When Your Company Remote-Wipes Your Personal Phone

Xenographic writes "NPR has a story about someone whose personal iPhone got remotely wiped by their employer. It was actually a mistake, but it was something of a surprise because they didn't believe they had given their employer any kind of access to do that. This may already be very familiar to Microsoft Exchange admins, but the problem was her iPhone's integration with MS Exchange automatically gives the server admin access to do remote wipes. All you have to do is configure the phone to receive email from an MS Exchange server and the server admin can wipe your phone at will. The phone wasn't bricked, even though absolutely all of its data was wiped, because the data could be restored from backup, assuming that someone had remembered to make one. But this also works on other devices like iPads, Blackberry phones, and other smartphones that integrate with MS Exchange. So if you read your work email on your personal phone or tablet, you might want to make sure that you keep backups, just in case."

we have the same policy at work

[queen+of+everything]

We have the same policy and will only allow smart phones to connect to exchange when they have the remote wipe capability. It's to protect the company's interests should a phone be lost or stolen. When the users sign up for ActiveSync they have to "read" the terms and conditions where it states that it may be remotely wiped. I don't think most people read it but when you think about the type of proprietary (and often confidential) data your email inbox has, you have to understand why the company does it.

Re:we have the same policy at work

[amicusNYCL]

I don't think most people read it but when you think about the type of proprietary (and often confidential) data your email inbox has, you have to understand why the company does it.

That's a perfectly acceptable policy for any company that provides smart phones to its employees. I don't know if it's true with your company, but I would consider that an overreach if you want me to connect my personal phone with your network and give you the ability to delete all of my pictures and other personal data solely at your discretion. I'm sure you would understand why the owner would find that objectionable.

Re:we have the same policy at work

[Anonymous+Cowpat]

What do you do to protect your employees interests in not having their own data annihilated by accident?

Also, are you expecting employees to take work with them, using their own devices; or is the company willing to bare the costs of either providing a device or the work not being done?

It would seem most unusual to me for an employer to require their employees to provide expensive equipment for company use, and with the agreement that the company may treat it as its own.

Re:we have the same policy at work

[houghi]

I only give my personal phone to selected people in my company. That would be my boss and with the explicit notice that it is a private number and should only be used in case of emergencies.

If they want me to have a device to connect to their system, they should provide me with one. Just like I expect them to provide a desk and a chair to sit on. Then it is theirs and they can do with it as they please and at the end of employment, they will get it back.

Their device, their rules. My device, my rules.

Re:we have the same policy at work

[IshmaelDS]

That's a massive security breach, one I wouldn't allow on my network. You may want to check your corporate policies and make sure your still inline or you could be fired.

Re:we have the same policy at work

[fishexe]

It's the company's data, not your personal data, and they have measures in place to protect it.

No it's not. He was talking about them wiping all your personal data. "Measures in place" to protect company's data that also wipe your personal data are a bit creepy.

The surprise is in the scope

[RollingThunder]

I don't think most folks are shocked at the remote wipe capability - they just expected that it would be confined to the exchange data only, not the MP3's, games, photos, etc.

Re:One More Reason...

[dasdrewid]

http://en.wiktionary.org/wiki/spick-and-span

Also, from the wikipedia article on the product, someone did try boycotting it in 1999 (http://en.wikipedia.org/wiki/Spic_and_Span). I think that's stupid. "Spick and Span" was first recorded in the 16th century. "Spic" has only existed since early 1900s, wasn't documented until 1910, and even then was documented as "spiggoty" as a slur against Italians. I'd say it's pretty safe to say that when "Spic and Span" was created (1933 in Ohio), "spic" being a slur wasn't even on the radar for them.

I think the situation is similar to the word "niggardly" (http://en.wikipedia.org/wiki/Controversies_about_the_word_%22niggardly%22). People see something that, without any context (context like the spelling of the word or idiom...), could be conceived as racist. People take offense as something because of their own ignorance.

The problem is, you're not being color-blind. You're seeing color issues where there aren't any. You're trying to get people riled up at racism that isn't even there. You're not helping to stop racism, but you are helping to chill language and communication and encourage ignorance. You have, by trying to be on the right side of something, wound up on the wrong side of everything.

And there goes my karma...