Does Siri belong in the workplace? If so, is it worth potential security and privacy issues?
The news that IBM bans Siri for every employee that has an iPhone 4S and participates the company’s BYOD program unleashed a lot of discussion about whether the company was being paranoid or prudent. One of the bigger questions to come out of all that discussion was a reframing of the issue itself – does Siri have a place in the business world to begin with?
Setting aside the security and privacy issues that led IBM to ban Siri, are there compelling use cases for Siri in the workplace? If there are, do they outweigh the privacy and security concerns? Could Apple do more to make Siri business-friendly?
Personal clouds can cause professional headaches in the workplace
One of the challenges that the BYOD and consumerization trends are creating for IT departments is employee use of public and/or personal cloud services. We’ve covered some of the big challenges this presents in terms of data security and ownership as well as the potential business continuity problems stemming from multiple versions of documents stored across different cloud services by multiple employees.
IT concerns may be more common and well-known, but there are cloud-related issues that employees need to consider as well – particularly if they use a work email address to register for a service, access a service from work, or use a service to store or transfer work-related files.
Executives and senior managers are the most likely to ignore security guidelines
The biggest challenge for many business when dealing with the consumerization of IT and BYOD trends is often cultural. IT needs to cede control of devices, app choices, and where/when employees and executives actually interact with corporate data. That’s a cultural shift for IT. There’s an equal cultural shift that needs to happen when it comes to users and executives who must take at least partial responsibility for keeping their iPhones, iPads, or other devices secure along with the business data on them.
This requires user education and solid communication between users and IT. To be truly effective, security policies need to be endorsed by senior management and adoption and understanding of them needs to follow from the top down through the organization.
Unfortunately, that isn’t what’s happening in many businesses. In fact, the people most likely to ignore or violate such policies are C-level executives, members of the board of directors, and even IT.
Apple has gotten a fair amount of flack over Siri – most of it relating to Siri not recognizing words or phrases, misinterpreting requests, or providing incomplete or inaccurate answers. Apple is even facing a class action lawsuit over Siri not working as promised by iPhone 4S ads.
For IBM, however, the concern isn’t that Siri won’t work as advertised. Big blue is worried that Siri will work exactly as advertised and that confidential and sensitive information will leak outside IBM’s network as a result. For those reasons, the company disables Siri on the iPhones of its employees.
So I don’t know if you have kids or not. Or a wife, or husband. Or a boyfriend or girlfriend. If you do, you might share your iPhone, or at least your iPad. I know I pass my iPad to my kids often. They’re usually more interested in the games I have downloaded on it, but my son has been known to occasionally drop into Safari to look for Minecraft videos.
Anyone using your iOS device has the same access to the browsing you’ve done on the web via mobile Safari as you do. You may not want to share all your browsing history with your children or significant other, am I right?
Here’s a private web browsing app for today’s tip, then.
iPhones and iPads increasingly subjects of forensic investigations
When most of us here words like forensics, we picture an episode of CSI or NCIS. We think of ballistics results form a murder scene or fingerprints on a gun. An iPhone or iPad isn’t the first automatic visual that comes to mind. Yet more and more iPhones and iPads are becoming the subjects of forensic investigations according to warrants issued via the U.S. federal court system.
Discarded hard drives often have residual personal data on them.
Many of us pass our Macs and some external devices on to others when we upgrade. Family and friends may get our hand-me-downs, but quite frequently we’ll sell an old Mac, printer, or external drive on eBay or some other venue. Regardless of where our computers and related technology end up when we outgrow them, it’s important to make sure we scrub any personal data from them.
The importance of securely erasing personal and/or business data from hardware that is being passed on, sold, or even recycled was highlighted in a recent study by Britain’s Information Commissioner’s Office, which discovered that half of all used hard drives contained information from their previous owners.
Google could easily amass a good deal of data on users of its expected cloud storage service
There have been rumors circulating for some time about Google releasing its own cloud storage service. According to reports, the service is on the verge of release a launch expected next week. Google’s service will enter a crowded market of cloud providers that includes Apple’s iCloud, Box with its new OneCloud feature, and the popular Dropbox.
Public cloud services like these tend to concern business and IT leaders because of the ease with which data migrates out of the office when they’re widely used. A Google service is likely to engender even more privacy and confidentiality issues on the part of businesses – and for good reasons that should concern anyone considering using it.
This unique string of alphanumeric text attached to every iPhone and iPad is the source of a lot of privacy concerns.
Many of us feel a deep personal connection with our iPhones, and small wonder: the average person’s smartphone knows more about them than their spouse or significant other. Our iPhones hold our contacts, photos, videos, music, banking data, texts, emails, voicemails, web logins, apps and more. We use our phones to pay our bills, send texts to our girlfriends, check-in to our favorite club, play games with friends, and much more besides.
That makes our iOS devices a juicy target for tracking, and what most people aren’t aware of is that, historically, Apple has made it very easy to anyone to tell what you do with your iPhone. It’s called a Unique Device Identifier or UDID. Every iOS device has one, and using it, third-parties have been able to put together vast databases tracking almost everything you do with your iPhone, iPod touch or iPad.
The good news for privacy advocates is that the days of UDID are numbered. Following the recent stink the U.S. Congress raised over how iOS apps handle a user’s personal information without permission, Apple has given an ultimatum to third-party App Store developers: either stop tracking UDIDs or get kicked out of the App Store. Now ad networks and developers are scrambling to agree on a way to track your device in the future.
But are these replacements any good, or do they pose even bigger privacy concerns than UDIDs did?
Cult of Mac interviews Girls Around Me developer i-Free about the controversy surrounding their app.
Last week, we stirred up a maelstrom of controversy when we posted about Girls Around Me, an iOS app that allowed you to locate and view publicly available information on women in any area.
Since we posted the story, over half a million people have come to our site to read about the app, over 65,000 people have shared it on Facebook, and leading publications at home and abroad have followed our lead in reporting on the app, which we described as not just as a potential tool for rapists and stalkers that was putting thousands of women at risk without their knowledge, but a wake-up called about privacy.
Girls Around Me has since been pulled from the iTunes App Store, but considering we were the ones who stirred up so much trouble for the app’s Russian-based developer, i-Free, I thought we would reach out and give them the opportunity to set the record straight. What was i-Free thinking when they released this app? What do they make of the controversy surrounding it? Do they have any regrets? And will Girls Around Me come back?
i-Free’s responses to these questions might prove to be just as controversial as the app itself. The company denies having done anything wrong. They say it is “impossible” to stalk or track someone with their app. They say that the point of the app is just as much about avoiding ugly women on a night out as it is about looking for love. And they’re not sorry.
Foursquare doesn't ever want you thinking about not doing this. That's why you definitely should.
When we broke the story on Friday about Girls Around Me — an iOS app by Russian-based app developer i-Free that allowed users to stalk women in thee neighborhood without those women’s knowledge, right down to their most personal details — Foursquare was quick to respond within hours, cutting off the API access that the app relied upon to function.
Foursquare’s swift response to the issue effectively killed Girls Around Me, and i-Free quickly yanked the app from the App Store in the aftermath until they could figure out a way to restore service. And for a lot of people, the story ended there. The app’s gone. Why keep talking about it?
That’s exactly the way Foursquare (and Facebook) wants things.
Creepy stalking apps aren't going anywhere, but you can cut off their sources
Thanks to a great article by our own John Brownlee, we now know how easy it is for apps and people to stalk you using location-sharing services like FourSquare and Facebook. And now the more paranoid among you might be wondering, just how do I turn these things off?
Theoretically, you would have already checked the privacy settings when you signed up. But that’s like reading the manual before you switch on a new gadget: Almost nobody ever does it. So here’s a quick guide to locking down FourSquare, and a rather more involved guide to shutting down Facebook.
This app is meant to all be in good fun, but it's potentially a weapon in the hands of stalkers.
“Boy, you sure have a lot of apps on your phone.”
“Well, it’s my job.”
“What’s your favorite?”
“Oh, I love Daisy Slots, with so many casino games options, I couldn’t choose. But hey, want to see one to set your skin crawling?”
It was the flush end of a pleasurably hot day — 85 degrees in March — and we were all sipping bitter cocktails out in my friend’s backyard, which was both his smoking room, beer garden, viticetum, opossum parlor and barbecue pit. I was enjoying the warm dusk with a group of six of my best friends, all of whom seemed interested, except for my girlfriend… who immediately grimaced.
“Girls Around Me? Again?” she scolded. “Don’t show them that.”
She turned to our friends, apologetically.
“He’s become obsessed with this app. It’s creepy.”
I sputtered, I nevered, and I denied it, but it was true. I had become obsessed with Girls Around Me, an app that perfectly distills many of the most worrying issues related to social networking, privacy and the rise of the smartphone into a perfect case study that anyone can understand.
It’s an app that can be interpreted many ways. It is as innocent as it is insidious; it is just as likely to be reacted to with laughter as it is with tears; it is as much of a novelty as it has the potential to be used a tool for rapists and stalkers.
And more than anything, it’s a wake-up call about privacy.
Will a new era of healthcare privacy enforcement keep the iPad out of healthcare?
The costs of not complying with HIPAA (the 1996 Health Insurance Portability and Accountability Act), which includes self-reporting of data breaches, can be steep. Blue Cross Blue Shield of Tennessee recently finalized a settlement with the Department of Health and Human Services for $1.5 million for a recent breach (on top of a $17 million price tag for the investigation and remediation actions). HHS seems to be making a a show of high profile enforcement as a way to encourage better compliance among smaller organizations, including hospitals and individual medical practices.
This raises the question of whether or not using the iPad in healthcare increases the risk of privacy violations. If so, will a show of force on the part of HHS dampen the enthusiasm for the iPad in healthcare?
Path's iPhone app was recently updated to ask permission when accessing your contacts. Image courtesy of 37prime.news
The app privacy scandal caused by Path’s iPhone app is still leaving its mark, as members of the U.S. Congress have sent out letters to 33 prominent App Store developers to better understand the issue. “We want to better understand the information collection and use policies and practices of apps for Apple’s mobile devices with a social element.”
Apps like the official Facebook and Twitter clients are among the list. Energy and Commerce Committee Ranking Member Henry A. Waxman and Commerce, Manufacturing, and Trade Subcommittee Ranking Member G. K. Butterfield have requested that the developers behind such apps reveal how Apple imposes its privacy standards and how the standards are implemented.
Enabling dictation on the iPad means sending your voice and personal data to Apple
One of the feature on the new iPad is its dictation capabilities, a feature also available on the iPhone 4S (which also boasts Apple’s Siri virtual assistant feature). There are quite a few ways that high quality dictation and other speech to text capabilities could useful to professionals in many fields.
The problem is that in order to get that high quality dictation functionality, the new iPad and the iPhone 4S rely on Apple’s servers to do much of the work in turning your speech into text. More importantly, it isn’t just snippets of voice recordings that get sent to Apple. Personal data from your iPad or iPhone 4S gets uploaded as well and much of it remains associated with you and your device. That’s a general concern for most of us, but for professionals in regulated industries like healthcare or fields that require confidentiality like finance and legal professions, it becomes a critical privacy concern and may even break the law.
Apple has always taken privacy very seriously. When it was discovered that popular app Path secretly uploaded an iPhone user’s entire address book to its servers, the media reacted very strongly and Apple was forced to get involved. Path was violating Apple’s terms of agreement, and it was discovered that many other apps in the App Store had been doing the same thing for quite some time. Apple said that it would clarify the privacy issue for end users with a future iOS update.
High-profile meetings take place at Apple’s headquarters in Cupertino, California all the time, but the public rarely gets to hear about what is said behind closed doors. As it turns out, Path CEO Dave Morin was summoned to Cupertino by Apple CEO Tim Cook to talk about the recent privacy scandal his app caused.
Unlike most computers, the iPad isn’t designed to be a multi-user device. iOS doesn’t support multiple user accounts or profiles – that essentially means one set of device and application settings along with a personal collection of information like notes, email, browser bookmarks, and stored passwords for different online services. Sharing a device with that much personal data makes it easy for someone to snoop while using another person’s iPhone or iPad or on an iPad that is commonly shared between multiple users.
Passtouch is a web browser for the iPad that’s designed to offer at least some multi-user capabilities as well as to secure web-based information like bookmarks, cookies, and stored passwords. It doesn’t offer whole-device accounts or profiles but it does offer some extra security for devices that are regularly shared.
A jailbreak tweak called "Protect My Privacy" informs you when an app attempts to access your personal information without prompting you.
Path recently sparked a huge controversy over user privacy violations in popular App Store apps, and the media firestorm that resulted has now promoted The California Attorney General to enforce new standards for informing users about app privacy policies.
Apple, Google, Microsoft, HP, Amazon and RIM will now be implementing new policies that developers must comply with when publishing apps online. All information that’s collected from the user will be outlined in the app’s privacy policy and made viewable in app stores before downloading.
What with the whole Path address book debacle, this isn’t a good week to be caught up in a user privacy scandal on iOS as far as public perception is concerned. Google better batten down the hatches then, as it has just been discovered that they have been exploiting a loophole in the way Safari blocks cookies to bypass the privacy settings of millions of iPhone, iPad and Mac owners. Ouch.
Apple has officially responded to the contact sharing debacle that was highlighted by the Path iPhone app last week. After it was discovered that Path secretly uploaded a user’s entire contact database to its own servers, the controversy sparked more discussion about how Apple needs to enforce its user privacy guidelines more to protect customers.
Third-party apps will have to ask for permission to access contact data from a user, according to Apple. The issue will be remedied with an upcoming iOS update.
You’d be forgiven for thinking that unauthorized iOS apps obtained from the likes of Cydia aren’t as careful with your personal data as those approved by Apple for sale in the App Store. In fact, the opposite is true. Jailbroken iOS apps respect your privacy more than those obtained from the App Store.
By hashing your contact details, Path could have avoided a scandal
Last week, the web exploded with the news that social iOS app Path was uploading your entire address book to its servers, and then keeping it there. Worse, it was sending and storing them in plain text (although the connection was at least SSL-encrypted). Clearly, having Path notify you when your friends join the service is handy, but is there a way to do this without compromising your privacy? According to Edinburgh iOS supremo Matt Gemmell, there is.
Caught up in a maelstrom of controversy over revelations that Path has been uploading iOS users’ address books to their own servers, Path CEO David Morin has spoken out about what’s going to happen now.
It’s all good news. Not only is Path taking full responsibility, and apologizing whole-heartedly for the violation, they’ve also pushed live a new update to the Path app that makes uploading your address book opt-in. But will other developers follow Path’s lead?
Beginning March 1st, Google will roll most of its privacy policies into one new main privacy policy to cover the majority of its products. Google has been slowly working towards the goal of creating a unified and more personal experience across their products and the new privacy policy is just another step in that direction.
