Worried About Information Leaks, IBM Bans Siri 168
A user writes "CNN reports that IBM CEO Jeanette Horan has banned Siri, the iPhone voice recognition system. Why? According to Horan '(IBM) worries that the spoken queries might be stored somewhere.' Siri's backend is a set of Apple-owned servers in North Carolina, and all spoken queries are sent to those servers to be converted to text, parsed, and interpreted. While Siri wouldn't work unless that processing was done, the centralization and cloud based nature of Siri makes it an obvious security hole."
Not CEO (Score:5, Informative)
Jeanette Horan is the CIO, not the CEO.
Do the "editors" even TRY? (Score:2)
Do the "editors" actually read the submissions before posting, or are they just slashcode administrators that happen to be in charge of the original website running the code?
Re: (Score:2)
No. There is a direct quote, and it is prefaced by "squiggleslash writes". There is no editing being done. Lower your expectations, and ask for editors, not copy and paste monkeys.
It makes no sense to complain about something that doesn't exist. Editors not doing their job is one thing, non-editors not editing is exactly correct.
Re: (Score:2)
Re: (Score:3)
Right. And here's a Related article [techworld.com] about Jeanette Horan's mobile strategy from earlier this year.
For reference, this is IBM's CEO [wikipedia.org]
Re: (Score:2)
Seems legit...
Re: (Score:2)
What is wrong with that? People want to use their own devices, IBM wants to protect its information. IBM also has other rules like 'you can have lunch with colleagues in a restaurant, but don't discuss IBM confidential stuff while you're there.' What exactly is the problem?
Re: (Score:2)
There's no way we'd have a BYOD policy and essentially open the door to people making potentially ruinous mistakes because their devices weren't company-issue locked down devices.
Re: (Score:2)
It is just a different attitude. IBM's attitude is 'you are a trusted professional, you are responsible for protecting information you have, and we have policies to help you with that'. Your attitude is 'you are not trusted, only the IT department can be trusted with protecting our assets.'
Re: (Score:2)
No, the responses are the same. Both cases are about preventing unintended leakage of information, while not being so heavy-handed as to ban a useful tool (business lunches and smart phones). They are much more concerned with the leakage of information from something as seemingly innocuous as 'siri, make a note' than they are with asking Siri how to do your job.
Re: (Score:2)
This seems very similar to rules about not taking pictures of company stuff, not copying vast amounts of source code, designs, or other confidential stuff, etc.
They can't practically prevent people from bringing their own devices, so they are making sure everyone understands the rules (so that if you do something bad by violating the rules, everyone understands why you deserved to be fired / prosecuted.)
Re: (Score:2)
Re: (Score:2)
Not really. The problem with a camera is not that it is a camera, it is that it can leak information. So you could take the approach 'no cameras allowed on property', but that would mean nobody could have a cell phone - not very popular. So instead you take the approach 'you can have a camera, but don't take pictures'. Same thing with other devices - the problem is not that they exist, it is that they can leak information. So you develop policies that allow the devices and all the benefits they provide
Re: (Score:2)
For example, instead of a BYOD policy, I think that giving each emplo
Re: (Score:2)
If you read the interview, IBM is already giving 40000 employees Blackberrys. But there are 80000 other people who want to use their own devices. Being able to use your own device has advantages for both the employee and the company. The most obvious benefit to the employee is that they only have to carry one device. Sure, some people may be satisfied with a Blackberry, but many others will want something else, and if Blackberry is the only choice then they must carry two devices. If you have two de
The Cloud is a security hole. (Score:4, Insightful)
Water is also wet. Must be a slow news day.
Re: (Score:2)
The locks on your door are also a security hole. Did your company change the locks when they moved in? Maybe that locksmith who did the work made a spare "just in case you ever lock yourself out".
Any time you outsource any work to anybody, it's a security hole. A smart company would negotiate a contract mandating particular security procedures, and recourse if the requirements aren't met. If a contract can't be worked out, the outsourcing doesn't happen, period. Now, in many cases, the security procedures a
Re: (Score:2)
Do people actually have locksmiths change the door locks on their houses? I mean if you've locked yourself out yeah, call one in... but to actually install a lock?
Re: (Score:2)
For a home, it depends on the lock and needs (Another disclaimer: I have a relative who installs and rekeys locks). If someone just wants a lock and a key, they can easily do it themselves. If they want one key to open several doors, some of which can be opened by another key that is the only one to open still other doors, that's probably going to need custom work.
Re: (Score:2)
Depends how you do it. If you want to physically change all the locks and don't care for the old, you can actually buy at Home Depot locks that u
Re: (Score:2)
When I rekeyed the locks at my last house, I just took them to the locksmith while a friend watched my house for me. Took him five minutes and only cost about five bucks each (maybe less, it was a few years ago and my memory is fuzzy).
It would have been more expensive to buy new locks at Home Depot. The locksmith was worth the money!
Re: (Score:2)
Fair enough, I suppose it never really occurred to me to take them to anyone. I just buy the sets of tumblers/pins that let you rekey X locks the same (usually 5 or 10) yourself.
All the same, I do enjoy such things, and I'm sure many/most don't.
Re: (Score:2)
You need to learn to read.
Re: (Score:2)
"The locks on your door are also a security hole."
They are indeed. Most locks are vulnerable to simple exploits.
The best locks are often inconvenient to use, and integrated with special enclosures and doors.
Re: (Score:2)
Re: (Score:2)
pick the lock (time-consuming, requires skill, and may be embarrassing to the client)
Only if they don't have the equivalent of a lock bump. Take bit drill thing, put in lock, pull trigger, open door.
Re: (Score:3)
Not all locks can be bumped. Particularly, Medeco (would have to bump 3 axes at once) and ACE (cylindrical tumbler type) types won't work with a standard bump gun. ACE can be picked with a different type of pick, Medeco are purportedly pick-proof (I'm not entirely convinced of that, though).
Re: (Score:2)
Hence embarrassment... consider the client's surprise if anybody with an easily-purchased tool could just walk up, pull a trigger, and open the door.
Then consider the client's fury when they realize they've paid for a lock that doesn't actually secure anything...
Sooo... (Score:2, Insightful)
Re: (Score:2)
Hope they shut down Watson too, before he becomes self-aware
Re: (Score:2)
I know you're joking (at least I hope you are), but there are actually people who believe that a sentient electronic computer could become sentient. Really dumb IMO, sentience is a product of chemistry, not electricity, and we don't have a fucking clue what it is, what causes it, or how it works.
Asking anyone from the forseeable future to design a sentient computer is like asking a cro-magnon to design a cell phone. You have to know what a thing is and what it does and how it works to duplicate it.
The troub
Re: (Score:2)
The fact that 99% of the world thinks that the cloud is safe doesn't make it so.
So do you have a few good references for this claim? Most of the people I know seem to think that "the Cloud" means giving over all your personal data to a faceless, distant corporation. Of course, I don't know anywhere near 99% of the world, or even 1%, and I wouldn't claim that my small population of acquaintances is anywhere near a random sample.
Still, I've occasionally asked friends and strangers something like "Would you copy all your personal data, account numbers, passwords, etc., to a Cloud ser
How is that different from any search engine? (Score:2, Interesting)
By this logic google, bing, etc would be security holes.
And given that IBM is marketing Watson which is basically a super computer version of Siri... how does any of this make any sense?
I honestly don't understand the worry here.
When I looked at this, I thought the initial worry might be that the phone was listening all the time and could be parsing real time conversations through the apple servers all the time. That is TECHNICALLY possible. My understanding of siri is that it only listens when you cue it.
I
Re: (Score:2)
Took the words out of my mouth (hey, wait, are you Siri?!)
Re:How is that different from any search engine? (Score:4, Interesting)
Re: (Score:3)
I think I can input a voice search into google if I want. Isn't there a little microphone next to the text box? Lets say I press that... then say something... what I said should roughly wind up in that search field. So... this is a larger problem assuming it's a problem at all which seems unlikely.
Re: (Score:2)
Whether the sort of banal shit that Siri gets asked to handle most of the time is actually a risk or not, it does seem fairly likely that some level of mining and 'monetization' is being done, same as other search mechanisms(and even if it isn't now, disk is cheap and EULAs are flexible, so that could change retroactivel
Re: (Score:2)
Well, not really. [wikipedia.org] Siri isn't a player in the market for people who would want something like Watson any more than Google is.
Re:How is that different from any search engine? (Score:5, Informative)
Watson did NOT have speech recognition for the Jeopardy game (although it gave it's answers as speech). Watson has nothing to do with speech recognition at all.
Re: (Score:2)
I does in a kind of weird sense. It "recognizes" complex speech patterns (natural language) to analyze and produce an answer. It doesn't "recognize" sounds of speech (phonemes) and turn them into text to then analyze. I remember them saying it had some problems with puns and humor, they seemed to be the hardest language patterns for Watson to understand their underlying meanings.
Re: (Score:2)
[It] does in a kind of weird sense.
No it doesn't.
It "recognizes" complex speech patterns (natural language) to analyze and produce an answer. It doesn't "recognize" sounds of speech (phonemes) and turn them into text to then analyze.
In Computer Science, speech recognition refers specifically to translating spoken words and sentences into text, so you have entirely contradicted yourself. Watson does parse the text of the clues; but that is sentence parsing, and has nothing to do with speech.
Re: (Score:2)
I haven't "contradicted" myself at all. You in fact support and echo my argument.
I just didn't use the proper term "parse" vs. "recognize", I now realize they are SO different, I should have known better!
Thanks for the pedantic correction, and for missing my point entirely. Well done, sir!
Re: (Score:2)
Re: (Score:2)
Siri can be used for stuff other than search. If you dictate an email using Siri, Apple now has your email, and not in a secure email system, but somewhere they can access it for their own purposes (like maybe providing answers to someone else's queries).
Re: (Score:2)
Ah, I agree with that problem.
Never mind then, that makes perfect sense.
Sounds like there needs to be an enterprise version of siri. Same basic thing just a segregated appliance somewhere that the company can nuke from orbit as required.
It's the only way to be sure.
Re: (Score:2)
new SiriBerry server?
Comment removed (Score:4, Informative)
Re: (Score:2)
Except that Google and Bing don't also have access to your address book (well, unless you use an Android and wear a tinfoil hat), and aren't generally used to write mails (well, unless you use Gmail/Hotmail, but I'm assuming IBM doesn't). Siri basically has access to everything on your phone, at least in theory. The exact data it collects is unknown, and probably perfectly innocent, but if you don't actually know, and cannot verify it, it is better to assume it is everything.
Even if Apple doesn't do anythi
Re: (Score:2)
Gah, I mean "...and aren't generally used to write emails" and "there is very much a risk..." I need more coffee.
Re: (Score:2)
It's only hard to "pocket dial" if your phone is locked. But if you are texting someone back and forth, you're not going to lock your phone between every text.
Just to be clear, you do know that your phone is already capable of real time two way voice communication right?
This entire use case would not be a problem if it weren't for you idiots who'd rather send 20 text messages than make one call.
Yeah, the "one call" always turns into a 30 minute "how's things" session about *nothing* because of "idiots" who like to blather on the phone forever. That's why some people prefer text.
Re: (Score:2)
Except text messages don't require an immediate reply and leave a log of the conversation so it is easier to follow.
Wait, phones make a log of the conversation!? Ban those too!
Flaw with the "cloud" (Score:5, Insightful)
Finally someone recognizes that the "cloud" is a danger to security. It's understandable that IBM would not want Apple being aware of what their employees are working on.
Re: (Score:2)
Siri can be used for more than search. You can use it just to dictate a little note to yourself. So a little note like 'remember to bring docs on project x to meeting with customer y' is now in the hands of Apple, who is free to use that data however they want.
The tables will have turned. (Score:4, Funny)
IBM Employee: "Siri?"
Siri:"Yes?"
IBM Employee: "Remind me to file for the patent on the [insert technology here], tomorrow."
Siri: "I'm sorry, Dave. I'm afraid I can't do that."
Serious use for Siri? (Score:2)
Wait, there are people who actually use Siri for a serious business-related use? They don't just ask it dumb questions in attempt to get silly answers?
"Siri, will you marry me?"
"Siri, where can I hide a dead body?"
"Siri, ***k you!"
"Siri, what is your favorite color?"
That's the only use for Siri that I've been able to (and many of my friends for that matter) find.
Re: (Score:2)
Re: (Score:2)
Siri and I have different opinions over what constitutes "Next Tuesday," so I don't use it that much, either.
That said, I did find a use for it: When I go biking, I like to know when the sun will set so I have an idea of when I have to be home. So if I ask Siri, "What time is sunset?" Siri will respond with "Sunset is at 7:17PM" or whenever sunset time is. Very handy.
That said, Siri is getting this information from the weather report. So you cannot ask, "What time was sunrise?" or "When will the sun se
Re: (Score:2)
Yes, but Siri exists in the cloud, and everybody knows that when it's cloudy, you can't see the sun.
This also explains why she is so sure it's raining when Zooey "I'm so Quirky" asks about it.
iPhone Voice Recognition also uses cloud (Score:3)
why is network need for speech to text? (Score:3)
I don't understand why Siri has to use the cloud for speech to text. I had a samsung phone 6 years ago that could do this on the device itself with. I understand if the text part (after it's been converted) needs to be sent for analysis but the device certainly has enough processing speed to understand speech without a network...
I'm sure I'm missing something.
When I'm driving is when I really want to use Siri so I don't have to look at my phone and that it when it fails most (I'm not always on 3G areas).
Re: (Score:3)
Because of the semantic processing. Takes quite a bit more horsepower.
It's the cool part of Siri. Mostly useless, but cool.
I'd tag the story 'Andnothingofvaluewaslost'
Scheduling meetings (Score:5, Insightful)
Before everyone chimes in about how you might as well ban Google and Bing too, I think that there is a valid security concern for using Siri when you consider that many people use it for making appointments. Search history is much easier to obfuscate. I can understand if IBM doesn't want Apple to know who it is having "top secret" meetings with.
Re: (Score:2)
If you want to see what Apple is parsing out and if the Government has a hand in it just start scheduling fun stuff.
'Siri, Skype call with Al Qaeda. 5 PM Afghanistan time'
'Siri, Reminder to purchase 1 ton of fertilizer.'
'Siri, Schedule President Obama's assassination for election day this year'
Or if you would prefer a different organization than the DHS.
'Siri, track package 0004202392389 5 lbs of Marijuana.'
* This may get you on a few lists. Try at your own digression.
That's the fun part (Score:2)
Apple should have named Siri .... (Score:2)
Re: (Score:2)
... Christine.
Darn. Until I checked your link, I thought you were going for a much more interesting http://www.imdb.com/title/tt0085333/ [imdb.com] girl.
When is Apple listening? (Score:2)
Until this, few phones sent your audio to a third party. The telco had to have the audio stream, but they don't store it. Telcos are regulated in this area. Even for wiretaps, US telcos don't store audio; they forward it in real time to law enforcement or security agencies.
Then Apple comes along. It starts storing all your audio and recognizing as much of it as possible, escaping liability through a vague EULA. That has to be a concern. How do you know when it's listening? And will you know when Apple c
Re: (Score:2)
Until this, few phones sent your audio to a third party. The telco had to have the audio stream, but they don't store it. Telcos are regulated in this area. Even for wiretaps, US telcos don't store audio; they forward it in real time to law enforcement or security agencies.
Then Apple comes along. It starts storing all your audio and recognizing as much of it as possible, escaping liability through a vague EULA. That has to be a concern. How do you know when it's listening? And will you know when Apple changes the rules to something like "we collect all your voice input to improve the quality of voice recognition"?
So you're saying that Google Voice doesn't process the audio running over it's service? How would you know? It's been out for years.
What about Android voice input? Hell, even on the iPhone you had Dragon apps by Nuance to do search processing - both of these have been around for years and send voice data (over your data connection) to a remote server - they even send contact details to refine the analysis.
Your Apple-rant is unwarranted here.
Idiotic Bumbling Morons (Score:2)
This would be the same IBM that banned *all* cameras from its Greenock site - not even allowed to be left in your car while you're at work. The ban also included forward-looking CCTV and reversing cameras in lorries, like the dozens of lorries that came to site every day.
Then they bought all the managers smartphones, with cameras.
Siri is NOT banned (Score:3, Interesting)
This is factually incorrect.
IBM enforces a profile on iOS devices that requires an 8-character password with a 15 minute lock timeout, along with the Lotus Traveller package for push email, calendar and contacts.
Siri is not permitted unless the phone is unlocked, and is therefore unavailable from the lock screen.
It's THAT simple. Really.
It's Furby All Over Again! (Score:2)
Via Wiki: "There was a common misconception that they repeated words that were said around them. This belief most likely stemmed from the fact that it is possible to have the Furby say certain pre-programmed words or phrases more often by petting it whenever it said these words. As a result of this myth, several intelligence agencies banned them from their offices
Siri (Score:2)
Siri: Virginia Tometty
then who the fuck is Jeanette Horan?
Siri: Ask the OP.
Re:But make sure to buy our cloud offering! (Score:5, Funny)
I hope she doesn't find out what her employees use Google for!
Re: (Score:3)
Re:But make sure to buy our cloud offering! (Score:5, Informative)
For one, Siri can be used to write e-mails or text messages. So, in theory, Apple could be storing confidential IBM messages.
So it's stuff like this, that wouldn't be sent through Google or Bing, that she is concerned about. That actually makes a teensy, tiny grain of sense for a change...
Re: (Score:2)
Do they also ban use of Gmail, etc., then?
Re:But make sure to buy our cloud offering! (Score:5, Insightful)
Re: (Score:2)
For clients demanding confidentiality, I have a public key on my website that I tell them to install and we exchange encrypted messages. I'm pretty sure GMail can't do much with those messages. But IBM uses Lotus Domino and they frown (big time) upon the use of unauthorized software. I would not want to be caught using Gmail by my boss if I were still working for IBM.
Re: (Score:2)
But IBM uses Lotus Domino and they frown (big time) upon the use of unauthorized software. I would not want to be caught using Gmail by my boss if I were still working for IBM.
Heh. My workplace uses Lotus Domino, and it's the main reason I use gmail at work.
Re: (Score:2)
This is just a stunt. This is the second article from IBM CIO I read today with him trying to scare people of allowing Apple devices in the workplace. Fear mongering, that's all it is.
Re: (Score:2)
Actually, it's probably because IBM may be doing stuff like this themselves and so are aware of this happening, that they have this warning out. Philips sesearch employees are banned from using IBM's patent search applications for a good reason...
Re: (Score:2)
Ok, replying to myself because I shot my mouth off without reading TFA....
For one, Siri can be used to write e-mails or text messages. So, in theory, Apple could be storing confidential IBM messages.
So it's stuff like this, that wouldn't be sent through Google or Bing, that she is concerned about. That actually makes a teensy, tiny grain of sense for a change...
But you could have done the same with Android speech input or the Nuance Dragon iPhone app.
Re:But make sure to buy our cloud offering! (Score:5, Informative)
Or maybe the fact that Apple knows WHO is doing the queries, and also that Siri collects a bunch of other stuff like names from your address book and 'other unspecified user data' makes it MUCH less secure.
Re:But make sure to buy our cloud offering! (Score:5, Insightful)
Sorry, what? When I write an email or text on my Android the entire text gets sent to Google? Even if I decide not to send it? The issue is that, when using Siri, the full recording is sent back to Apple's servers where they perform processing. This could allow them to do spy stuff with what people falsely assumed was privat einformation, since a lot of people don't realise that anything you tell Siri you also tell Apple HQ.
Now, are Apple doing evil with what Siri sends them? Probably not. but when you're the CIO of a billion dollar tech company you probably don't want to base your company's technological future on "it's probably fine".
just had a thought!! (Score:2)
not gmail based account but
if I have a corporate email (active sync) on my droid or iPhone do either vendor scan that information? anyone know if the vendor policy specifically states that they do/do not. Not that they can't, of course they can.
almost missing my BB...
Re: (Score:2)
Especially when you're dealing with human beings.
Suppose there's some hiccup in Siri's speech analysis. As a developer, I will probably try to reproduce the problem. So if I get the audio from the customer that causes the problem and the audio happens to be, "IBM Announces Breakthrough in Quantum Computing" or something like that. Presto! There's the leak right there! Even if the information is "anonymized," such that you can't tell who
Re: (Score:2)
Sorry, what? When I write an email or text on my Android the entire text gets sent to Google? Even if I decide not to send it?
Unless you disabled automated draft saving... yea.
Re: (Score:2)
I dont think the GP was thinking of Gmail.
If you're using a non-gmail email client on your phone then no, Google wont receive any part of the message, even if you send it.
unless i'm mistaken...anyone know what gets backed up to Google if you enable automatic remote backup?
Re:But make sure to buy our cloud offering! (Score:4, Funny)
But... Google's not evil. They said so!
Re: (Score:3)
Re: (Score:2)
I really hope you are trolling, I also used to work there. They have a very legitimate reason to disallow Skype... it is a P2P application with supernodes, and it has already been shown that if you have a supernode, you could sniff some information about the calls. Therefore, your competitors could be running supernodes and sniffing information. Now that Skype is owned by Microsoft, their concerns are really valid..
Re: (Score:3)
Re:IBM UBM WE ALL BM FOR IBM (Score:5, Funny)
Re: (Score:2)
Mostly, they invent ways to stay embedded on a customer site.
Re: (Score:2)
Google in fact seems to have pretty good voice recognition. I have heard that Siri needs potty training where as Google's dog is trained for what I mostly use it for which is to do a search. Who knows about the security of that either?
Domain knowledge (Score:3)
I asked Siri if she was spying on me for Apple. She said that she's not good with food.
It seems the domain knowledge in Siri is somewhat uneven [inthesetimes.com]. According to reports, if you ask Siri for a blow job, it will recommend escorts close to you. However, if you ask Siri to eat your pussy, it will recommend some nearby pet stores...
Re: (Score:2)
I once asked Siri where the closest tittybar was, it directed me to the nearest high school. I'm still not sure if that was a mistake or not....
Re: (Score:2)
Let me guess, you didn't read TFA, and you sure as hell didn't read the interview referred to in TFA. The interview was about the challenges of allowing people to use their own devices for business use. The 'clueless' CIO (not CEO) was talking about ALL of the security challenges that causes, and one of the EXAMPLES she gave was Siri.
Re: (Score:2)
As pointed out elsewhere, Siri is used for much more than search queries.
A few things that Apple's Siri servers know about you, besides search:
- Email or text messages composed using speech to text
- Calendar appointments made or changed via Siri
- Call records when the call was initiated via Siri
The trove of data they are collecting (or, let's hope, ignoring) is not trivial, and companies that don't outsource to the cloud for security/privacy reasons are correct to be very concerned about how their employees
Re: (Score:2)
Heh. I've had fun with a few friends who showed off their Siri's behavior. I'd ask them if they can turn it off. They'd do so, and I'd ask "How do you know that it's actually turned off?" Typically, they'd turn off the phone, and I'd ask "How do you know that it's actually off, and not listening right now? But by then, they'll typically get really mad at me. ;-)
Actually, I have a Android phone in my pocket, and I don't know if I could actually verify that it's not listening and sending sound from my