Siri can be an invaluable assistant to some iPhone users, allowing for quick web searches and setting up reminders, among other stuff. But with the rise of “bring your own device” (BYOD) policies in businesses, some are also starting to see it as a potential threat, worried that Apple’s voice assistant might have loose lips. That’s the case with IBM which has banned the use of Siri in the workplace.
Jeanette Horan, IBM's chief information officer, said the decision was made because the company is concerned that the spoken data could be stored somewhere on Apple's servers. The company’s worries are not entirely unfounded. In fact, Apple’s iPhone Software License Agreement states:
"By using Siri or Dictation, you agree and consent to Apple's and its subsidiaries' and agents' transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services."
Apple doesn’t say for how long data is stored or who is able to access it, but Horan admits IBM prefers to be “extraordinarily conservative" when it comes to security, adding: "It's the nature of our business."
A lot of the data Siri collects might be inconsequential, but for corporate users, certain disclosures — even if spoken only to a virtual assistant — could constitute violations of a non-disclosure agreement. Edward Wrenbeck, the lead developer of the original Siri iPhone app before Apple acquired it, agrees with this but also points out: “People are already doing things on these mobile devices. Maybe Siri makes their life a little bit easier, but it’s not exactly opening up a new avenue that wasn’t there before.”
Public file-transfer programs like Apple's iCloud are also banned. It should be noted, however, that IBM's conservative policies with respect to applications and serves are not limited to Apple. The company blocks third party services like Dropbox and equips phones with additional software to encrypt information as it travels to and from corporate networks or wipe data in case devices are lost or stolen.