or Connect
AppleInsider › Forums › Mobile › iPhone › IBM bans Apple's Siri from its internal networks for security
New Posts  All Forums:Forum Nav:

IBM bans Apple's Siri from its internal networks for security

post #1 of 31
Thread Starter 
Because the Siri and Dictation features for iOS must be sent to Apple to be converted to text, IBM has barred the use of them from its corporate networks, citing security concerns.

Jeanette Horan, IBM's chief information officer, said the decision was made because the company is concerned that the spoken data could be stored somewhere on Apple's servers. She told MIT's Technology Review (via Gizmodo) that IBM surveyed several hundreds of employees and found that many were "blissfully unaware" of what applications on their mobile devices could be security risks.

On the banning of Siri, Horan admitted that IBM is "extraordinarily conservative" when it comes to security, adding: "It's the nature of our business."

Also barred from IBM's internal servers is Apple's iCloud, which can be used to remotely back up documents and data. Instead, IBM has its employees use a company-hosted service called MyMobileHub.

Of course, IBM's conservative policies with respect to applications and serves are not limited to Apple. Third-party file transfer services like Dropbox have also been banned as the company trends toward employee-owned devices.



In fact, the so-called "consumerization" of corporate devices hasn't saved IBM any money, Horan said, because of all the security challenges that IBM faces. For example, any employee-owned device must be configured by IBM IT department to allow its data to be remotely wiped if the hardware is lost or stolen.

Apple began expanding enterprise support in its iOS mobile operating system with the release of iOS 2.0 in 2008, adding Exchange Server compatibility and other popular corporate protocols. In 2009, The Find My iPhone feature was updated with remote wipe functionality, enhancing the security of devices for both consumers and employees.
post #2 of 31
I understand the ban on Siri. I understand the ban on iCloud. I understand the ban on Dropbox.

What I don't understand is how they can do that to employee owned devices? That's crazy. If they buy it- absolutely. If they tell me I can't put work documents or emails on my personal phone for security reasons- I totally get that too. But if you're going to be extremely secure- shouldn't you supply the hardware? I've never understood the IT/Consumer fusion idea- it might work in small businesses not as focused on security- but these huge ones that are anal....
Edited by Andysol - 5/23/12 at 5:25am

2012 27" iMac i7, 2010 27" iMac i7, 2011 Mac Mini i5
iPad Air, iPad Mini Retina, (2) iPhone 5S, iPod Touch 5
Time Capsule 5, (3) AirPort Express 2, (2) Apple TV 3

Reply

2012 27" iMac i7, 2010 27" iMac i7, 2011 Mac Mini i5
iPad Air, iPad Mini Retina, (2) iPhone 5S, iPod Touch 5
Time Capsule 5, (3) AirPort Express 2, (2) Apple TV 3

Reply
post #3 of 31
How do they block these things? With a firewall? If so it doesn't do much good when the person goes home and has access to an unfiltered network.
post #4 of 31
IBM security. Isn't that an oxymoron? 1biggrin.gif
post #5 of 31

In reality inside IBM Siri is only disabled on the lock screen.  You are required to have a strong lockscreen password (8chars) to protect sensitive information.   Allowing Siri on the lockscreen allows access to things like the calendar without typing your password, so IBM has pushed out a security profile to disable Siri on the lock screen.

post #6 of 31
Quote:
Originally Posted by Andysol View Post

I understand the ban on Siri. I understand the ban on iCloud. I understand the ban on Dropbox.
What I don't understand is how they can do that to employee owned devices? That's crazy. If they buy it- absolutely. If they tell me I can't put work documents or emails on my personal phone for security reasons- I totally get that too. But if you're going to be extremely secure- shouldn't you supply the hardware? I've never understood the IT/Consumer fusion idea- it might work in small businesses not as focused on security- but these huge ones that are anal....

The employees have a choice. If they buy the device they can elect to leave it entirely free of IBM's systems and security. But then they cannot use it to access their work e-mail, calendar, etc. Or they can voluntarily let IBM secure their devices and gain access to those systems.  

post #7 of 31
Quote:
Originally Posted by ibmer View Post

In reality inside IBM Siri is only disabled on the lock screen.  You are required to have a strong lockscreen password (8chars) to protect sensitive information.   Allowing Siri on the lockscreen allows access to things like the calendar without typing your password, so IBM has pushed out a security profile to disable Siri on the lock screen.

So you are saying, that the AI article is completely misleading (not that it would be a first timer ;-) and that you can still use Siri at IBM once you unlocked your device?

post #8 of 31
Quote:
Originally Posted by ibmer View Post

In reality inside IBM Siri is only disabled on the lock screen.  You are required to have a strong lockscreen password (8chars) to protect sensitive information.   Allowing Siri on the lockscreen allows access to things like the calendar without typing your password, so IBM has pushed out a security profile to disable Siri on the lock screen.

What you say does make sense but it does go against this statement which seems to be more than an assumption made my AI.
Quote:
Jeanette Horan, IBM's chief information officer, said the decision was made because the company is concerned that the spoken data could be stored somewhere on Apple's servers.

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply
post #9 of 31
Sounds like a decision made by suits at IBM and not by security experts.

Please update the AppleInsider app to function in landscape mode.

Reply

Please update the AppleInsider app to function in landscape mode.

Reply
post #10 of 31
Does IBM believe that there is a real person translating the voice to text/searchs?
sounds like IBM is pissed that they did not invent Siri, (the NIMBY or not-invented-here syndrome)
of course there are security concerns over siri but the same concerns could be applied to the internet.

how is apple going to pour though millions of Siri requests, just to find IBMs secret patent ideas?/infomation. or anyone elses?.


apple would have to have a "wiretap" or have a machine that is (NSA uses to snoop on WWW) connected to the outgoing siri data/text...


while i could see a problem, i don't think Apple stores or reads the data specifically, just for statistical purposes.
if it was true that apple stores all of the text/results, then would they not get into a problem with the wiretapping laws?.

well I just Sliri on my iPad to spell words that i can not spell at the moment. (alot quicker than thinking of another word that will work and that you know how to spell )
I should have kept a list of the words Siri did not spell correctly... it seems to have a 60% accuracy on single words that i need spelled ,but on sentences it is amazing correct.
post #11 of 31

Of course, this has nothing to do with the fact that IBM has its own (rubbish) speech to text technology... but it really does come across as sour grapes.

post #12 of 31

http://www.wired.com/wiredenterprise/2012/05/ibm-bans-siri/

 

 

BM CIO Jeanette Horan told MIT’s Technology Review this week that her company has banned Siri outright because, according to the magazine, “The company worries that the spoken queries might be stored somewhere.”

It turns out that Horan is right to worry. In fact, Apple’s iPhone Software License Agreement spells this out: “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text,” Apple says. Siri collects a bunch of other information — names of people from your address book and other unspecified user data, all to help Siri do a better job.

How long does Apple store all of this stuff, and who gets a look at it? Well, the company doesn’t actually say. Again, from the user agreement: “By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.”

Because some of the data that Siri collects can be very personal, the American Civil Liberties Union put out a warning about Siri just a couple of months ago.

Privacy was always a big concern for Siri’s developers, says Edward Wrenbeck, the lead developer of the original Siri iPhone app, which was eventually acquired by Apple. And for corporate users, there are even more potential pitfalls. “Just having it known that you’re at a certain customer’s location might be in violation of a non-disclosure agreement,” he says.

...and link to the original source story: http://www.technologyreview.com/business/40324/

 

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #13 of 31

Haha yes, Siri can steal corporate secrets too!

 

Its Apple's way of staying ahead of the competition! lol.gif

post #14 of 31
Because Apple desperately needs to steal secrets from IBM in order to succeed. Especially in the area of notebook technology . . . wait, what? IBM sold that to China?
A.k.a. AppleHead on other forums.
Reply
A.k.a. AppleHead on other forums.
Reply
post #15 of 31
Quote:
Originally Posted by AppleInsider View Post
[snip]

Jeanette Horan, IBM's chief information officer, said the decision was made because the company is concerned that the spoken data could be stored somewhere on Apple's servers. She told MIT's Technology Review (via Gizmodo) that IBM surveyed several hundreds of employees and found that many were "blissfully unaware" of what applications on their mobile devices could be security risks.

On the banning of Siri, Horan admitted that IBM is "extraordinarily conservative" when it comes to security, adding: "It's the nature of our business."
[snip]

 

It's well known that IBM has always has one of the strictest security policies out there. I'm surprised there is even the option that an employee's device can access the network.

post #16 of 31
Quote:
Originally Posted by ibmer View Post

In reality inside IBM Siri is only disabled on the lock screen.  You are required to have a strong lockscreen password (8chars) to protect sensitive information.   Allowing Siri on the lockscreen allows access to things like the calendar without typing your password, so IBM has pushed out a security profile to disable Siri on the lock screen.

So you work for IBMs IT department? You must if you can make such a statement. Because the ones in the article are that Siri in all forms is banned, literally blocked on the network (likely by blocking the phones from calling out to those servers) etc. Not just 'you can't use it from the lock screen' which really does nothing since you can unlock the dang phone and use it, defeating the point that the information is going to another company's computers

 

As for the whole "how can they say what I can and can't do with my own phone" look in your contract. That's what gives them the right. The moment you do or put anything work related on that device you agreed to their conditions. You don't want those games, don't BYOD. Tell them if they want you with a smart phone, cell phone etc they can provide it. Tell your family to call your office land line if there is an emergency and keep your personal phone locked in the car when you are at work. It's how it goes for me and how it went when I worked for a government contractor. I didn't want their hands on my personal phone so I essentially left it at home. Since I was working on a military base that actually meant turning it in when I entered the base but they had a nice locker for me to put it in that only I knew the passcode and it was guarded by men with ugly dogs and big guns so I wasn't worried about whether it was safe. Two minutes to power it off, lock it up etc.

post #17 of 31
Quote:
Originally Posted by haar View Post

Does IBM believe that there is a real person translating the voice to text/searchs?

 

No they don't and they never said that. They said it is going to another computer. If it is going to another computer there is a possibility it is being saved and could be accessed by a person. Given that right now Siri is in a training period it actually is possible that someone goes back and listens to random clips and compares what he/she hears with what Siri sent back to adjust the system. IBM has no way of knowing for certain so they have to block access as a security risk. 

 

It's pretty standard practice for most companies but once again it is getting press because Apple gets hits. Nothing more or less. 

post #18 of 31
Quote:
Originally Posted by Robin Huber View Post

Because Apple desperately needs to steal secrets from IBM in order to succeed. Especially in the area of notebook technology . . . wait, what? IBM sold that to China?

 

This info is NOT going to Apple, it's going to Nuance and perhaps Wolfram Alpha. 

post #19 of 31
Quote:
Originally Posted by haar View Post
sounds like IBM is pissed that they did not invent Siri, (the NIMBY or not-invented-here syndrome)
 

You're serious? Tell me you're joking...

 

The company that made "Watson", an AI capable of responding to questions posed in natural language, with access to 200 million web pages(including all of Wikipedia), Both On and Offline, is jealous of siri?

 

No, just No.

post #20 of 31
Quote:
Originally Posted by haar View Post

Does IBM believe that there is a real person translating the voice to text/searchs?
sounds like IBM is pissed that they did not invent Siri, (the NIMBY or not-invented-here syndrome)
of course there are security concerns over siri but the same concerns could be applied to the internet.
how is apple going to pour though millions of Siri requests, just to find IBMs secret patent ideas?/infomation. or anyone elses?.
apple would have to have a "wiretap" or have a machine that is (NSA uses to snoop on WWW) connected to the outgoing siri data/text...
while i could see a problem, i don't think Apple stores or reads the data specifically, just for statistical purposes.
if it was true that apple stores all of the text/results, then would they not get into a problem with the wiretapping laws?.
well I just Sliri on my iPad to spell words that i can not spell at the moment. (alot quicker than thinking of another word that will work and that you know how to spell )
I should have kept a list of the words Siri did not spell correctly... it seems to have a 60% accuracy on single words that i need spelled ,but on sentences it is amazing correct.

 

You don't seem to understand the security problem at all.  This kind of thing is very common.  Security is about potential holes and leaks and isn't really assessed in the way you suggest.  Your idea that it's probably okay and Apple probably won't be eavesdropping is correct, but it's irrelevant to the potential security threat posed. 

 

For instance the US government is probably not reading every single email sent either, but the fact that it does collect them all daily, and has the ability to read them, is still a security problem.  

post #21 of 31

I used to work for IBM and I am an avid iPhone and MacBook user. I see both sides and agree with both sides. One thing that IBM doesn't go into detail on is the real reason why they do what they do.

 

I do not know any of the following for a fact but it is my professional opinion on why based on my experience working at IBM. Not everyone that works at IBM is a genius, or even IT smart. IBM is just like any other fortune 500 company out there. We have users who work there that are not technology literate at all but still have access to highly confidential IBM and customer data.

 

IBM's client base being kept as secret as possible is a competitive edge for them in the fact that some clients would leave IBM if they knew that IBM supports a direct competitor. In the age of the iPhone where it is easy to store confidential information and or ask Siri questions it would be easy to accidentally or unknowingly let confidential information into the wild.

 

For example if you ask Siri a question and it comes back with a funny response and the user posts that on the internet for everyone to read and it just so happens to have a piece of confidential information in that screen shot, IBMs image is going to take a hit. IBM is not blocking Siri because they don't understand what is going on, they are doing to protect their clients and the few not so technology literate folks that work there.

 

I am not a fan of IBM nor am I defending them in any way. what I am trying to do is bring a perspective to view that not all may see.

post #22 of 31
Quote:
Originally Posted by Andysol View Post

I understand the ban on Siri. I understand the ban on iCloud. I understand the ban on Dropbox.
What I don't understand is how they can do that to employee owned devices? That's crazy. If they buy it- absolutely. If they tell me I can't put work documents or emails on my personal phone for security reasons- I totally get that too. But if you're going to be extremely secure- shouldn't you supply the hardware? I've never understood the IT/Consumer fusion idea- it might work in small businesses not as focused on security- but these huge ones that are anal....

 

Well, if they mean they're blocking it on their network, it is their network, so they can block whatever they want.

 

But, if they are serious about security, I hope they are blocking access to all Google services, otherwise, they are a bit confused about what the actual threats are.

post #23 of 31

Employees will just learn to turn off WiFi at IBM and use their 3/4G connections instead.

post #24 of 31
Quote:
Originally Posted by Gustav View Post

Employees will just learn to turn off WiFi at IBM and use their 3/4G connections instead.

Thats not the problem, wifi / 3g / 4g has nothing to do with the security profile installed when configure your phone to access IBM resources. Hence the statement about non-technical people such as your self. Doesn't matter if you are connecting via WI-FI or Cellular network, the Security profile is still installed on the phone when it is configured to access the IBM resources.

post #25 of 31
Quote:
Originally Posted by bedouin View Post

How do they block these things? With a firewall? If so it doesn't do much good when the person goes home and has access to an unfiltered network.

 

 

They can do it if the device has microsoft exchange account on it. They can also install  a profile that has exchange disabled.

post #26 of 31
Quote:
Originally Posted by haar View Post

Does IBM believe that there is a real person translating the voice to text/searchs?
No.
Quote:
how is apple going to pour though millions of Siri requests, just to find IBMs secret patent ideas?/infomation. or anyone elses?.
You do know that Siri already knows who your Mom and Dad are and what there address, phone number and email addresses are?

Everything you say to Siri is analyzed (to give you a response) and used to improve the responses.

From the iOS 5.1 Software license agreement...
" (c) Siri and Dictation. The Siri and Dictation features of the iOS Software may not be available in all languages or regions and features may vary by region. To the extent that your iOS Device supports all or some of Siri and/or Dictation, these features may allow you to make requests, give commands and/or dictate text to your device using your voice. When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and, for Siri, to also process your requests. Your device will also send Apple other information, such as your first name and nickname; the names, nicknames, and relationship with you (e.g., "my dad") of your address book contacts; and song names in your collection (collectively, your "User Data"). All of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services. By using Siri or Dictation, you agree and consent to Apple's and its subsidiaries' and agents' transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services."
post #27 of 31

What is going unsaid is that there is a Mobile Device Management (MDM) agent on personal devices restricting access to Siri or iCloud.  This agent can do whatever the owner wants.  Ideally, it is limited to storing data, keeping devices from being rooted/jailbroken yet allowing positively verifiable remote wipes.  However, there is a privacy concern.  Companies need to have or at least respect limits to what they can do to your personal device.  Likewise, they are opening themselves up for verifiable work grievances: hours off site doing company work and not being compensated, texting or emailing while driving (thus on company time/insurance), spousal investigations (where was my husband last weekend).

 

This is going to go too far on the MDM side or Apple will need to restrict what services can be disabled.  These agents are all permissive. Users can uninstall them at any time but lose access to email, WiFi, storage service drives, etc when they do.  The last thing people or companies want to see is an interested senator or congressman inviting them to Washington to explain company actions. 

post #28 of 31
Quote:
IBM surveyed several hundreds of employees and found that many were "blissfully unaware" of what applications on their mobile devices could be security risks.

 

THIS is why large companies need to have "extraordinarily conservative" security policies!

 

On the banning of Siri, Horan admitted that IBM is "extraordinarily conservative" when it comes to security, adding: "It's the nature of our business."

 

Of course, IBM's conservative policies with respect to applications and serves are not limited to Apple. Third-party file transfer services like Dropbox have also been banned as the company trends toward employee-owned devices.

 

I hope they've banned all use of Skype.  As should all corporations that don't want Microsoft and others to listen in on every call.  Especially in light of the fact that most employees are "blissfully unaware" of security issues.

 

MacDailyNews: Microsoft patents spy tech for Skype

 

 

IT Pro Portal: Microsoft spyware goes to Washington

No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #29 of 31

In complete agreement.  The security issue is a ruse in that IBM's messages are drops in a very big ocean - nearly impossible to separate, and undoubtedly impossible to screen for nefarious business intelligence.  BTW, does Apple really care what IBM is doing?  I doubt it!

post #30 of 31

As a former IBM employee, recently departing since the official support of iPhone, there are numerous ways that they control BYOD situations.

The primary factor is the required iPhone profile that every employee must install to access corporate email. This profile also locks down the phone in a number of other ways; eight character alpha-numeric-punctuation password, the lowest possible unlock time (5 minutes), and other small components.

There was such a misunderstanding of iPhones that it wasn't until very late 2011 / early 2012 that they were even supported. There were a lucky couple (a few thousand) that were included in an internal beta project that eventually moved into product after much debate.

I am not sure if the profile has since been updated but when official support first came out the iPhone 4S was not supported because of the Siri and iCloud capabilities that were part of the preinstalled OS. For users that broke the rules, upgrading their iPhone 4 to the latest OS or using the iPhone 4S they were notified that they *must* disable iCloud (all aspects) and Siri was not to be made available from the lock screen. The issue was that you can access the address book and other system level information without the 8 character password being entered.

Aside from e-mail (LotusNotes - UGH), and the required profile, if you wanted access to any other systems another system profile was required for VPN access. Essentially anything you wanted to do for work required another profile.

After a while you become familiar with the restrictions and learn to deal with them for the most part. The eight character password was by far the biggest issue though, so much so that employees would often skip setting up their phone due to the impact. Imagine every time you want to make a phone call, after 5 minutes of not using your phone, you had to enter eight characters?

As a result of all these restrictions, and people not willing to deal with them, you end up with employees that become 9-5'ers and have no desire to answer emails at 5:01 because they don't want to open their laptop again until 9:00am.

post #31 of 31
Quote:
Originally Posted by BlueBacks View Post

As a former IBM employee, recently departing since the official support of iPhone, there are numerous ways that they control BYOD situations.

The primary factor is the required iPhone profile that every employee must install to access corporate email. This profile also locks down the phone in a number of other ways; eight character alpha-numeric-punctuation password, the lowest possible unlock time (5 minutes), and other small components.

There was such a misunderstanding of iPhones that it wasn't until very late 2011 / early 2012 that they were even supported. There were a lucky couple (a few thousand) that were included in an internal beta project that eventually moved into product after much debate.

I am not sure if the profile has since been updated but when official support first came out the iPhone 4S was not supported because of the Siri and iCloud capabilities that were part of the preinstalled OS. For users that broke the rules, upgrading their iPhone 4 to the latest OS or using the iPhone 4S they were notified that they *must* disable iCloud (all aspects) and Siri was not to be made available from the lock screen. The issue was that you can access the address book and other system level information without the 8 character password being entered.

Aside from e-mail (LotusNotes - UGH), and the required profile, if you wanted access to any other systems another system profile was required for VPN access. Essentially anything you wanted to do for work required another profile.

After a while you become familiar with the restrictions and learn to deal with them for the most part. The eight character password was by far the biggest issue though, so much so that employees would often skip setting up their phone due to the impact. Imagine every time you want to make a phone call, after 5 minutes of not using your phone, you had to enter eight characters?

As a result of all these restrictions, and people not willing to deal with them, you end up with employees that become 9-5'ers and have no desire to answer emails at 5:01 because they don't want to open their laptop again until 9:00am.

 

 

I worked for IBM as well, 1996 - 2002, worked in the Unix AIX division, Server Software, I was responsible for custom solution for corps. I also worked in the Webspere division for a while. IBM was great for the first 2 years as I was fresh out of ETH University. However it got old real fast, it doesn't surprise me that they banned the use of Siri. They were always banning stuff like that. So was file sharing, especially Napster. I remember Napster came out late 2001 early 2002 and all of the staff were downloading music, remember no one had broadband back then. I think I was using a Motorola StarTac in 96', horrible phone cute design, that's when I bought my first Nokia Communicator, the 9000. Surprisingly they didn't mind me having it, in fact a few other guys bought one as well even my boss.

When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › IBM bans Apple's Siri from its internal networks for security