Slashdot Mirror
Worried About Information Leaks, IBM Bans Siri
squiggleslash writes "CNN reports that IBM CEO Jeanette Horan has banned Siri, the iPhone voice recognition system. Why? According to Horan '(IBM) worries that the spoken queries might be stored somewhere.' Siri's backend is a set of Apple-owned servers in North Carolina, and all spoken queries are sent to those servers to be converted to text, parsed, and interpreted. While Siri wouldn't work unless that processing was done, the centralization and cloud based nature of Siri makes it an obvious security hole."
Jeanette Horan is the CIO, not the CEO.
Water is also wet. Must be a slow news day.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
I guess they're about to ban Google and Bing too?
By this logic google, bing, etc would be security holes.
And given that IBM is marketing Watson which is basically a super computer version of Siri... how does any of this make any sense?
I honestly don't understand the worry here.
When I looked at this, I thought the initial worry might be that the phone was listening all the time and could be parsing real time conversations through the apple servers all the time. That is TECHNICALLY possible. My understanding of siri is that it only listens when you cue it.
I'm just tying to piece together what situation or insight lead IBM to have this worry? Possibly someone pocket dialed Siri, a sensitive conversation fed into siri, and siri responded to the conversation in context from someone's pocket? That would be spooky. But I don't really see it as a security hole especially since it's hard to pocket dial iphones. The slider tends to make that rare.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Finally someone recognizes that the "cloud" is a danger to security. It's understandable that IBM would not want Apple being aware of what their employees are working on.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
> the centralization and cloud based nature of Siri makes it an obvious security hole
couldn't the same thing be said about any service 'in the cloud' by any manufacturer?
I hope she doesn't find out what her employees use Google for!
Mod me down, my New Earth Global Warmingist friends!
Hmmm, guess their iPhone users can't browse the internet since the only browser integrates google (and google stores every search). Wonder if they alo vet every app, block dns requests, and encrypt all phone traffic. :)
Sometimes well meaning corporate policies do really dumb things.
Post-Ban of Siri
IBM Employee: "Siri?"
Siri:"Yes?"
IBM Employee: "Remind me to file for the patent on the [insert technology here], tomorrow."
Siri: "I'm sorry, Dave. I'm afraid I can't do that."
Methinks people may be sharing a little too much with Siri. She's a glorified search engine, not your personal confidant, dipshits!
What political party do you join when you don't like Bible-thumpers *or* hippies?
Wait, there are people who actually use Siri for a serious business-related use? They don't just ask it dumb questions in attempt to get silly answers?
"Siri, will you marry me?"
"Siri, where can I hide a dead body?"
"Siri, ***k you!"
"Siri, what is your favorite color?"
That's the only use for Siri that I've been able to (and many of my friends for that matter) find.
Because, somehow, the fact that it was spoken and not typed makes it less secure...
Free Pie! The Pie is Also Evil!
The iPhone/iPad's regular voice recognition for diction (the mic on the virtual keyboard) isn't Siri but it also uses the cloud. On top of that, many apps and browsers store data in the cloud and not just iOS phones; Android, RIM and others store data on servers in the cloud. Seems like a pointless ban to me.
Suppose you were an idiot. And suppose you were a member of congress. But then I repeat myself. -- Mark Twain
For one, Siri can be used to write e-mails or text messages. So, in theory, Apple could be storing confidential IBM messages.
So it's stuff like this, that wouldn't be sent through Google or Bing, that she is concerned about. That actually makes a teensy, tiny grain of sense for a change...
Free Pie! The Pie is Also Evil!
IBM? Worried Apple is listening?
What self-aggrandizing delusion, bordering on a satirical idea!
If I were Apple, knowing the source of a conversation from IBM? I'd purge the recording...
"Flyin' in just a sweet place,
Never been known to fail..."
Or maybe the fact that Apple knows WHO is doing the queries, and also that Siri collects a bunch of other stuff like names from your address book and 'other unspecified user data' makes it MUCH less secure.
...like hotspacho.
Yes, because the audio may contain more than the actual request, e.g. someone speaking in the background.
I asked Siri if she was spying on me for Apple. She said that she's not good with food.
I don't understand why Siri has to use the cloud for speech to text. I had a samsung phone 6 years ago that could do this on the device itself with. I understand if the text part (after it's been converted) needs to be sent for analysis but the device certainly has enough processing speed to understand speech without a network...
I'm sure I'm missing something.
When I'm driving is when I really want to use Siri so I don't have to look at my phone and that it when it fails most (I'm not always on 3G areas).
Before everyone chimes in about how you might as well ban Google and Bing too, I think that there is a valid security concern for using Siri when you consider that many people use it for making appointments. Search history is much easier to obfuscate. I can understand if IBM doesn't want Apple to know who it is having "top secret" meetings with.
Even if you're on the right track, you'll get run over if you just sit there. - Will Rogers
Or maybe the fact that Apple knows WHO is doing the queries, and also that Siri collects a bunch of other stuff like names from your address book and 'other unspecified user data' makes it MUCH less secure.
Uh, same with Android. Google knows everything you do.
Jesus was a compassionate social conservative who called individuals to sin no more.
Do the "editors" actually read the submissions before posting, or are they just slashcode administrators that happen to be in charge of the original website running the code?
I asked Siri if she was spying on me for Apple. She said that she's not good with food.
It seems the domain knowledge in Siri is somewhat uneven. According to reports, if you ask Siri for a blow job, it will recommend escorts close to you. However, if you ask Siri to eat your pussy, it will recommend some nearby pet stores...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Google in fact seems to have pretty good voice recognition. I have heard that Siri needs potty training where as Google's dog is trained for what I mostly use it for which is to do a search. Who knows about the security of that either?
But Androids are generally cheaper than iPhones. Maybe it's more about that, who knows?
Siri is always listening - even when you don't want it to.
It listens to your calls. It listens to you and others talking in the background.
Siri hears all. Siri knows all.
Be afraid.
Why Siri? For publicity that's why.
If it was a real security reason then ALL smart phones will be banned. Because iphone, Android, Windows phones ALL have a voice cloud processed system availabe in them either stock like Siri or as an app on the other two.
Heck, I can do it with google by calling a phone number, so all phones have this security leak.
Do not look at laser with remaining good eye.
Your girlfriend tells me everything the two of you discuss.
The real reason Siri is banned is because Watson couldn't concentrate with her in the room [citation needed]
Sorry, what? When I write an email or text on my Android the entire text gets sent to Google? Even if I decide not to send it? The issue is that, when using Siri, the full recording is sent back to Apple's servers where they perform processing. This could allow them to do spy stuff with what people falsely assumed was privat einformation, since a lot of people don't realise that anything you tell Siri you also tell Apple HQ.
Now, are Apple doing evil with what Siri sends them? Probably not. but when you're the CIO of a billion dollar tech company you probably don't want to base your company's technological future on "it's probably fine".
Be smart, help people!
Whenever someone tries to show me how cool their Siri (or other similar Android app) voice recognition search is, I grab the phone and say, "Siri, how do you build a dirty bomb?" Then I explain that not only are all your Google searches logged, but so are your Siri queries because they have to go to the "cloud" to be processed. :)
"I have never let my schooling interfere with my education." - Mark Twain
I used to work for IBM and I recall that they used to disallow Skype. They had the particularly lame reason that "because Skype is not open-source, it is against our business strategy" or some such nonsense. [Yet they had no problem with Windows!].
The
Have gnu, will travel.
Do they also ban use of Gmail, etc., then?
Until this, few phones sent your audio to a third party. The telco had to have the audio stream, but they don't store it. Telcos are regulated in this area. Even for wiretaps, US telcos don't store audio; they forward it in real time to law enforcement or security agencies.
Then Apple comes along. It starts storing all your audio and recognizing as much of it as possible, escaping liability through a vague EULA. That has to be a concern. How do you know when it's listening? And will you know when Apple changes the rules to something like "we collect all your voice input to improve the quality of voice recognition"?
But... Google's not evil. They said so!
This would be the same IBM that banned *all* cameras from its Greenock site - not even allowed to be left in your car while you're at work. The ban also included forward-looking CCTV and reversing cameras in lorries, like the dozens of lorries that came to site every day.
Then they bought all the managers smartphones, with cameras.
This is factually incorrect.
IBM enforces a profile on iOS devices that requires an 8-character password with a 15 minute lock timeout, along with the Lotus Traveller package for push email, calendar and contacts.
Siri is not permitted unless the phone is unlocked, and is therefore unavailable from the lock screen.
It's THAT simple. Really.
Remember back in the 90's when Furby first came out, the Federal Government banned Furbies from entering the building to protect state secrets?
Via Wiki: "There was a common misconception that they repeated words that were said around them. This belief most likely stemmed from the fact that it is possible to have the Furby say certain pre-programmed words or phrases more often by petting it whenever it said these words. As a result of this myth, several intelligence agencies banned them from their offices."
For sending internal messages? I would hope so! If my company has it's own internal, monitored, secured, approved, etc.. email set up, and I go and start doing all my work correspondance from a gmail account, I would assume that they would take issue with that. Likewise, if I started using Siri to dictate emails which were then sent over that corporate network.
not gmail based account but
if I have a corporate email (active sync) on my droid or iPhone do either vendor scan that information? anyone know if the vendor policy specifically states that they do/do not. Not that they can't, of course they can.
almost missing my BB...
Not only that, but it provides different answers based on the sound
of your voice, e.g. ask it something in an authoritative manner and it will
lie (Apple is nobody's b***h). Try it!
They wrote Watson...
Siri: Virginia Tometty
then who the fuck is Jeanette Horan?
Siri: Ask the OP.
Aren't all text queries to, for example, Google, stored for all time on Google servers? Further to the point, isn't all "private" Gmail stored for all time on Google servers, just waiting for a casual switch to shunt them to FBI analysis rooms for a quick laugh? In fact, who is to say that all traffic over the net isn't at least abstracted and kept for all time? Maybe this is why NSA requires a declassification of any machine "touching" the Internet in any matter?
While you are at it, you will want to go ahead and ban all computers and laptops that have a webcam and or sound card. Those evil webcams and sound cards "may" be used to record confidential company information.
Luckily we can use Google, as with google search, nothing is ever sent to a remote data center owned by someone else and stored on spinning disk, all search happen locally on the computer or phone one does the search from, google just downloads all the web to the phone up front so that it can search on the local device, that way, they don't have to run any severs to back-end the expensive searching operation.
I really hope you are trolling, I also used to work there. They have a very legitimate reason to disallow Skype... it is a P2P application with supernodes, and it has already been shown that if you have a supernode, you could sniff some information about the calls. Therefore, your competitors could be running supernodes and sniffing information. Now that Skype is owned by Microsoft, their concerns are really valid..
He is the Path, the Truth and the Life
So they are worry about Siri, so I would venturer they have done the same for Bing, Google searches and anything else that people do on a daily basis. Does this yahoo think that if an employees ask for where is the closest McD that it will allow Apple to pick up on new things IBM is developing. I see paranoia but I am sure other paranoia endured individuals will see it as been just and the right course.
Especially when you're dealing with human beings.
Suppose there's some hiccup in Siri's speech analysis. As a developer, I will probably try to reproduce the problem. So if I get the audio from the customer that causes the problem and the audio happens to be, "IBM Announces Breakthrough in Quantum Computing" or something like that. Presto! There's the leak right there! Even if the information is "anonymized," such that you can't tell who it came from, the content makes it very clear.
Also, consider this bit of the EULA:
Imagine what happens when, someday, Apple creates APIs so that third-party developers can get this information?
agreed! hehehe.. i mean really everything now a days is being Cashed somewhere. like you said, check out Google and google Cashed pages... Even Bing.com has a better Casheing system than Google to where you can find more older things.
If corporate security is important, then banning Google and Bing is certainly merited. Only the sloppiest of security admins would justify a security policy on the grounds of "Oh but Google and Microsoft people won't look".
The fact that 99% of the world thinks that the cloud is safe doesn't make it so. Might as well believe in fairies.
This is just a stunt. This is the second article from IBM CIO I read today with him trying to scare people of allowing Apple devices in the workplace. Fear mongering, that's all it is.
Sorry, what? When I write an email or text on my Android the entire text gets sent to Google? Even if I decide not to send it?
Unless you disabled automated draft saving... yea.
well only one person is typing at the keyboard, but there's a pretty good chance Siri might overhear the people next to you speaking
More likely they just don't trust Nuance, which is the provider of the actual Speech Recognition in SIRI. Google lawsuit and Nuance and/or Scansoft for more details
The real reason is probably that in the past, if it realised that you were on a fast connection, it would turn into a supernode and use gigantic quantities of bandwidth.
Sorry, what? When I write an email or text on my Android the entire text gets sent to Google? Even if I decide not to send it?
That would depend on what your settings were for your gmail account. By default, iCloud email settings have drafts stored on the IMAP server but you can set the drafts folder to reside on your iPhone but then you defeat the purpose of IMAP which is to use your client as a cache for what is on the server. If you use the Google voice recognition features to dictate an email or text on your Android device then, yes, the entire text will be stored on Google servers regardless of whether you decide to send it.
The issue is that, when using Siri, the full recording is sent back to Apple's servers where they perform processing. This could allow them to do spy stuff with what people falsely assumed was privat einformation, since a lot of people don't realise that anything you tell Siri you also tell Apple HQ.
Now, are Apple doing evil with what Siri sends them? Probably not. but when you're the CIO of a billion dollar tech company you probably don't want to base your company's technological future on "it's probably fine".
Voice dictation software on Android does the same thing. It will have to store that text on their servers for a period of time regardless of whether you send the message or whether or not you have configured your IMAP or exchange account to store drafts on the server.
Don't forget that Google is an advertising company and they have openly admitted to scanning gmail for keywords for targeted ads.
Jesus was a compassionate social conservative who called individuals to sin no more.
Ok, replying to myself because I shot my mouth off without reading TFA....
For one, Siri can be used to write e-mails or text messages. So, in theory, Apple could be storing confidential IBM messages.
So it's stuff like this, that wouldn't be sent through Google or Bing, that she is concerned about. That actually makes a teensy, tiny grain of sense for a change...
But you could have done the same with Android speech input or the Nuance Dragon iPhone app.
Make sure everyone's vote counts: Verified Voting
For clients demanding confidentiality, I have a public key on my website that I tell them to install and we exchange encrypted messages. I'm pretty sure GMail can't do much with those messages. But IBM uses Lotus Domino and they frown (big time) upon the use of unauthorized software. I would not want to be caught using Gmail by my boss if I were still working for IBM.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Actually, it's probably because IBM may be doing stuff like this themselves and so are aware of this happening, that they have this warning out. Philips sesearch employees are banned from using IBM's patent search applications for a good reason...
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
But IBM uses Lotus Domino and they frown (big time) upon the use of unauthorized software. I would not want to be caught using Gmail by my boss if I were still working for IBM.
Heh. My workplace uses Lotus Domino, and it's the main reason I use gmail at work.
Cogito, ergo sig.
I dont think the GP was thinking of Gmail.
If you're using a non-gmail email client on your phone then no, Google wont receive any part of the message, even if you send it.
unless i'm mistaken...anyone know what gets backed up to Google if you enable automatic remote backup?
This seemed like a reasonable sig at the time.
Swype voice to text does the same.. how is this different?
I have heard that Siri needs potty training
then you heard wrong, works right out of the box. You may want to give it some information, like who your husband or wife is though.
Really, it must be my southern accent then. I've just hear so much of a big deal about this when Google has has voice recon for a long time and before that Motorola.
You could have used PC Revolution, Ottawa's premier provider of Managed Services, IT Support and IT Consulting. http://www.managedservicesottawa.com/managed-it-services-ottawa/it-solutions.html