I have a friend who works for CSX, one of the nation’s largest rail and transport companies. Like a lot of companies today, CSX won’t provide most of their employees with company cell phones, but it still expects workers to have access to their work email at all times; in the spirit of “BYOB” (bring your own booze), this cost-effective trend is called “bring your own device” (BYOD).
You might be saying, “What’s wrong with that? We’ve had our work email on our cell phones for years.” Well, in their zeal to keep employees tethered to the job around the clock without incurring the cost of providing them with a company cell phone, CSX, like many companies, want their employees to add a mobile device management (MDM) platform to their personal devices that violates their right to privacy….all for the sake of protecting their corporate data.
Yes, CSX is considering having their employees sign on to an Orwellian corporate mobility policy that gives their IT department explicit consent to potentially install apps, monitor usage, track, wipe data, oh…and collect personal information from their phones or tablets.
So…that Tinder app…those embarrassing Pinterest or Facebook pictures you posted when you were drunk? Guess what CSX’s (or your company’s) HR department may be perusing when they’re bored?
Having access to your personal information could be helpful when a mass layoff is necessary. Was your inclusion in the culled herd really nothing personal, or did an offensive app on your phone do you in? You’ll never know.
Your phone, your data? Not necessarily
Privacy is only one consideration when it comes to BYOD; there’s always the potential for data wipes. A man in Texas is currently suing his former employer for doing just that. Saman Rajaee had registered his iPhone with his employer’s Microsoft Exchange server.
A few days after giving two weeks’ notice, the company, Design Tech, wiped out all of the business and personal data on his phone…without warning, he lost more than 600 business and personal contacts, family photos, business records, and passwords. How’s that for a sendoff?
The U.S. District Court for the Southern District of Texas dismissed the federal charges brought by Rajaee, saying that Design Tech had not violated the Electronic Communications Privacy Act (ECPA) and Computer Fraud and Abuse Act (CFAA) when they nuked all of the data on his phone. The state charges of misappropriation of confidential information, violation of the Texas Theft Liability Act, negligence, and conversion, are still pending.
MDM software development companies like MobileIron are holding this case up as a warning to companies that they better CYA on the BYOD by getting their employees to sign ironclad BYOD consent forms….oh, and to promote the fact that their software helps companies delete only business data on employee devices.
Employee apathy vs. convenience
Why do so many of us willingly embrace BYOD programs, despite the risks involved, especially when it’s common knowledge that most MDM platforms can access personal information from a user’s device? Is convenience that important?
According to a 2013 Harris Interactive survey, only 15 percent of those surveyed were concerned about privacy issues, although, four out of five respondents were concerned that MDM software would be used to track them.
We’ve been so systematically conditioned to having our privacy violated routinely, Snowden be damned, that we don’t even blink when CSX and other companies disregard our most precious right in order to protect their data.
Look at the permissions that most mobile apps request now. They want access to your microphone, your camera, your Bluetooth connection information, your device & app history, your location, SMS, photos/media/files, and your Wi-Fi connection…even when the app in question has no need for any of these functions.
Many of us just blindly accept these terms, because we have to have Instagram, Snapchat, or Tinder on our phones or tablets. Don’t even get me started on the privacy sins of Google+ and Facebook.
How many well-publicized, massive security breaches will it take before we realize that granting intrusive (and often unnecessary) permissions without giving it a second thought may not be such a good idea? Are we ever going to wake up and draw a line in the sand? We better.
It’s bad enough to make your phone or tablet vulnerable to some criminal app developer or offshore hacker, but when your privacy is violated by your employer, the pee isn’t coming out of that swimming pool, so BYOD at your own risk.