There are other devices which listen all the time. E.g. Moto-X. I’m also wondering about the Apple Watch.
I also am looking at environments where you have personal or BYOD devices in the room with sensitive information.
The more variants I come up with, (trying to consider all the devices) with options, like MDM controls, battery removal, sound isolating box/bag, the more I
shake my head and say – too complex, too variable, or – too many rules for users.
The best prevention of eavesdropping is to take these things out of the room when the information sensitivity warrants it. All of the members of this list
are aware of Need to Know. I believe we can teach users to consider those mobile devices in that light.
Lee
From: fed-talk-bounces+neely1=email@hidden [mailto:fed-talk-bounces+neely1=email@hidden]
On Behalf Of Marcus, Allan B
Sent: Friday, September 19, 2014 8:02 AM
To: Edgell, Joe; Apple Fed-Talk
Subject: Re: [Fed-Talk] "hey siri", how can I turn you off?
I completely agree with you! Now, if only we can get Apple to agree. They are the once that have coupled the control of Hey Siri on a locked device with home
button activation. That is why I would very much like to see an “Allow Hey Siri” restriction (whcih we can then turn off), thus letting the user use Siri via home button when the device is locked.
I don’t think any organization that deals with sensitive information should tolerate a live microphone in the room. I think it’s reasonable to want control over
that feature.
Los Alamos National Laboratory
If you always do what you always did, you will always get what you always got. [Albert Einstein]
From:
<Edgell>, Joe <email@hidden>
Date: Friday, September 19, 2014 at 6:43 AM
To: Apple Fed-Talk <email@hidden>
Subject: Re: [Fed-Talk] "hey siri", how can I turn you off?
> Disabling Siri completely also does the trick, but that's very heavy handed.
It is. Plus it disables a fairly useful feature. I find Siri to be pretty useful.
I think disabling "Hey Siri" would be fine, but disabling Siri by using the home button/earbud button is also a bit heavy-handed and eliminates
good functionality, while not enhancing security that much. Given that you can specify what Siri has access to, if memory serves, the risk is that someone who gets the phone improperly would be able to make phone calls, send text messages, or ask certain
other questions that would not reveal confidential information.
Button-activated Siri access from the home screen allows a person to get directions while driving. This is a significant safety enhancement
that could eliminate accidents of federal employees while driving. I commute by bike, when I hear a text message alert, I ask Siri to read me a message. While that is a theoretical security risk, we should ask ourselves if it's an ACTUAL threat. Having
that functionality allows me to respond while commuting without pulling over and unlocking the device.
Additionally, for disabled users, Siri voice access can be essential. Care should be made to ensure that any adopted policy does not
violate the Americans with Disabilities Act and any federal implementing regulations. We need to ensure that differently-abled employees can do their jobs.
Anyhow, I know some on this list have a zero-tollerance perspective when it comes to anything that might be theoretically a security risk.
But I suggest an actual balancing of the risk of harm with the benefit of the technology would create better policies.
|