Patrick Gray urges CIOs to address privacy concerns when considering tablet deployment in the enterprise.
There's a growing sense that behind the colorful icons and entertaining games, tablets have a more nefarious side. iOS devices have long been cited as having a walled garden, whereby you can only use those applications and accessories that pass Apple's approval process. Similarly, Amazon's new Fire tablet eliminates most mention of the underlying hardware and software and focuses exclusively on the content available on the device -- all of it provided by Amazon, of course. When you add incidents that deal with Apple's iPhone location tracking, it only exacerbates this sense that mobile devices are "spying" on users. Is this a fair assessment, and should enterprises considering a tablet deployment be worried?
Of course, the motivation for much of this data gathering is commercial rather than nefarious, but that doesn't make it any less spooky. In an age where mass marketing has been rendered largely ineffective and personalized marketing is all the rage, mobile devices present a goldmine of data about consumers. Our mobile device could literally tell a company whom we talk with, where we go, what we read, and what content interests us -- data that's worth millions.
In the corporate space, companies suddenly must consider what liability they have if employer-issued devices are effectively spying for a software company outside of business hours and or whether this tracking presents physical and data security problems. One could even imagine all manner of interesting scenarios. For example, a company could try to sell this data to a marketing company to subsidize a tablet deployment.
A deal with the devil?
Whenever suggestions that tablet providers are up to no good surface, most manufacturers calmly point out that customers agreed to all manner of intrusive practices in the "terms and conditions" that pop up periodically on these devices. Usually, these terms and conditions are dozens of pages, and they appear when first using a shiny new device or attempting to install a compelling bit of software. I have yet to meet a normal human being who diligently reads the small print, especially when tapping the "I don't agree" button renders a device useless.
Currently, the rusty old weapon of consumer pressure seems to be the best defense against "kitchen sink" terms and conditions. When a company steps over the line on data gathering, it's often run through the ringer in the press, and they almost universally back down and change the policy. Technical advocacy groups are paying more attention to what data devices are sending and what gets exchanged when these devices phone home.
What's a CIO to do?
As a CIO, many of these questions are probably low on your list of tablet deployment concerns. Like it or not, however, you will be thrust into a debate that involves the very thorny issue of individual privacy. At a minimum, get someone on your team to follow tablet-related privacy news, and get the advice of your corporate counsel (probably the only person who might actually read those terms and conditions).
While I would not cancel a tablet deployment or test due to these concerns, blissfully ignoring them is certainly not an appropriate response either. Just as tablet technology is maturing, personal and legal expectations around privacy are evolving around these devices. Donning a tinfoil hat and avoiding new technologies is too extreme, but so is ignoring potential employee concerns and neglecting to formulate a response and action plan in advance.