Slashdot Mirror
Worried About Information Leaks, IBM Bans Siri
squiggleslash writes "CNN reports that IBM CEO Jeanette Horan has banned Siri, the iPhone voice recognition system. Why? According to Horan '(IBM) worries that the spoken queries might be stored somewhere.' Siri's backend is a set of Apple-owned servers in North Carolina, and all spoken queries are sent to those servers to be converted to text, parsed, and interpreted. While Siri wouldn't work unless that processing was done, the centralization and cloud based nature of Siri makes it an obvious security hole."
Jeanette Horan is the CIO, not the CEO.
Water is also wet. Must be a slow news day.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
I guess they're about to ban Google and Bing too?
By this logic google, bing, etc would be security holes.
And given that IBM is marketing Watson which is basically a super computer version of Siri... how does any of this make any sense?
I honestly don't understand the worry here.
When I looked at this, I thought the initial worry might be that the phone was listening all the time and could be parsing real time conversations through the apple servers all the time. That is TECHNICALLY possible. My understanding of siri is that it only listens when you cue it.
I'm just tying to piece together what situation or insight lead IBM to have this worry? Possibly someone pocket dialed Siri, a sensitive conversation fed into siri, and siri responded to the conversation in context from someone's pocket? That would be spooky. But I don't really see it as a security hole especially since it's hard to pocket dial iphones. The slider tends to make that rare.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Finally someone recognizes that the "cloud" is a danger to security. It's understandable that IBM would not want Apple being aware of what their employees are working on.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
I hope she doesn't find out what her employees use Google for!
Mod me down, my New Earth Global Warmingist friends!
Hmmm, guess their iPhone users can't browse the internet since the only browser integrates google (and google stores every search). Wonder if they alo vet every app, block dns requests, and encrypt all phone traffic. :)
Sometimes well meaning corporate policies do really dumb things.
Post-Ban of Siri
IBM Employee: "Siri?"
Siri:"Yes?"
IBM Employee: "Remind me to file for the patent on the [insert technology here], tomorrow."
Siri: "I'm sorry, Dave. I'm afraid I can't do that."
Wait, there are people who actually use Siri for a serious business-related use? They don't just ask it dumb questions in attempt to get silly answers?
"Siri, will you marry me?"
"Siri, where can I hide a dead body?"
"Siri, ***k you!"
"Siri, what is your favorite color?"
That's the only use for Siri that I've been able to (and many of my friends for that matter) find.
Because, somehow, the fact that it was spoken and not typed makes it less secure...
Free Pie! The Pie is Also Evil!
The iPhone/iPad's regular voice recognition for diction (the mic on the virtual keyboard) isn't Siri but it also uses the cloud. On top of that, many apps and browsers store data in the cloud and not just iOS phones; Android, RIM and others store data on servers in the cloud. Seems like a pointless ban to me.
Suppose you were an idiot. And suppose you were a member of congress. But then I repeat myself. -- Mark Twain
For one, Siri can be used to write e-mails or text messages. So, in theory, Apple could be storing confidential IBM messages.
So it's stuff like this, that wouldn't be sent through Google or Bing, that she is concerned about. That actually makes a teensy, tiny grain of sense for a change...
Free Pie! The Pie is Also Evil!
Or maybe the fact that Apple knows WHO is doing the queries, and also that Siri collects a bunch of other stuff like names from your address book and 'other unspecified user data' makes it MUCH less secure.
I don't understand why Siri has to use the cloud for speech to text. I had a samsung phone 6 years ago that could do this on the device itself with. I understand if the text part (after it's been converted) needs to be sent for analysis but the device certainly has enough processing speed to understand speech without a network...
I'm sure I'm missing something.
When I'm driving is when I really want to use Siri so I don't have to look at my phone and that it when it fails most (I'm not always on 3G areas).
Before everyone chimes in about how you might as well ban Google and Bing too, I think that there is a valid security concern for using Siri when you consider that many people use it for making appointments. Search history is much easier to obfuscate. I can understand if IBM doesn't want Apple to know who it is having "top secret" meetings with.
Even if you're on the right track, you'll get run over if you just sit there. - Will Rogers
Or maybe the fact that Apple knows WHO is doing the queries, and also that Siri collects a bunch of other stuff like names from your address book and 'other unspecified user data' makes it MUCH less secure.
Uh, same with Android. Google knows everything you do.
Jesus was a compassionate social conservative who called individuals to sin no more.
Do the "editors" actually read the submissions before posting, or are they just slashcode administrators that happen to be in charge of the original website running the code?
I asked Siri if she was spying on me for Apple. She said that she's not good with food.
It seems the domain knowledge in Siri is somewhat uneven. According to reports, if you ask Siri for a blow job, it will recommend escorts close to you. However, if you ask Siri to eat your pussy, it will recommend some nearby pet stores...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Google in fact seems to have pretty good voice recognition. I have heard that Siri needs potty training where as Google's dog is trained for what I mostly use it for which is to do a search. Who knows about the security of that either?
Let me guess, you didn't read TFA, and you sure as hell didn't read the interview referred to in TFA. The interview was about the challenges of allowing people to use their own devices for business use. The 'clueless' CIO (not CEO) was talking about ALL of the security challenges that causes, and one of the EXAMPLES she gave was Siri.
IBM invents new things, clearly something Apples never been interested in. Good call.
Sorry, what? When I write an email or text on my Android the entire text gets sent to Google? Even if I decide not to send it? The issue is that, when using Siri, the full recording is sent back to Apple's servers where they perform processing. This could allow them to do spy stuff with what people falsely assumed was privat einformation, since a lot of people don't realise that anything you tell Siri you also tell Apple HQ.
Now, are Apple doing evil with what Siri sends them? Probably not. but when you're the CIO of a billion dollar tech company you probably don't want to base your company's technological future on "it's probably fine".
Be smart, help people!
Whenever someone tries to show me how cool their Siri (or other similar Android app) voice recognition search is, I grab the phone and say, "Siri, how do you build a dirty bomb?" Then I explain that not only are all your Google searches logged, but so are your Siri queries because they have to go to the "cloud" to be processed. :)
"I have never let my schooling interfere with my education." - Mark Twain
I used to work for IBM and I recall that they used to disallow Skype. They had the particularly lame reason that "because Skype is not open-source, it is against our business strategy" or some such nonsense. [Yet they had no problem with Windows!].
The
Have gnu, will travel.
Do they also ban use of Gmail, etc., then?
Until this, few phones sent your audio to a third party. The telco had to have the audio stream, but they don't store it. Telcos are regulated in this area. Even for wiretaps, US telcos don't store audio; they forward it in real time to law enforcement or security agencies.
Then Apple comes along. It starts storing all your audio and recognizing as much of it as possible, escaping liability through a vague EULA. That has to be a concern. How do you know when it's listening? And will you know when Apple changes the rules to something like "we collect all your voice input to improve the quality of voice recognition"?
But... Google's not evil. They said so!
This would be the same IBM that banned *all* cameras from its Greenock site - not even allowed to be left in your car while you're at work. The ban also included forward-looking CCTV and reversing cameras in lorries, like the dozens of lorries that came to site every day.
Then they bought all the managers smartphones, with cameras.
This is factually incorrect.
IBM enforces a profile on iOS devices that requires an 8-character password with a 15 minute lock timeout, along with the Lotus Traveller package for push email, calendar and contacts.
Siri is not permitted unless the phone is unlocked, and is therefore unavailable from the lock screen.
It's THAT simple. Really.
Remember back in the 90's when Furby first came out, the Federal Government banned Furbies from entering the building to protect state secrets?
Via Wiki: "There was a common misconception that they repeated words that were said around them. This belief most likely stemmed from the fact that it is possible to have the Furby say certain pre-programmed words or phrases more often by petting it whenever it said these words. As a result of this myth, several intelligence agencies banned them from their offices."
For sending internal messages? I would hope so! If my company has it's own internal, monitored, secured, approved, etc.. email set up, and I go and start doing all my work correspondance from a gmail account, I would assume that they would take issue with that. Likewise, if I started using Siri to dictate emails which were then sent over that corporate network.
not gmail based account but
if I have a corporate email (active sync) on my droid or iPhone do either vendor scan that information? anyone know if the vendor policy specifically states that they do/do not. Not that they can't, of course they can.
almost missing my BB...
Siri: Virginia Tometty
then who the fuck is Jeanette Horan?
Siri: Ask the OP.
Aren't all text queries to, for example, Google, stored for all time on Google servers? Further to the point, isn't all "private" Gmail stored for all time on Google servers, just waiting for a casual switch to shunt them to FBI analysis rooms for a quick laugh? In fact, who is to say that all traffic over the net isn't at least abstracted and kept for all time? Maybe this is why NSA requires a declassification of any machine "touching" the Internet in any matter?
Mostly, they invent ways to stay embedded on a customer site.
"Flyin' in just a sweet place,
Never been known to fail..."
While you are at it, you will want to go ahead and ban all computers and laptops that have a webcam and or sound card. Those evil webcams and sound cards "may" be used to record confidential company information.
I really hope you are trolling, I also used to work there. They have a very legitimate reason to disallow Skype... it is a P2P application with supernodes, and it has already been shown that if you have a supernode, you could sniff some information about the calls. Therefore, your competitors could be running supernodes and sniffing information. Now that Skype is owned by Microsoft, their concerns are really valid..
He is the Path, the Truth and the Life
Especially when you're dealing with human beings.
Suppose there's some hiccup in Siri's speech analysis. As a developer, I will probably try to reproduce the problem. So if I get the audio from the customer that causes the problem and the audio happens to be, "IBM Announces Breakthrough in Quantum Computing" or something like that. Presto! There's the leak right there! Even if the information is "anonymized," such that you can't tell who it came from, the content makes it very clear.
Also, consider this bit of the EULA:
Imagine what happens when, someday, Apple creates APIs so that third-party developers can get this information?
This is just a stunt. This is the second article from IBM CIO I read today with him trying to scare people of allowing Apple devices in the workplace. Fear mongering, that's all it is.
Sorry, what? When I write an email or text on my Android the entire text gets sent to Google? Even if I decide not to send it?
Unless you disabled automated draft saving... yea.
The real reason is probably that in the past, if it realised that you were on a fast connection, it would turn into a supernode and use gigantic quantities of bandwidth.
Sorry, what? When I write an email or text on my Android the entire text gets sent to Google? Even if I decide not to send it?
That would depend on what your settings were for your gmail account. By default, iCloud email settings have drafts stored on the IMAP server but you can set the drafts folder to reside on your iPhone but then you defeat the purpose of IMAP which is to use your client as a cache for what is on the server. If you use the Google voice recognition features to dictate an email or text on your Android device then, yes, the entire text will be stored on Google servers regardless of whether you decide to send it.
The issue is that, when using Siri, the full recording is sent back to Apple's servers where they perform processing. This could allow them to do spy stuff with what people falsely assumed was privat einformation, since a lot of people don't realise that anything you tell Siri you also tell Apple HQ.
Now, are Apple doing evil with what Siri sends them? Probably not. but when you're the CIO of a billion dollar tech company you probably don't want to base your company's technological future on "it's probably fine".
Voice dictation software on Android does the same thing. It will have to store that text on their servers for a period of time regardless of whether you send the message or whether or not you have configured your IMAP or exchange account to store drafts on the server.
Don't forget that Google is an advertising company and they have openly admitted to scanning gmail for keywords for targeted ads.
Jesus was a compassionate social conservative who called individuals to sin no more.
Ok, replying to myself because I shot my mouth off without reading TFA....
For one, Siri can be used to write e-mails or text messages. So, in theory, Apple could be storing confidential IBM messages.
So it's stuff like this, that wouldn't be sent through Google or Bing, that she is concerned about. That actually makes a teensy, tiny grain of sense for a change...
But you could have done the same with Android speech input or the Nuance Dragon iPhone app.
Make sure everyone's vote counts: Verified Voting
For clients demanding confidentiality, I have a public key on my website that I tell them to install and we exchange encrypted messages. I'm pretty sure GMail can't do much with those messages. But IBM uses Lotus Domino and they frown (big time) upon the use of unauthorized software. I would not want to be caught using Gmail by my boss if I were still working for IBM.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Actually, it's probably because IBM may be doing stuff like this themselves and so are aware of this happening, that they have this warning out. Philips sesearch employees are banned from using IBM's patent search applications for a good reason...
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
But IBM uses Lotus Domino and they frown (big time) upon the use of unauthorized software. I would not want to be caught using Gmail by my boss if I were still working for IBM.
Heh. My workplace uses Lotus Domino, and it's the main reason I use gmail at work.
Cogito, ergo sig.
The fact that 99% of the world thinks that the cloud is safe doesn't make it so.
So do you have a few good references for this claim? Most of the people I know seem to think that "the Cloud" means giving over all your personal data to a faceless, distant corporation. Of course, I don't know anywhere near 99% of the world, or even 1%, and I wouldn't claim that my small population of acquaintances is anywhere near a random sample.
Still, I've occasionally asked friends and strangers something like "Would you copy all your personal data, account numbers, passwords, etc., to a Cloud server?", and the general response can be summarized as "How stupid do you think I am?" ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Heh. I've had fun with a few friends who showed off their Siri's behavior. I'd ask them if they can turn it off. They'd do so, and I'd ask "How do you know that it's actually turned off?" Typically, they'd turn off the phone, and I'd ask "How do you know that it's actually off, and not listening right now? But by then, they'll typically get really mad at me. ;-)
Actually, I have a Android phone in my pocket, and I don't know if I could actually verify that it's not listening and sending sound from my environment (or my location) to some remote database. Yes, I have a terminal emulator installed, and I can run a ps command. But I know that ps typically has options to show or not show various subsets of the running processes. I don't have the source for my phone company's version of ps, so while I can show that certain programs are running, I can't actually prove that any particular program isn't running.
Of course, the phone companies are all open and honest about such things, right? They wouldn't monitor us without telling us, would they? ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
I dont think the GP was thinking of Gmail.
If you're using a non-gmail email client on your phone then no, Google wont receive any part of the message, even if you send it.
unless i'm mistaken...anyone know what gets backed up to Google if you enable automatic remote backup?
This seemed like a reasonable sig at the time.
I have heard that Siri needs potty training
then you heard wrong, works right out of the box. You may want to give it some information, like who your husband or wife is though.
Really, it must be my southern accent then. I've just hear so much of a big deal about this when Google has has voice recon for a long time and before that Motorola.