Is Siri a Spy?

In a recent article in the MIT Technology Review IBM’s Chief Information Officer Jeanette Horan discussed the implications of a 2010 policy that allowed employees to access the IBM network from devices of their own choosing.  Prior to allowing the device, IBM reconfigures it to, for example, disable third party cloud storage sites like Dropbox and iCloud and enable IBM’s internally hosted MyMobileHub.

They also completely disable Siri on the belief that it might, quite literally, be giving Apple thousands of ears inside  IBM.

Could Siri actually be a cyber Mata Hari?

It is a question with three answers: (1) what Siri is technically capable of doing, (2) what Siri is allowed to do under its license agreement, and (3) what Siri as a practical matter can do.  But underlying all of it is a frequently ignored reality of cloud computing:  Your data is their data.

So when you are using Siri you may think that you are talking to your phone and your phone is talking back to you.  In reality you phone is being…a phone.  You are talking to Apple’s massive data center and the data center is doing all the work and talking and texting back to you along with possibly a link to some data.  From the Siri license Agreement:

When you use Siri or Dictation , what you say will be recorded and sent to Apple to convert what you say into text and, for Siri, to process your requests.

You might have been confused to think that Siri was running on the phone itself because it uses data that you think is on your phone, like the names in your address book and the songs in your iTunes account.  The reality, as evidenced from the license agreement, is different:

Your device will also send Apple other information, such as your first name and nickname, the names, nicknames, and relationship with you (e.g. ‘my dad”) of your address book contacts, and song names in your collection (collectively your “User Data”)


If you have Location Services turned on, the location of your iOS device at the time you make a request to Siri may also be sent to Apple to help Siri improve the accuracy of its response to your location-based information.

So Apple also wants to record and remember where you are when you make certain kinds of requests.  It also tends to encourage you to let it know where various locations such as ‘work’ and ‘home’ and ‘school’ and ‘church’ are.  All of which gets saved on those disk arrays.

So Siri is sending a lot of you to Apple’s servers.  What can Apple do with it?  The following is from the User license.  The bold text is Apple’s; the underline is mine:

It is not linked to other data that Apple may have from your use of other Apple services. By using Siri or Dictation you agree and consent to Apple’s and it subsidiaries and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.

The term is not in the paragraph is not quite quite as strong as saying that it ‘will not be’ or ‘cannot be’ linked.  The terms and improve…other Apple products and services also has a lot of wiggle room since improving might mean making them more profitable and other services might mean the service of selling aggregated personal information or the service of Apple being able to research individuals.

But is there really a difference between using Siri and just using your phone?  When you send a text message it goes directly through the phone company and is stored on your phone.  When you say ‘Siri, send a message to my Orthopedist saying I need an appointment to adjust my Oxycontin prescription”, guess what just went to a company not a required by HIPPA to keep medical information private?

So is IBM being paranoid about Siri being a Spy?  Should you be worried that when you ask Siri ‘What is the Ultimate Answer to Life, the Universe and Everything‘ that some database is being set somewhere that pegs you as a Hitchhiker’s Guide to the Galaxy nerd?  The data is certainly being sent.  The user agreement would appear to permit them to store, analyze, and use the data in a broadly defined set of ways.  But would they bother?

I tend to be guided by what I call capitalistic paranoia.  In other words, if it is profitable for them to do it then they eventually will if they aren’t already.  The main thing keeping you anonymous on the cloud is that you just aren’t valuable enough to them to be worth the trouble.  But maybe for people with an … e-mail address the equation is different than it is for you or me.

Note: If you decide to keep Siri you still should absolutely make this change.

Permanent link to this article:

Leave a Reply

Your email address will not be published.