Should you care that Siri is taking notes?

IBM blocks Siri on networked devices even as it acknowledges it sees no threat in Apple capturing voice commands from users

If you ask Siri, the iPhone's voice-controlled personal assistant, to schedule a sales meeting with a potential new client at a restaurant across town, Siri will dutifully carry out your command (barring any service hiccups) -- and send that information to server farm in North Carolina to be converted into text and saved. That revelation has bubbled up in the tech world after IBM CIO Jeanette Horan recently told MIT's Technology Review that Big Blue blocks Siri on employees' iOS devices because Apple stores potentially sensitive voice-inputted data.

Importantly, IBM didn't just target Siri as unsafe for the workplace; as part of a broader strategy to make its BYOD practices more secure, IBM created guidelines to prevent employees from running an array of mobile apps, and other reputable and potentially low-risk services, such as Dropbox, ended up on the chopping block. IBM's decision to block Siri -- as well as iCloud -- doesn't represent an outright condemnation of Apple; rather, it illustrates the challenges that IBM and plenty of other companies face as they try to balance the benefits of BYOD and mobile computing with the need to protect sensitive data.

As plenty of reports have noted, Apple does, indeed, store voice commands to Siri -- a point the ACLU expressed earlier this year. Apple says so outright in the iOS SLA [PDF] that "when you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and, for Siri, to also process your requests."

Siri doesn't just send your voice-input data, according to the SLA: "Your device will also send Apple other information, such as your first name and nickname; the names, nicknames, and relationship with you (e.g., 'my dad') of your address book contacts; and song names in your  collection (collectively, your 'User Data').... If you have Location Services turned on, the location of your iOS Device at the time you make a request to Siri may also be sent to Apple to help Siri improve the accuracy of its response to your location-based requests."

Apple could collect a healthy chunk of potentially sensitive information if you were to set up an appointment across town with a new client. What does Apple do with the data from there? Well, one portion of the SLA says, somewhat calmingly, that "all of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services."

Elsewhere, the SLA says that Apple, as well as its subsidiaries and agents, may "transmit, collect, maintain, process, and use" all of that data for the vague purpose of "providing and improving Siri, Dictation, and other Apple products and services."

That portion may raise a flag for a privacy-minded organization with strict data-security policies, à la IBM, prompting questions like, "Which of my company's Siri-collected data will be used by whom other than Apple for improving which Apple products and services other than Siri and Dictation? Where will that data be stored, and for how long?"

Is that level of vagueness worth fretting about so much as to outright Siri ban at other companies? Horan admitted to Technology Review that IBM is "extraordinarily conservative" and, again, has banned the use of other reputable third-party services that save and analyze transaction data. But IBM has the resources and know-how to provide alternative in-house services for file-sharing and the ability to enforce strict security policies to prevent unauthorized data sharing -- a luxury that not every company enjoys.

The reality is that anyone who is specifically worried about Apple saving user voice input data via Siri should be just as concerned about handing over any other type of data to any Internet-based or cloud-based service that stores customer data, be it an email service, a CRM service, a file-sharing service, or a social networking service. If every organization were to embrace that approach, Google would certainly find itself losing users.

IBM's highly conservative approach to BYOD guidelines may very well make sense to IBM, but they might be overkill for organizations that want to reap the benefits of the flexible cloud-based world where users can access their applications and data all day, every day, from anywhere from their mobile devices. Yes, there are undoubtedly risks -- and that means organizations to need to be careful in vetting their partners' practices and procedures when it comes to data storage and usage. It's a tough balance that will vex many an IT organization in months to come.

This story, "Should you care that Siri is taking notes?," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies