wiggy

Ah ha, Good point....

garpal gumnut

The events portrayed in the NHS/Doctor scenario sound like highly refined bulldust.

dnx

I'm a bit worried now.
I always knew (and have experience of such) that companies monitor what 'their' devices - be it laptops, mobiles or pc's are used for.
The company I work for now has given employees the opportunity to use a secure app on our own laptops or iPads to store company manuals and documents.
This is quite handy because it cuts down on the amount of devices you carry with you and the app automatically updates whenever the iPad has wifi connection so we are always up to date as far as company stuff is concerned.
The app we use warned us that in order to satisfy security protocols the content would be monitored.
I wonder now if thru a backdoor the contend on my iPad can also be accessed.
And if so if that is legal.
Any legal or IT experts here who can answer this?

M.Mouse

It most certainly isn't.

YetAnotherLurkingSLF

In general, you have a right to privacy/respect for your personal life on the part of your employer (and any other party), by virtue of the ECHR/HRA article 8. It is not unlimited, and your employer certainly has the right within reason to monitor use of its facilities to protect its own operations and to limit or prohibit use of company facilities/infrastructure for private communications where that could compromise operations, etc. What would almost certainly be considered an unreasonable breach of privacy would be any monitoring of communications that they did not tell you about beforehand, of the use of subterfuge to accomplish it (I can't imagine, for example, that password sniffing software would be considered reasonable unless there was a very serious security threat). This stuff tends to rely on notions of reasonableness and proportionality, so the circumstances are obviously important. Dismissal for making a phone call home from an office, for example, would generally be considered disproportionate; making the same call from the flight deck rather less so.

There is also some privileged status for communications to do with trade union activities and that sort of thing. Also spending your entire working hours browsing message boards for quite unrelated occupations is also unlikely to fall within the scope of the ECHR right, so it's lucky that I'm self employed really.

(does not constitute legal advice, etc. etc.)

mixture

On Apple devices running iOS (i.e. iPad, iPhone), as long as you have not been an idiot and "rooted"/"jailbroken" your device, all apps run in their own sandbox and are not permitted to interfere with, share or collect data from other apps.

Apple also runs a very strict permission system as far as access to shared common system data goes (e.g. location data, contacts, photos etc). You will always be prompted for permission to access system data and you can always easily review and revoke permissions in System Preferences.

The story is different on devices running OS X (i.e laptops and desktops), because OS X is a typical standard operating system, so you would expect the security model to be more relaxed. If running company software on a machine running a typical "standard" operating system (OS X, Windows or Linux) then you would indeed need to be more careful because the software will typically run with the same privileges accorded to the user you are logged in as, and therefore theoretically could read anything that user has access to.

jack11111

I really like the "sandbox" model for app development and data sharing. Gooood kitty.

Dingbaticus

I love how our Company devices have improved the way we connect to both our customers and our colleagues but since 2012 when I was first issued with a company phone and iPad I have followed EG801.

Read it, respect it.

It may save your career!

Dingbaticus

A and C, are you a criminal lawyer?

Denti

Corporate configured iOS devices that are centrally managed are not as secure as mixture's post might make you believe. In fact centrally managed iOS devices allow the administrator pretty much unrestricted access to most data and all apps on that device. Easiest to be done via apple servers, but there are third party companies that do it for you if you want. If you use devices like that in your company better have a CLA about its use and the access the company has to it.

India Four Two

I agree with Denti.

Two years ago, my previous company allowed employees to connect their iPhones to the corporate network by downloading an app. Before being given access, employees had to agree to a draconian corporate policy, which gave the company the right to delete all data, not just theirs, on the iPhone, at any time, without warning. I can't remember whether they also had access to all the other apps and data as well.

I politely declined.

mixture

You've probably never even used Apple Configurator or the iPhone Configuration Utility, let alone MDM remote management.

As far as I am aware, putting an iOS device into supervised mode DOES NOT disable the sandbox or other iOS security mechanisms.

The sandbox in particular is an integral and fundamental part of the iOS security model and the only way anybody can disable it is by jailbreaking the phone !

Supervised mode may well allow the Administrator to bypass the lock screen when the Administrator has physical access to your device ... but as we all know in IT .... when an untrusted third-party has physical access to a device (be it laptop, phone or server), its game over as far as security goes.

Remote MDM commands don't allow Administrators to slurp data either !

The purpose of supervised mode and remote MDM is for ease of provisioning and device management in larger IT environments.

If I'm wrong, then please provide me a link to formal technical documentation on the Apple website that explicitly states that.

I'm not interested in something you heard from a friend of a friend. Because if I were to hazard a guess, what you have is a fundamental misunderstanding of the iOS managed accounts and/or managed apps features.

PC767

Dingbaticus, post no 28.

Your reference to an EG policy may suggest you have a connection to BA. You state that iPads and phones were issued in 2012. The independent article alleges that 'spying' was taking place in 2011. BA state they monitored company devices.

Dates are not adding up. Why would a company settle a case out of court if they had do nothing wrong.

I am correct to state that there was a case taken against BA on behalf of Unite. That much is seemingly correct.

AndoniP

look, whatever the argument is about IOS security, the fact remains, use corporate devices for work, and personal devices for anything else. and use your common sense most of all. don't criticise management over anything electronic. don't install stuff on company devices.

mobile tariffs these days are so cheap for international data that you shouldn't need to use company devices for anything personal.

if you keep a clear demarcation between the two then you should be clear of trouble.

mixture

Absolutley, agree 100%.

That's what I said originally and I stand by that, the iOS stuff remains secondary (and I only posted that because someone specifically asked about iOS).

Dingbaticus

PC767, company iPads and phones began being rolled out to the cabin crew community in 2011 after which iPads were rolled out to the flight crew community.

There were outstanding cases from the dispute involving the sacked and suspended which were saw 5 cabin crew returned to the work force and the remaining 14 received 'substantial payments'. They all signed a non-disclosure agreement.

We can guess and speculate until the chicken and beef come home but in legal matters it is 'facts' that are important.

I suggest we leave this to the legal SMEs and remember to use our company equipment for company business.

CaptainCriticalAngle

My guess is that they will also be tracking staff movements using their smartphones. It's all on a big database somewhere.

George Orwell was right.

Working for a large corporation has many benefits, but the downside is that you sell a part of your life, a part of your soul, to that corporation.

RomeoTangoFoxtrotMike

Indeed, %SLFguy, your post is 100% false (pretty much).

For businesses based in the UK, and I assume BT is, then the Lawful Business Practice Regulations (http://www.legislation.gov.uk/uksi/2...0002699_en.pdf) will apply. Basically, these mean that monitoring of communications over *his* infrastructure, by your employer, is perfectly legal, so long as he has told you he is doing so.

As to the ECHR rulings about the right to privacy of communications, whilst that is true, and it does mean that your employer must allow you the opportunity to make such private communications, it *doesn't* mean that *he* has to provide you with the means to do so...

[Ob. disclaimer: IANAL]

A and C

It should be clear for all ( without an axe to grind) that this is likely to be a grey area of law.

Persons do have the right to confidentiality but also if you give someone a piece of equipment to do a job you have the right to ensure that they are not abusing that equipment.

The courts might well take the view that using the computer for company related Union business was legitimate and the confidentiality protected (a view that I hold) but some in the company who see the union as the arch enemy might not take that view.

The trouble is that in these days of leagal responsibility if an employee has ( let's say ) child porn on his company computer it is likely that the employer who has the deepest pockets is the one who is likely to end up in the high court while the employee ends up in the criminal court.

So it is highly likely that someone in the company IT department might well use the legitimate excuse that they were searching a company computer for porn while really looking at the confidential Union activity.

Dingbaticus, to answer your question I am not any sort of lawyer, I run an aircraft leasing business, one of the things we looked at doing was supplying an iPad to customers loaded with the company Jepp subscription and other useful aviation data. In the end we decided that having company iPads in the hands of the customers was likely to expose the company to unlimited liability if they abused them so we did not go ahead with this idea.

In short it just takes a bit of common sense to see that the leagal structure is running hard to try to keep up with technical advancement, this can only end up in court cases who's outcome is very hard to predict......indeed a very grey area !
I would not put any thing that was not directly work related on a company device and keep all other topics ( including Union stuff) on a device that I own and control........... That way the confidentiality issues are crystal clear.

parabellum

So, calling in sick from the pub may not be such a good idea then?