing for me as a former Apple fan that the world’s most advanced technological company only allows you to make a complaint in writing and has subsequently not only gone out of its way to ignore or obfuscate the issues but has spent considerable efforts in failing to address the issues and some of its staff have made false statements about UK law which has sought to deny me access to my statutory rights. I believe this to be the case for the following reasons:

    I wrote to Apple and explained that I had not understood the change to Apple culture and the intrusive nature of using Apple Dictation software. Further investigations revealed that Apple extract sensitive personal data and I asked for the immediate removal of this personal data. I gave notice for Apple to inform me about the nature of the personal information extracted by the operating system and Dictation software so I could make an informed decision as to the information I wanted to be deleted under the Data Protection Act. Given that I am now also aware that a company such as IBM bans the use of Apple voice assistant software, I believe consumers such as myself should protect their personal contacts and personal data.

    I asked for all personal data extracted by Apple software such as Dictation and the new operating systems to be deleted under the Data Protection Act.

    I stated that Martin Reed’s correspondence has sought to obfuscate matters by trying to confuse my request to remove personal data extracted by the operating system and the Dictation software with the purchasing guarantee and services granted by my Apple ID. I stipulated that I did not ask for my Apple ID to be removed but did ask for what “other information” is extracted by the Dictation software, the Apple operating system or other software.

    I set out very clearly why I believe that the extraction of the contacts and “other information [which Apple fails to declare] is excessive and unnecessary when compared to other voice software and why I believe it violates not only my privacy but those of my contacts given other voice software has no need to extract such information. I believe the extraction of this data to be an abuse of privacy.

    I have stipulated that at the time of purchase, Apple failed to declare that the software supplied has conditions for use which extract sensitive personal data contrary to Supply of Goods and Services Act. I consider this to be a misrepresentation.

    I consider the manner in which this information was extracted to be a breach of my contract with Apple and the implied conditions of trust revealing a change of culture.

    At the time of purchase, Apple failed to declare that the operating system and software supplied would invade my privacy if used. This makes such software worthless to me as a consumer. If Apple is extracting such data to try and catch up with Facebook and Google. These changes are at the expense of its consumers.

    I have said some Apple staff have made false statements which attempt to deny my consumer rights and prevent me from exercising my statutory rights by stipulating that consumer rights and privacy issues can only be addressed by the legal department and I need legal representation in order to have my issues addressed.

    I have stated that I believe Apple have breached my statutory rights as a consumer and in failing to declare that nature of the information extracted from the software.

    It is quite clear that Apple is refusing to divulge the full nature of the information extracted by the Dictation software and I have explained the circumstances in which Apple cannot consider a conditional use software to give permission for extraction of personal data. The failure to provide me with access to my personal datas which I have declared do not have my permission to be held by Apple and subsequently remove this data is an abuse of my rights.

    The full extent of my concerns are set out in my correspondence to Apple. I will therefore seek further legal advice and initiate a formal complaint with the Information Commissioner.