If privacy and security rank high on your list of priorities, you may want to avoid requesting help from Apple’s Siri voice-controlled virtual assistant. At least, that’s the conclusion that IBM Chief Technology Officer Jeanette Horan has come to, having banned the use of Siri and a number of other commercial products (like Dropbox) by IBM employees.
As Horan explains to Technology Review, Apple’s Siri is a security risk for anyone dealing with confidential information since the voice commands are sent to Apple for translation into text, making it possible to intercept those commands. And since Siri (and Dictation) can be used to write emails and text messages, as well as perform searches, and a wide variety of other tasks, it’s entirely possible that sensitive IBM data is being leaked to outside sources. After learning of Horan’s employee rules, Wired looked into the matter more deeply, and found that the security concerns are entirely justified — and Apple admits as much in its iPhone Software License Agreement (pdf).
“When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and, for Siri, to also process your requests,” writes Apple. “Your device will also send Apple other information, such as your first name and nickname; the names, nicknames, and relationship with you (e.g., ‘my dad’) of your address book contacts; and song names in your collection (collectively, your ‘User Data’). All of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services. By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.” (Emphasis Apple’s)
While nobody should be surprised at this point that we are constantly exposing our personal communications to the companies that provide us with our many digital services and gadgetry, it may be a bit of a shock to learn that Apple’s servers, not your iPhone 4S, are doing the heavy lifting of turning your voice into text. Of course, it’s unlikely that anyone at Apple is actively monitoring your Siri requests — but that doesn’t mean such a thing is impossible.
So, should you stop using Siri to protect your private data? Well, yes, you should — if privacy is a significant concern, then sending private information to unknown locations, which could in turn be viewed by unknown parties, is entirely unacceptable. If you are, however, not protecting any vital company secrets or other extremely sensitive data, then you probably have no reason to ignore Siri, especially if you have not implemented an airtight security protocol across all your digital communications. That is to say, if you stop using Siri, but still use Gmail for all your email needs, then you’re still as vulnerable as ever.
Update: We should point out that the American Civil Liberties Union recently warned against Siri’s over-sharing ways, and suggest that concerned users turn Siri off. To do so simply go to: Settings > General > Siri, and slide the option to “off.”