Big Brother is Tracking You
While much of the media and
blogosphere were reacting to last week’s revelations that iPhones and iPads
were tracking (and keeping data on) users’ movements,
business observers were taking a possibly more sinister view. Breeches of corporate
confidentiality, albeit solvable, were seen as potentially more serious than
consumer concerns about privacy.
Some reports also claimed that the real story
is simply that no one paid much attention until now to either the personal
or business implications. This is not absolutely true. In addition to Apple’s
assertion of its intentions in its terms and conditions, news of the tracking
was publicized in a book published in December 2010, according to InformationWeek.
Apple also provided written details to a House committee about its location-based
services back in July 2010. PCMag explained that it started collecting data
in 2008 in response to consumer demand, but accessed it from Google and Skyhook
Wireless earlier still.
InformationWeek believes questions from regulators in
the U.S. and elsewhere could be deemed political opportunism but goes on to
say that the system still merits further examination. Explaining that for companies
issuing iPhones and iPads to employees, or permitting them to use their own
devices for business purposes, lack of security is a particularly critical
issue. While this may present opportunities for increased productivity at minimal
cost, it does carry risks.
Alasdair Allan and Pete Warden, the security experts
who started the current debate, alerted people to the fact that location data
is readily available. PCMag reports their initial blogpost observing, "The
file is unencrypted and unprotected, and it’s on any machine you’ve synched
with your iOS device. It can also be easily accessed on the device itself if
it falls into the wrong hands."
Of equal or more concern is employees’ access
to business email via portable devices backed up at home. Quoting lawyer Alexander
H. Southwell, InformationWeek points out potential conflicts between convenience
and risk mean making clear "there’s
no expectation of privacy." Miriam Wugmeister, chair of the global privacy
practice at law firm Morrison & Foerster, agreed but stressed that while
understanding of what is and is not permissible is needed, there are also technological
means of separating business and personal data.
Following global coverage of
its alleged awareness of users’ locations, Apple eventually added a response
to a Frequently Asked Question on its website. Apple claimed that people were "confused" and
didn’t understand the data was totally anonymous and crowdsourced. The company
is not tracking users but the locations of hotspots and cell phone towers.
[Author’s
commentary] From an employee perspective, there needs to be mutual trust. After
all, do you really, really want the boss to know where you are 24/7? And are
you really, really sure none of your colleagues can access the unsecured data?
And finally, are you really, really sure no one who knows your movements will
share them with someone you would prefer remained in the dark?
Rick Moss, RetailWire’s president, particularly likes the example of an executive found to be repeatedly
checking into a hotel near a competitor. This could, apparently, raise questions
about industrial espionage, a potential takeover bid or even illicit relationships
between competitors/colleagues.
- iPhone tracks users’ movements – BBC
- iPhone Tracking Only Tip Of Security Iceberg – InformationWeek
- Apple’s iPhone Tracking: What You Need to Know – PCMag
- iPhone
and iPad can track a user’s location history – Los Angeles
Times - Wi-fi security flaws for smartphones puts your credit cards at risk – The
Guardian - Apple’s privacy headache – CNET
Discussion Questions
Discussion Questions: Does your company have policies guarding corporate data being used on employees’ personal devices and home computers? How would you suggest that mutual trust be established between employers and employees to prevent corporate data being misused?
Maybe I’m naive, but an experienced hacker, with all the crazy technology out there today, can make any business lose sleep over security issues. Look at all the credit card fraud–which I have been a victim of–that is going on today. I respect what my employees do on their own, and so far have had no issues from them. Weird stuff, but I try to be careful.
The benefits of mobile devices have become so integral to our daily routines that we tend to turn a blind eye to the possibilities for injury. Much as we get in the car every day thinking “that fatal accident won’t happen to me”–or walk down the street from the restaurant to the parking garage thinking “that mugging won’t happen to me”–we turn on our smart phones every day and think “that identity theft thing won’t happen to me.” Or “my company wouldn’t do that tracking thing,” or “why would my IT guy care where I am tonight?” And we certainly don’t go to bed thinking “I wonder if my competitor is hacking my company data right now from that Droid on my night stand?”
But it is happening every day. Unfortunately, the utility (convenience, accessibility) of mobile devices is already firmly engrained in our ways of working. There is most likely no turning back. Our best hope is that the historical trend of commercializing technologies developed for government or military use will make its way to digital communication soon. Maybe that can provide us with the cyber tools necessary to truly protect our digital lives.
In the early 80s at Fleming Foods in Philadelphia, we felt a need to be able to track our delivery trucks and monitor their speed, length of extended stops, miles between extended stops, and direction. This was triggered when the supervisors fanned out in their company cars during the day and found many of our union truckers gathered at popular rendezvous smokin’ and jokin’ when they should have been making deliveries to our stores. So, we installed hub devices on all the tractors (that’s the thingy up front where the driver and engine are in a tractor-trailer rig) that would record the information we needed to lodge a union complaint. And guess what the union reps called us: Yes, that’s right, “Big Brother.” (As an interesting aside, this took place in ’81, raising spectres of Orwell’s “1984,” a title chosen by the author in 1948 by just switching the numbers around.)
Corporations finding ways to monitor the company-related behavior of employees is not a new idea. The stakes are just too high and, in the big picture, relationships between individual employees and their employers are fleeting. Workers come and go, but the company must protect itself and endure. Here in cash-strapped CA, a recent persistent theme is employee abuse of government perks. From the felonious city council members of Bell, CA, to legislators fraudulently claiming $thousands in per diems for days when they weren’t conducting government business. Scandal after scandal discovered during budget-balancing efforts.
Our famous governor and later president, Ronald Reagan, was famous for his advice to “trust but confirm.” I think that applies to corporations monitoring the use of company data by employees.
Although this concern is definitely nothing new, it does amaze me how much access a typical employee has to the confidential information of their employer. As I tour stores, I always ask a random employee “how is business?” and more often than not they start spilling their guts about things I didn’t even ask. I have had more than one employee tell me sales figures, employee statistics, etc.
Here at IBM, I have access to an almost infinite array of data that, yes, IBM entrusts me to protect its confidentiality. I can only imagine the examples of breech of that trust that employees in similar companies must endure. For example, when an employee is moving to another employer, especially a competitor, tell me many of those employees don’t take confidential information with them to the competitor.
I don’t know how to prevent this, other than creating and maintaining a corporate culture of team building and mutual trust.
I agree with Ralph’s comments. Mutual trust built by the corporate culture has to be ingrained throughout the organization. It will not prevent things from happening but it will limit it to the “bad guys.” Once they are found they will be weeded out. But the answer to the problem? Beats me. I do not see any easy remedy without destroying trust and confidence with key employees. That means the cure is worse than the problem.