IBM bans Siri: Privacy risk, or corporate paranoia at its best?

IBM bans Siri: Privacy risk, or corporate paranoia at its best?

Summary: IBM has banned Siri over concerns Apple and its partners could actively read uploaded queries. Corporate paranoia at its finest, or is IBM right to ban the intelligent assistant?


IBM has banned Siri on its corporate network citing reasons that it can't trust the intelligent assistant to keep its virtual mouth shut.

Despite the company having a strong bring-your-own-device (BYOD) policy, it has caused a few headaches on the corporate security side of things.

The computing giant is concerned that Siri, the voice-activated assistant exclusive to Apple's iPhone 4S, could allow Apple to snoop on its customers' queries and potentially let industrial secrets out of the bag.

IBM chief information officer Jeanette Horan told MIT's Technology Review that the company is "extraordinarily conservative" about computer security, and disabled Siri because the company is worried that the "spoken queries might be stored somewhere."

It's corporate cloud paranoia at its best, but it also makes perfect sense.

Siri uploads what you say to Apple's datacenters for processing. There it translates what the user has said, and returns the best results back to the iPhone. All this happens in the space of a few seconds.

Looking at Apple's license agreement which dictates the terms of the data uploaded by Siri --- well, it doesn't clearly say. Apple doesn't say who can access the data, how long it stores the data for, or whether it actively accessed by staff.

An Apple spokesperson did not respond to questions at the time of writing.

Apple's iOS software license agreement states [emphasis mine]:

"When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and, for Siri, to also process your requests. [...] By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services."

Terms like these are pretty bog-standard. These terms basically allows Siri to work, and often does not mean anything more than that --- certainly nothing untoward. Having said that, the language does leave it open to interpretation and more specifically, the potential for Apple to do something untoward if it chooses to.

Siri also uploads other things:

"...such as your first name and nickname; the names, nicknames, and relationship with you (e.g., “my dad”) of your address book contacts; and song names in your collection (collectively, your “User Data”). All of this data is used to help Siri and Dictation understand you better and recognize what you say."

But Apple doesn't mind its iPhone 4S users uploading unwittingly personal data to its datacenters. If anything, the more the better. The more data it receives, the better Siri ultimately becomes. It still has its beta tag firmly in place more than eight months since its release.

There is an interesting clause, however, that effectively exonerates Apple from "doing a Google". On March 1, Google consolidated its 70-plus privacy policies into one, allowing Google to build up a greater, more specific profile of its users for advertising purposes.

Apple's get out clause says:

"All of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services."

Google came under heavy fire following its policy consolidation. European data protection agencies authorities are investigating Google because they believe the search giant broke E.U. privacy and data laws by merging its policies.

IBM is right to block off Siri, and it's right to take precautions. IBM also bans Dropbox and similar cloud services. Siri and the Dictation feature can be used to write emails, text messages, and store other information that IBM may not want being uploaded to Apple before it is downloaded back to the iPhone.

Having said that, it could be accused of double standards by not blocking access to Google, which stores store personal user data and hands it --- albeit after it is anonymised --- to advertisers.

Until Apple 'fesses up and says clearly and definitively what happens to its users' data when it's taken into Siri's custody, users probably shouldn't tell it anything they may be protective over.

That includes the nuclear codes, Mr. President.

Image credit: Apple/CNET.


Topics: IBM, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • This is the sentence to focus on in the EULA

    [i]other Apple products and services[/i]

    Isn't one of Apple's products iAd? Why yes it is.
  • Never considered this before, but....

    ....aside from a possible security risk, having to listen to Siri (and whoever is talking to her) at work could be just plain annoying.
    • It should be used in coridor, not near the next table

      Then it might be fine.
      • Userama, you were just given the famous line

        You are using it wrong.
  • IBMs decision should be seen as where most corporates will go

    This highlights the issue currently with many cloud services, the EULA term are very unpalatable to many business.

    I think there is a gap for a more business friendly provider in the space, who knows maybe IBM?
    • RE: IBMs decision should be seen as where most corporates will go

      One wonders what IBM's policy is for Facebook and Google services such as Google Search, Google Docs, Gmail and Google+. At least Apple has not been slapped with 20 years of privacy monitoring by the FTC. Yet.

      [i]I think there is a gap for a more business friendly provider in the space, who knows maybe IBM?[/i]
      Another use for Watson?
      Rabid Howler Monkey
      • Irrelevant and different

        [i]One wonders what IBM's policy is for Facebook and Google services[/i]

        Irrelevant because it doesn't change the fact that Siri is a huge privacy issue. Whether Facebook and Google also have their own privacy issues (and absolutely they do) does not mean that IBM should ignore this one from Apple.

        However, there is a slight difference between Facebook / Google and Siri. Facebook and Google services are very clearly Internet enabled. Yes, there should be a policy around their use but you would have to be some special kind of stupid to use GMail and not realize that Google has access to your email.

        It is not obvious that Siri transmits everything you say to Apple and that Apple stores everything you say in order to improve other Apple products and services (like iAd). Most traditional voice recognition software has not been server based. When I tell my car to call my wife, I'm fairly certain that this information is not sent to my car manufacturer. When I tell my phone to create an appointment with the CEO of Dell regarding the possible merger of IBM and Dell, my first thought would not be that Apple is going to store my request along with all my personal information.

        So while a policy on Google and Facebook would also be advisable, a policy on sneaky information theft like what Apple does with Siri is absolutely essential.
      • re Rabid Howler Monkey

        A few friends work there facebook for personal use (and having read the social media guidance)is ok, dito google+ and search is ok as well.

        Gmail , Docs are completely banned with regards to anything done in work time
  • lots of companies just won't let employees access web at all

    plain and simple - no google, no weather, no wikipedia - nothing.
    • Which explains...

      ...the rapid sales of iPads with built-in Internet. Ignore IT, just do it yourself!
      Tony Burzio
  • IBM bans Siri: Privacy risk, or corporate paranoia at its best?

    Severe privacy risk, who knows what else Siri could be recording when you have it open. Just because its not telling you its looking up something doesn't mean that its not doing it in the background. I don't really see what the draw is to it anyway and I'm betting most of the people that bought the iPhone 4s for Siri have stopped using it a long time ago.
    Loverock Davidson-
    • I use it..

      everyday. I never lookup contacts or use favorites anymore when I call someone. I just use Siri "call john doe cell" done.

      Siri is not recording anything that you don't speak into it.
      • call john doe cell?

        Wow, Siri is so innovative.

        Wait a second. I've seen that somewhere before. o m/en-us/news/press/2003/nov03/11-03voicecommandlaunch2003pr.aspx
        [i]Call Bob Smith[/i]

        Now, when did this come out?
        [i]Nov. 3, 2003[/i]


        Siri is awesome.

        PS Microsoft Voice Command didn't send your voice to Microsoft servers. Unlike Siri which stores everything you say along with personally identifiable information.
      • @toddbottom

        and you point is?????

        My point was that i use it, in reply to that its probably not really used. I honestly don't care if Microsoft invented it or not. Its works and works great.
    • Even scarier

      [i]Siri could be recording when you have it open[/i]

      Siri could be recording when you have it closed.

      Oh, only to improve Siri, not because Apple is spying on you. /s
      • Talk about paranoid stupidity...

        By that logic you probably think your TV is recording you, or that your Kinect is recording you and sending the feed to Microsoft (Granted it is a internet connected web cam that is pointed directly at your living room)...

        I think paranoia comes down to how conceited you are and how much you need to compensate for short comings.
      • todd's bottom needs all the attention it can get

        That's why the shill does nothing else all day except come on here and peddle lies. Or didn't you know that?
  • The Real SIRI Risk

    SIRI by its very nature MUST generate and store a rather complete "understanding" of your relationships with to and between your contacts. To be really good, SIRI MUST figure out who you know, what you are doing and even to some degree, what you are thinking. All this information MUST be kept in some organized, readily accessible form by Apple.

    Can you spell Homeland Security?
    • band aids on web cams !!

      i read one comment by one in saudi=they put band aid on their web cams, they are thinking until today that spy softwares are installed and can be installed via updates or whatever from the net. HOW FLAME was installed ? so goes with siri risk.
  • IBM Worried About Security?

    I always get a chuckle out of IBM worrying about IT security when literally thousands of its employees are either forced out the door or go out on their own every year. The idea that there are secrets that can be kept within the doors of India Business Machines is laughable.