Forgot your password?
typodupeerror
Businesses Cloud IBM Input Devices Iphone Privacy Security Apple

Worried About Information Leaks, IBM Bans Siri 168

Posted by timothy
from the dave-what-are-you-doing dept.
squiggleslash writes "CNN reports that IBM CEO Jeanette Horan has banned Siri, the iPhone voice recognition system. Why? According to Horan '(IBM) worries that the spoken queries might be stored somewhere.' Siri's backend is a set of Apple-owned servers in North Carolina, and all spoken queries are sent to those servers to be converted to text, parsed, and interpreted. While Siri wouldn't work unless that processing was done, the centralization and cloud based nature of Siri makes it an obvious security hole."
This discussion has been archived. No new comments can be posted.

Worried About Information Leaks, IBM Bans Siri

Comments Filter:
  • Not CEO (Score:5, Informative)

    by bws111 (1216812) on Wednesday May 23, 2012 @11:00AM (#40088137)

    Jeanette Horan is the CIO, not the CEO.

    • Do the "editors" actually read the submissions before posting, or are they just slashcode administrators that happen to be in charge of the original website running the code?

      • by b4dc0d3r (1268512)

        No. There is a direct quote, and it is prefaced by "squiggleslash writes". There is no editing being done. Lower your expectations, and ask for editors, not copy and paste monkeys.

        It makes no sense to complain about something that doesn't exist. Editors not doing their job is one thing, non-editors not editing is exactly correct.

      • Considering the subject line I submitted for this story was way more hysterical, I guess yes. I can't defend, as the submitter, the CEO/CIO thing, I screwed up there, and I'm not quire sure why because I still have the tab up and it clearly says "CIO".

    • by jdgeorge (18767)

      Right. And here's a Related article [techworld.com] about Jeanette Horan's mobile strategy from earlier this year.

      For reference, this is IBM's CEO [wikipedia.org]

      • BYOD, but we dictate a usage policy as if it were a company-issue device?

        Seems legit...
        • by bws111 (1216812)

          What is wrong with that? People want to use their own devices, IBM wants to protect its information. IBM also has other rules like 'you can have lunch with colleagues in a restaurant, but don't discuss IBM confidential stuff while you're there.' What exactly is the problem?

          • If you are a corporate entity that is very careful and protective of sensitive information, a BYOD policy is nothing short of idiotic. Either they really are as cautious as their CIO claims, or they're not and they're just being cheap.

            There's no way we'd have a BYOD policy and essentially open the door to people making potentially ruinous mistakes because their devices weren't company-issue locked down devices.
            • by bws111 (1216812)

              It is just a different attitude. IBM's attitude is 'you are a trusted professional, you are responsible for protecting information you have, and we have policies to help you with that'. Your attitude is 'you are not trusted, only the IT department can be trusted with protecting our assets.'

        • by jdgeorge (18767)

          This seems very similar to rules about not taking pictures of company stuff, not copying vast amounts of source code, designs, or other confidential stuff, etc.

          They can't practically prevent people from bringing their own devices, so they are making sure everyone understands the rules (so that if you do something bad by violating the rules, everyone understands why you deserved to be fired / prosecuted.)

          • There's a difference between an employee bringing their own device to work which is unable to access the company's systems and enforcing a policy which gives employees access to all the company's systems on a device they personally own and can do anything they like with.
            • by bws111 (1216812)

              Not really. The problem with a camera is not that it is a camera, it is that it can leak information. So you could take the approach 'no cameras allowed on property', but that would mean nobody could have a cell phone - not very popular. So instead you take the approach 'you can have a camera, but don't take pictures'. Same thing with other devices - the problem is not that they exist, it is that they can leak information. So you develop policies that allow the devices and all the benefits they provide

              • I see your point and I know that it is valid - if you want somebody to do something in particular, you give them the illusion of choice rather than let them feel constricted, it is one of the oldest sales tricks in the book. But such freedom has unintended consequences, I am just of the opinion that if you can make a person feel like they're winning from your draconian policies then they're more likely to forget about that draconian bit.

                For example, instead of a BYOD policy, I think that giving each emplo
                • by bws111 (1216812)

                  If you read the interview, IBM is already giving 40000 employees Blackberrys. But there are 80000 other people who want to use their own devices. Being able to use your own device has advantages for both the employee and the company. The most obvious benefit to the employee is that they only have to carry one device. Sure, some people may be satisfied with a Blackberry, but many others will want something else, and if Blackberry is the only choice then they must carry two devices. If you have two de

  • by couchslug (175151) on Wednesday May 23, 2012 @11:05AM (#40088195)

    Water is also wet. Must be a slow news day.

    • by Sarten-X (1102295)

      The locks on your door are also a security hole. Did your company change the locks when they moved in? Maybe that locksmith who did the work made a spare "just in case you ever lock yourself out".

      Any time you outsource any work to anybody, it's a security hole. A smart company would negotiate a contract mandating particular security procedures, and recourse if the requirements aren't met. If a contract can't be worked out, the outsourcing doesn't happen, period. Now, in many cases, the security procedures a

      • Do people actually have locksmiths change the door locks on their houses? I mean if you've locked yourself out yeah, call one in... but to actually install a lock?

        • by Sarten-X (1102295)

          For a home, it depends on the lock and needs (Another disclaimer: I have a relative who installs and rekeys locks). If someone just wants a lock and a key, they can easily do it themselves. If they want one key to open several doors, some of which can be opened by another key that is the only one to open still other doors, that's probably going to need custom work.

          • by tlhIngan (30335)

            For a home, it depends on the lock and needs (Another disclaimer: I have a relative who installs and rekeys locks). If someone just wants a lock and a key, they can easily do it themselves. If they want one key to open several doors, some of which can be opened by another key that is the only one to open still other doors, that's probably going to need custom work.

            Depends how you do it. If you want to physically change all the locks and don't care for the old, you can actually buy at Home Depot locks that u

            • by mcgrew (92797) *

              When I rekeyed the locks at my last house, I just took them to the locksmith while a friend watched my house for me. Took him five minutes and only cost about five bucks each (maybe less, it was a few years ago and my memory is fuzzy).

              It would have been more expensive to buy new locks at Home Depot. The locksmith was worth the money!

              • Fair enough, I suppose it never really occurred to me to take them to anyone. I just buy the sets of tumblers/pins that let you rekey X locks the same (usually 5 or 10) yourself.

                All the same, I do enjoy such things, and I'm sure many/most don't.

      • by couchslug (175151)

        "The locks on your door are also a security hole."

        They are indeed. Most locks are vulnerable to simple exploits.

        The best locks are often inconvenient to use, and integrated with special enclosures and doors.

  • Sooo... (Score:2, Insightful)

    I guess they're about to ban Google and Bing too?
    • by MarkGriz (520778)

      Hope they shut down Watson too, before he becomes self-aware

      • by mcgrew (92797) *

        I know you're joking (at least I hope you are), but there are actually people who believe that a sentient electronic computer could become sentient. Really dumb IMO, sentience is a product of chemistry, not electricity, and we don't have a fucking clue what it is, what causes it, or how it works.

        Asking anyone from the forseeable future to design a sentient computer is like asking a cro-magnon to design a cell phone. You have to know what a thing is and what it does and how it works to duplicate it.

        The troub

  • By this logic google, bing, etc would be security holes.

    And given that IBM is marketing Watson which is basically a super computer version of Siri... how does any of this make any sense?

    I honestly don't understand the worry here.

    When I looked at this, I thought the initial worry might be that the phone was listening all the time and could be parsing real time conversations through the apple servers all the time. That is TECHNICALLY possible. My understanding of siri is that it only listens when you cue it.

    I

    • by Compaqt (1758360)

      Took the words out of my mouth (hey, wait, are you Siri?!)

    • by gweilo8888 (921799) on Wednesday May 23, 2012 @11:13AM (#40088367)
      When you type a query into a search engine, it's fairly unlikely that somebody else's unrelated typed conversation will also be recorded and transmitted along with it. That's quite possible when using an audio-based search on a device with a sensitive microphone. Likewise as you note, it's unlikely that you'll accidentally type a conversation with your phone in your pocket, but pretty feasible that you'll accidentally record your own conversation.
      • I think I can input a voice search into google if I want. Isn't there a little microphone next to the text box? Lets say I press that... then say something... what I said should roughly wind up in that search field. So... this is a larger problem assuming it's a problem at all which seems unlikely.

    • My impression is that IBM is marketing Watson as 'basically a super computer version of Siri that the customer pays IBM old-school-mainframe money for the privilege of keeping on-site'...

      Whether the sort of banal shit that Siri gets asked to handle most of the time is actually a risk or not, it does seem fairly likely that some level of mining and 'monetization' is being done, same as other search mechanisms(and even if it isn't now, disk is cheap and EULAs are flexible, so that could change retroactivel
      • by jdgeorge (18767)

        Well, not really. [wikipedia.org] Siri isn't a player in the market for people who would want something like Watson any more than Google is.

    • by bws111 (1216812)

      Siri can be used for stuff other than search. If you dictate an email using Siri, Apple now has your email, and not in a secure email system, but somewhere they can access it for their own purposes (like maybe providing answers to someone else's queries).

      • Ah, I agree with that problem.

        Never mind then, that makes perfect sense.

        Sounds like there needs to be an enterprise version of siri. Same basic thing just a segregated appliance somewhere that the company can nuke from orbit as required.

        It's the only way to be sure.

    • by squiggleslash (241428) on Wednesday May 23, 2012 @11:23AM (#40088561) Homepage Journal

      They probably are, but not to the same extent.

      Siri differs in two crucial respects:

      1. Bing and Google don't, by default, tie searches to an individual. (Yes, I know, they can, you can log in, and sometimes are already, but you can use both services with cookies turned off without problems.)

      2. Siri searches your personal information. At least, that's what I figure from the ads. If Samuel L. Motherfucking Jackson can cancel his golf game by telling Siri to cancel it, then clearly Siri knows SLMFJ's schedule, amongst other things. Google and Bing, unless your business uses Office 365 or Google Apps (in which case...), only has limited personal information on you.

      I'm not arguing they're not potential security holes, but they're not in the same ballpark as Siri. If you're talking to Siri all the time, in order to modify your work schedules, send emails, etc, then, well, you are passing much, much, more information to Apple.

    • by Baloroth (2370816)

      Except that Google and Bing don't also have access to your address book (well, unless you use an Android and wear a tinfoil hat), and aren't generally used to write mails (well, unless you use Gmail/Hotmail, but I'm assuming IBM doesn't). Siri basically has access to everything on your phone, at least in theory. The exact data it collects is unknown, and probably perfectly innocent, but if you don't actually know, and cannot verify it, it is better to assume it is everything.

      Even if Apple doesn't do anythi

      • by Baloroth (2370816)

        Gah, I mean "...and aren't generally used to write emails" and "there is very much a risk..." I need more coffee.

  • by cpu6502 (1960974) on Wednesday May 23, 2012 @11:06AM (#40088213)

    Finally someone recognizes that the "cloud" is a danger to security. It's understandable that IBM would not want Apple being aware of what their employees are working on.

  • by FreedomOfThought (2544248) on Wednesday May 23, 2012 @11:08AM (#40088263)
    Post-Ban of Siri

    IBM Employee: "Siri?"
    Siri:"Yes?"
    IBM Employee: "Remind me to file for the patent on the [insert technology here], tomorrow."
    Siri: "I'm sorry, Dave. I'm afraid I can't do that."
  • Wait, there are people who actually use Siri for a serious business-related use? They don't just ask it dumb questions in attempt to get silly answers?

    "Siri, will you marry me?"
    "Siri, where can I hide a dead body?"
    "Siri, ***k you!"
    "Siri, what is your favorite color?"

    That's the only use for Siri that I've been able to (and many of my friends for that matter) find.

    • Siri, Siri, give me your answer do...
    • Siri and I have different opinions over what constitutes "Next Tuesday," so I don't use it that much, either.

      That said, I did find a use for it: When I go biking, I like to know when the sun will set so I have an idea of when I have to be home. So if I ask Siri, "What time is sunset?" Siri will respond with "Sunset is at 7:17PM" or whenever sunset time is. Very handy.

      That said, Siri is getting this information from the weather report. So you cannot ask, "What time was sunrise?" or "When will the sun se

      • by LMacG (118321)

        Yes, but Siri exists in the cloud, and everybody knows that when it's cloudy, you can't see the sun.

        This also explains why she is so sure it's raining when Zooey "I'm so Quirky" asks about it.

  • by Tangential (266113) on Wednesday May 23, 2012 @11:12AM (#40088339) Homepage
    The iPhone/iPad's regular voice recognition for diction (the mic on the virtual keyboard) isn't Siri but it also uses the cloud. On top of that, many apps and browsers store data in the cloud and not just iOS phones; Android, RIM and others store data on servers in the cloud. Seems like a pointless ban to me.
  • by contrapunctus (907549) on Wednesday May 23, 2012 @11:16AM (#40088429)

    I don't understand why Siri has to use the cloud for speech to text. I had a samsung phone 6 years ago that could do this on the device itself with. I understand if the text part (after it's been converted) needs to be sent for analysis but the device certainly has enough processing speed to understand speech without a network...
    I'm sure I'm missing something.

    When I'm driving is when I really want to use Siri so I don't have to look at my phone and that it when it fails most (I'm not always on 3G areas).

    • Because of the semantic processing. Takes quite a bit more horsepower.

      It's the cool part of Siri. Mostly useless, but cool.

      I'd tag the story 'Andnothingofvaluewaslost'

  • by chenjeru (916013) on Wednesday May 23, 2012 @11:18AM (#40088455)

    Before everyone chimes in about how you might as well ban Google and Bing too, I think that there is a valid security concern for using Siri when you consider that many people use it for making appointments. Search history is much easier to obfuscate. I can understand if IBM doesn't want Apple to know who it is having "top secret" meetings with.

    • If you want to see what Apple is parsing out and if the Government has a hand in it just start scheduling fun stuff.

      'Siri, Skype call with Al Qaeda. 5 PM Afghanistan time'
      'Siri, Reminder to purchase 1 ton of fertilizer.'
      'Siri, Schedule President Obama's assassination for election day this year'

      Or if you would prefer a different organization than the DHS.

      'Siri, track package 0004202392389 5 lbs of Marijuana.'

      * This may get you on a few lists. Try at your own digression.

  • Whenever someone tries to show me how cool their Siri (or other similar Android app) voice recognition search is, I grab the phone and say, "Siri, how do you build a dirty bomb?" Then I explain that not only are all your Google searches logged, but so are your Siri queries because they have to go to the "cloud" to be processed. :)
  • ... Christine [wikipedia.org].

  • Until this, few phones sent your audio to a third party. The telco had to have the audio stream, but they don't store it. Telcos are regulated in this area. Even for wiretaps, US telcos don't store audio; they forward it in real time to law enforcement or security agencies.

    Then Apple comes along. It starts storing all your audio and recognizing as much of it as possible, escaping liability through a vague EULA. That has to be a concern. How do you know when it's listening? And will you know when Apple c

    • by rsborg (111459)

      Until this, few phones sent your audio to a third party. The telco had to have the audio stream, but they don't store it. Telcos are regulated in this area. Even for wiretaps, US telcos don't store audio; they forward it in real time to law enforcement or security agencies.

      Then Apple comes along. It starts storing all your audio and recognizing as much of it as possible, escaping liability through a vague EULA. That has to be a concern. How do you know when it's listening? And will you know when Apple changes the rules to something like "we collect all your voice input to improve the quality of voice recognition"?

      So you're saying that Google Voice doesn't process the audio running over it's service? How would you know? It's been out for years.

      What about Android voice input? Hell, even on the iPhone you had Dragon apps by Nuance to do search processing - both of these have been around for years and send voice data (over your data connection) to a remote server - they even send contact details to refine the analysis.

      Your Apple-rant is unwarranted here.

  • This would be the same IBM that banned *all* cameras from its Greenock site - not even allowed to be left in your car while you're at work. The ban also included forward-looking CCTV and reversing cameras in lorries, like the dozens of lorries that came to site every day.

    Then they bought all the managers smartphones, with cameras.

  • Siri is NOT banned (Score:3, Interesting)

    by Anonymous Coward on Wednesday May 23, 2012 @12:33PM (#40089739)

    This is factually incorrect.

    IBM enforces a profile on iOS devices that requires an 8-character password with a 15 minute lock timeout, along with the Lotus Traveller package for push email, calendar and contacts.

    Siri is not permitted unless the phone is unlocked, and is therefore unavailable from the lock screen.

    It's THAT simple. Really.

  • Remember back in the 90's when Furby first came out, the Federal Government banned Furbies from entering the building to protect state secrets?

    Via Wiki: "There was a common misconception that they repeated words that were said around them. This belief most likely stemmed from the fact that it is possible to have the Furby say certain pre-programmed words or phrases more often by petting it whenever it said these words. As a result of this myth, several intelligence agencies banned them from their offices
  • by andy1307 (656570)
    Who's the CEO of IBM?

    Siri: Virginia Tometty

    then who the fuck is Jeanette Horan?

    Siri: Ask the OP.

You are an insult to my intelligence! I demand that you log off immediately.

Working...