Privacy, Security and the CIO
By Tony Kontzer
It seems everywhere one looks lately, the focus is on privacy. It's no wonder, considering the proliferation of devices we're increasingly relying on to remain connected to our worlds of Email, text, social media, blog feeds, sports scores -- and yes, even business applications -- at all times.
We've all grown comfortable with living online from pretty much any location, whether it's safe at our desks behind a corporate firewall, somewhat safe at home behind an encrypted wireless router, or completely exposed while browsing on the corner coffee house's public Wi-Fi network.
Amazon seems to have understood this with its design of the Silk browser embedded in the Kindle Fire tablet that goes on sale in mid-November. But Silk's apparent privacy and security advantages were not immediately apparent, and privacy advocates, including those inside congress, balked upon learning that Amazon planned to intercept Web pages and route them through its own cloud environment to optimize them for the Fire. The fear, naturally, was that Amazon would be logging consumers' browsing behavior.
But after discussions with representatives of Amazon, privacy watchdog the Electronic Frontier Foundation says it's satisfied that Silk isn't quite the privacy hole it was first thought to be. EFF is convinced that
- Amazon won't be storing any encrypted or personally identifiable data, and
- Silk's encrypted connection to Amazon's servers means that users will be safe from prying eyes trying to view their browsing behaviors while connecting via unsecured Wi-Fi networks.
Meanwhile, Google took steps recently to beef up consumer privacy protection, announcing via blog post that it would begin encrypting search queries entered by users who are logged in to their Google accounts. Not surprisingly, the move was met with an outcry from search engine marketers, but as Keith Dawson, senior editor of marketing executive blog The CMO Site, cautioned earlier this month, marketers had best get used to the new reality, because, as Dawson wrote, "the ability to know what users searched for was nice while it lasted, but its days are numbered."
While Amazon and Google have been taking steps to shore up consumer privacy, Apple keeps finding ways to expose it. After facing criticism for default GPS settings that resulted in iPhone 4 users having their locations tracked and stored, it's again under the gun for an issue that's arisen with the just-released iPhone 4S: the default settings for Siri, the voice-recognition-powered digital assistant that's garnered such effusive praise, cause it to continue working even when the phone is locked, meaning that anyone can direct Siri to send Emails or texts from an iPhone 4S, even if they don't have the passcode required to unlock the phone. Not exactly as glaring an issue as tracking user locations, but certainly one that a company as design-conscious as Apple should have gotten right.
None of this is to suggest that CIOs should abandon their iPhone strategy and instead start buying employees Kindle Fires and setting up Google as their (secure) default search page. What's important to understand is that these kinds of privacy and security issues are no longer just about the consumer. These are the devices and services your employees are using to do their jobs. In other words, they're your privacy and security concerns now, too.