Remote-Wiping The Work-Play Distinction
Partially, this article from the Wall Street Journal is about smartphones:
In early October, Michael Irvin stood up to leave a New York City restaurant when he glanced at his iPhone and noticed it was powering off. When he turned it back on again, all of his information—email programs, contacts, family photos, apps and music he had downloaded—had vanished.
The phone looked “like it came straight from the factory,” said Mr. Irvin, an independent health-care consultant.
It wasn’t a malfunction. The device had been wiped clean by AlphaCare of New York, the client he had been working for full-time since April. Mr. Irvin received an email from his AlphaCare address that day confirming the phone had been remotely erased.
More and more employers are moving in the direction of expecting or allowing their employees to use their personal devices for work. It has been the death knell to Blackberry as it turns out, when given a choice, most employees would rather have a really awesome toy than a boring old productivity device.
A couple years ago I had a job doing contract work from home, and it was truly weird having very sensitive customer information on my hard drive at home. Security precautions were in place that might have prevented me from abusing it, but like an employee who works at headquarters there was really only so much that they could do. When that well dried up, though, there the information still was on my computer until I deleted it (which I quickly did).
I can understand why employers would freak out about this. On the other hand, there is some degree of risk that they incur when they allow people to have company information on their personal devices. It doesn’t strike me as particularly reasonable that they should be able to mitigate these risks by any means necessary. While remote wiping falls short of “any means necessary” it is a genuinely drastic step. If you’re that worried about a disgruntled employee using customer data, then to some extent you have to either force employees to use company-issued phones or more reasonably make it very clear what you are reserving the right to do and if employees aren’t cool with that (I wouldn’t be) then you need to issue them phones.
In some ways, I cringe at the thought. For fear, if nothing else, that employers would dictate that you are not allowed to bring your personal phone into work. After all, you can just forward your calls to your work phone, can’t you? Well you can, but chances are pretty good – if you’re the kind of person that spent a whole lot of money on their smartphone – you don’t want to. So where then would that leave you? Probably signing the damn thing anyway and backing everything up.
I say this is “partially” about smartphones because as much as anything it’s about the blurred distinction between work and play. We increasingly fail to leave work at home when we leave the office, and we increasingly bring “play” into the office with us. I got my first Pocket PC in large part to take to work. I had a job that had some periods of great monotony and it was nice to be able to listen to stuff while I worked. Pocket PC’s gave me more stuff to listen to than my Discman. And it doesn’t take a detective to realize that as we’re working more at home, we’re checking Facebook more at work. The same smartphones that they wipe prevent them from using the filters they had previously been using to prevent us from doing that.
Back when I was a working man, the inability to check my personal email at work was extremely aggravating. I remember when a company I was working for started blocking it, I started working less. By checking my email, by knowing that there was nothing going on at home that required my attention, I was able to stay longer. By being able to take a break and leaving a comment on my blog, I was able to stick around for longer. The more informal I could keep things, the more I was able to be flexible. (This was true in a general sense. If I didn’t have to punch a timecard, I would be at the office for longer than I would record, because I knew I wasn’t working the whole time. If I had a timecard, I’d be more likely to leave right at 5 even if I could wait ten minutes and get the results back from a test I was running.)
In an ideal work environment, there is enough bilateral trust here that we can blur these lines. I can use my phone for my job. I can stay a bit longer and bide my time on personal stuff waiting for the results of that last test to come in. Or I could check it from home without my insisting on adding that to my timesheet. Ideally, we could all be salary and just take care of business. Instead, though, employers have to worry about employees milking the clock. Employees have to worry about being on salary as a ticket to working 50+ hours a week on a regular basis. And now they have to worry about damage to their personal property. The lines have to become unblurred, the law has to step in, employees leave earlier than they otherwise might or become more focused on the clock, web filters are installed, and everyone ends up mad.
I’ve worked for my current company for a number of years and had a company blackberry and android. Many employees I deal with have them. If you’re of a certain pay/title level, you get hired, get a company laptop and a cell phone. It’s company property and your use of it is monitored/can be monitored.
All the folks that I know that are in this situation also have a personal cell phone and they carry both with them. No one wants the company to know their personal business, nor do they want to get into a situation where they violate some company/gov’t restriction by doing something business on a personal phone and having it confiscated. When you enter our facility, if you’re not a corporate/company employee, you surrender your cell phone, if it has a camera in it, and that’s about 99% of the phones. You get it back when you leave.Report
I largely agree. Cloud computing might solve some of this problem because it can allow access without storage.
Companies should also just accept that employees are going to be doing some non-work browsing and stuff during the work day but there seems to be more of very strong psychological resistance against this fact.Report
I’m sure folks use there company computers to log into amazon.com and other places if they choose to. The company doesn’t reall get all hard over on that. You must use a company computer to do you work however and all company electronic devices are subject to monitoring. Most folks just opt for a personal phone as it’s easier.
I think I was different. I had a company phone and used it mainly for personal use. When I left that company, it was easier to just buy my company phone back frrom the company and convert it into a personal phone….Report
I’ve heard stories that say otherwise. I never really worked for a huge corporation except some large law firms as a freelance proofreader. Basically all my employment has been on a basically freelance variant. The most I got in benefits was taxes deducted and a 401(K). I’ve never been in a position of getting things like PTO or health insurance from an employer. Okay I had PTO when I taught English in Japan for a year.Report
@newdealer
I’m sure there are exceptions, but my industry is regulated. Were someone to have certain information on a machine where it is not approved, employees could be fired, jailed, etc. Companies could be fined, barred from additional work, etc. That’s a fairly strong disencentive…Report
This is why I will always keep a personal phone. If my work wants me to have a phone, they can give me one but it will be reserved for only work purposes.
As it stands it looks like I am going to need to be risky and start my own practice. No one seems to want to higher me as an associate, at least not yet.
I’m largely stressed out about this. If it is successful, it will be great. If not, I am going to be royally fished.Report
I’ll keep my fingers crossed ND. If I’m ever in Cali and I need a lawyer* I’ll keep you in mind.
*Scarce comfort, I’m sad to say, I don’t want to visit California because it’s gonna sink into the sea and I don’t want to get caught cheating on the Atlantic Ocean.Report
My situation is even more complicated because my girlfriend is on the East Coast!
Lots of things going on, lots of stress..Report
Gush I wouldn’t wanna be you. My long distance was only half a continent long (Nova Scotia to Minnesota).Report
Yeah basically the moral of this story is unless the company wants to provide a phone keep their crap off yours. Also if the company does provide a phone put nothing on it you would miss if you suddenly were shown the door and the phone was yanked from your hand.Report
Or back your phone up on a computer every evening, in case tomorrow the pink slip arrives.Report
My feelings on all of this are fairly benign.
I like the spirit of ideas like this:
But when it comes to stuff like proprietary information, unfortunately, the truth is that no matter what system you come up with the person that wants to circumvent it will be able to. If that disgruntled employee is the kind of person that’s going to want to do something unethical with that info, chances are they’ll have captured that data for themselves long before you wipe the phone.
Having your proprietary data at risk is just part of the cost of giving people access to proprietary data. And if you are an employer that is shirking health & bennies costs by hiring independent contractors instead of employees that you can better vet and keep an eye on, then that’s just part of what you bought.
That being said, if an employer letting an employee use a company smart phone that has potentially proprietary data on it, I think remotely wiping it at termination is more than OK — I think it should be standard practice.Report
To clarify… how are you defining “company smart phone” here? Company-issued? Company-subsidized? Partially company-subsidized?Report
Oh, nothing nearly that complicated. Basically, I meant something that can hold stuff like client contact info (or whatever) that you can actually remote wipe.Report
In which case, I disagree. If companies are concerned about proprietary and company information, they need to be able to do so in a way that doesn’t delete baby pictures. Or issue phones. I think giving the companies the OK to do this means, among other things, that they don’t have to figure out the intricacies. They can just nuke it. It’s not their phone, after all…Report
I’m confused.
How is a company phone not the company’s?Report
Because they don’t own it, the contract isn’t in their name, and you may have purchased it before you even interviewed for the job.Report
By way of example, my wife’s former employer said “We don’t provide you with phones. We will help you with your phone bill, however, by giving you $60 a month. Or my brother, who had a personal iPhone and a work-issued Blackberry until they said “No more Blackberry. Start using your phone. We’ll reimburse you $80 a month for service.”Report
At one of my previous employers, I was one of a few people who got to touch the “crown jewels” of our super secret source code. It lived in a locked room on an isolated network. This all made good sense. But inside that locked room, they had security software out the wazoo–stuff that supposedly kept us from copying data off of the computers. Major pain in the ass for a lot of reasons I won’t go into here.
The funny part is that if they couldn’t trust us, there was really nothing they could do. An OS-level programmer with plenty of hardware knowhow whose job description includes securing handheld devices is being left alone in that locked room with all the dev tools in the world and supervision all day long. In fact, most of the people who could possibly supervise us weren’t cleared to get keys to the room. So if we wanted to walk out with that data, it would have been no sweat. Sometimes you just have to hire people you can trust and then trust them.Report
Better than getting the escort by black helicopter and blindfold.
(I’m not sure if that was ITAR related. I do know what business it was,
and the security was … a good idea.)
The military’s solution goes one step further, of course — make a
language that nobody but a handful of programmers knows.Report
Sony, with the tanks?Report
Chris,
I don’t think I know anyone who’s ever worked for Sony.
(been wrong before…).
If you really want to guess, though:
High availability, no margin for error, get it right, or don’t you dare change a thing.Report
Tod:
You seem to have the same misunderstanding I had: The article is about employers remotely wiping devices which are the personal property of their employees.Report
If companies are going to expect their employees to use their own phones, computers, and tablets for work than they really need to respect anything private that might be on it rather than wipe it out for the company good.Report
I’m unclear on how this can be accomplished without the collusion of your cell phone carrier.
If you buy a phone, you have a contract with your carrier. Assuming your phone isn’t unlocked, your carrier has certain access capabilities to your phone, including the ability to wipe it if they want to do so.
If you get employment with a company, and they have, say, an IMAP server at their end, they can certainly remove your ability to access the mail (they could go one step farther and configure everything at the server end so that connecting clients think all email should be deleted when they reconnect, I suppose), but they can’t arbitrarily wipe your device unless (a) they install something on your device or (b) they go around you to your carrier and have your carrier to it.
Something is missing from this story.Report
I assumed that they installed something.Report
Well, if you allow your company to install something on your personal phone, there’s your problem, right there.Report
Back at my wife’s previous job, they basically said “If you want to be able to connect your phone to our records and networks, hand your phone off to IT and they’ll have it ready for you in an hour.”Report
Cough*HIPAA* cough. Bane of medical IT staff everywhere. There’s a rumor that comes up from time to time that the reason Microsoft keeps extending the security lifetime for Windows XP is that the day they drop support, Windows XP machines are no longer HIPAA-compliant and must be removed from the medical networks. And they’re scared that the medical industry will jump to something else that can run on all that older hardware, rather than replacing it with boxes that can run Windows 7/8.Report
@patrick A lot of people might not feel comfortable saying no to a request from the boss.Report
As a New York Football Giants fan, I am glad that Michael Irvin was inconvenienced like this…Report
One of my biggest career goals for the last 10 years has been trying to get to the point where I can work from home. 90% of my job is in front of a computer and has nothing to do with a physical location though. Recently I have soured on it a bit for my particular work though because that 10% of the time I need to be on-site is usually in small time blocks and extremely unpredictable. Having the flexibility to hop up and go talk to someone in person for five minutes is always preferable to trying to get them on the phone (Plus, I’m a visual guy and I can draw a picture if necessary.)
In dealing with bosses who work remotely it is frustrating to try to pin them down for a 2 minute conversation. You end up spending lots of extra time going back and forth via email.
Also, my job requires use of a company laptop for work purposes from home but they do nothing to prevent on line transfer of files to a third party site or to a flash drive so it is mostly just the illusion of security. If someone was so inclined it would be incredibly easy to make off with sensative documents.Report
I suspect that the scenario they’re trying to avoid is an employee being fired or laid off unexpectedly and then being able to go home and decide at his (angry) leisure whether to delete or exploit the data on his home computer. Yes, someone can always plan ahead and back up data to a thumb drive just in case, but very few people will do that. Heck, most people don’t even back up their own data. Firing someone and then taking his laptop before you let him out of your sight eliminates the vast majority of problem cases.Report