Employees who use their own electronic devices at work under a Bring Your Own Device (BYOD) arrangement may have unwittingly authorised their employer to remotely wipe their device when they leave the company, reports the WSJ.
In early October, Michael Irvin stood up to leave a New York City restaurant when he glanced at his iPhone and noticed it was powering off. When he turned it back on again, all of his information—email programs, contacts, family photos, apps and music he had downloaded—had vanished […]
It wasn’t a malfunction. The device had been wiped clean by AlphaCare of New York, the client he had been working for full-time since April. Mr. Irvin received an email from his AlphaCare address that day confirming the phone had been remotely erased.
A survey found that 21 percent of companies perform a remote wipe of employee-owned devices registered on the company network, with employees ostensibly agreeing to this when they connect to the company network.
Many employers have a pro forma user agreement that pops up when employees connect to an email or network server via a personal device, he added. But even if these documents explicitly state that the company may perform remote wipes, workers often don’t take the time to read it before clicking the “I agree” button.
The legality of the practice has reportedly not yet been tested in court.
In principle, an iCloud or iTunes backup should allow wiped iPhones to be restored, but you may want to pay a little more attention to the small-print next time one of those corporate messages pops up on your screen, to find out what it is you’ve been agreeing to …
Update: Several readers have pointed out that the remote wipe would be performed via the company’s Exchange servers, so removing the Exchange account the day before you leave would be a good precaution.
FTC: We use income earning auto affiliate links. More.
Wow, that’s amazing, but after asking, its perfectly legal. Of course, a judge could change that if something like this ever went to court.
Yes, would be very interesting to see it tested in court.
I question the legality of this, for the following reason: I have the “right” to destroy data that I “own”; conversely I do NOT have the “right” to destroy data that I do not own. If I use my permissions on the company network to access company files – and I wipe it, I am personally liable for that data that was wiped.
The company has the “right” to wipe data that they “own”. Naturally, this would be work-related data only. When the company wipes YOUR data, they are responsible for whatever costs it takes to recoup that data. As some family pictures may be “irreplaceable” – I can see a lawsuit for several thousands of dollars for the willful destruction of personal data.
If it’s good for the goose, it’s good for the gander.
As long as you do a backup you don’t lose anything. If you give LEGAL authorization someone to wipe your phone I don’t see how it would be illegal.
It has been tested in court but the results are a mixed bag. In some cases the judge sides with the employer and in others with the employee.
http://www.shrm.org/TemplatesTools/hrqa/Pages/Cananemployerremotelywipebrickanemployee’spersonalcellphone.aspx
Interesting, thanks – though that link requires a login
I wasn’t asked for a login when I visited the site before. I wonder what changed.
“Many employers have a pro forma user agreement that pops up when employees connect to an email or network server via a personal device” — this is not true for the iPhone. I had a coworker that this happened to. By simply using the work Exchange email account on the iPhone it automatically gives the Exchange server privileges to wipe the device. Nothing is displayed to the end user as this is a setting on Exchange server and it is up to the employer to enable. In our instance we were never informed this was on.
Then your employer is putting themselves at risk. This is not informed consent.
Not true – if the device is capable of remote wipe, the device will display a message that the user has to accept to connect to an Exchange Server via ActiveSync – no so with imap and pop3 though.
IMO, companies should be using deployment and management software (like AirWatch for example) that will allow them to wipe ONLY the companies data from the personal iOS device, leaving the users data intact. If a user brings their own iOS device to the company, they are still required to install the management software, however, during initialization, a selection of “Employee Owned” rather than “Corporate Device” is selected. This sets the parameters for the remote wipe to wipe ONLY the company data, not the personal data.
This is perfectly legal since you sign the agreement when you access the company email on your personal device.
Though I would like to point out that this remote wiping method is outdated. The company should move to Mobile Device Management (MDM) solution which will allow them to wipe only the company data. This is done by installing the profiles on your device using the MDM solution.
There is no real solution for safe and secure segregation of data on any mobile device. A remote wipe? No problem – a smart user will have multiple backups. Ignoring the legalities, BYOD is a great concept but relies on the naivety of users (and IT departments) to work. Until it matures, the best course of action would be to issue a controlled and company owned smart phone. That, or stop being so paranoid and trust your employees. Until that day comes, I think we can live with the chance disruption caused by a remote wipe…. oh, wait…. :)
Your personal information/settings are restored when you restore from backup. However, if you attempt to connect to company systems you will get another remote wipe.
Had he removed the exchange email account from his phone once he left, this would have not happened.
The only way to remote wipe is the exchange server, and that is only if he is still connecting.
If he was gone from the company/contract he should not have been checking email.
You are correct but in this case he was not aware that his project/work was terminated.
A very simple workaround for this issue is to simply remove the Exchange account from your phone on the day you’re leaving the company, or maybe the previous day to be safe. As soon as you remove the Exchange account, your company no longer has hooks into your phone and they can’t wipe anything. If you forget to remove the account, and you’re walking around a week or two later with the Exchange account still on your phone, then that carelessness is on you.
This is a critique of system admins who don’t have experience and not necessrily of exchange, but my tech guy had it set to perpetually reset. Each time I reloaded, it triggered a wipe. He thought he was just wiping the Exchange settings without knowing it would start a wipe loop.
So, poorly documented feature in the hands of someone who doesn’t know about it can take you out for day.
my son tried to access my wife’s phone after she changed her password and after 10 times… it wiped off everything from the exchange account. so it is the same principle, just need to have a backup daily. Imagine the company thinks there has been a breach through a mobile device and cannot determine where it came from, safe thing wipe off every device…
so how exactly does this work? does iOS provide hooks for Exchange servers to do this or are they wiping phone via iCloud?
It hooks into ActiveSync, not iCloud. This feature has been there since at least iOS 5.
Get your company to use an MDM solution like Mobile Iron, Zenprise, or Good and then when you leave they can only wipe their stuff but leave yours intact
The activsync warning about remote wiping the device message appears on Android and you must press agree
Our company has recently banned having both company and personal forms of communication on the same device and conduct of any kind of official company business through a non-company account, including texting from a personal phone number, could be grounds for termination and even confiscation of whatever personal point of contact was used. That last part is actually very daring, legally, but they’re serious about all leads and communications belonging to the company and expect that to be left behind if you leave the company.
The pairing of the phone / tablet and server does not occur at an email or ActiveSync (application) level. The devices are paired to the server through a security profile that is pushed to the phone / tablet from the server. I don’t think removing the Exchange / ActiveSync account will remove the security profile, in the same regard as removing the Exchange account will not remove the pass-lock enforcement. MDM software creates a security profile on your iPhone / iPad. This would have to be removed from the profile menu in General Settings.
A little bit of detailed information:
http://msdn.microsoft.com/en-us/library/hh509085(v=exchg.140).aspx
Very helpful background, Brandon
Not sure I follow you Brandon – when you remove a security mandated Exchange account from an iDevice, the password lock requirement/enforcement is removed with it. The “Turn passcode off” option in General>Passcode Lock is greyed out when the account is on the device, and is no longer greyed out after the account is removed, meaning the password enforcement requirement was removed with the account.
I said specifically that I did not THINK that removing the ActiveSync account removed the security profile, but I know that removing an Exchange / ActyiveSync profile from an MDM managed device does not remove the security profile, for which I can still wipe your phone, account removal aside. I was not certain of the statement, specifically regarding ActiveSync, but am very certain of the statement regarding 3rd party MDM software.
To further my point, my personal stance is that, if you are going to use “personal” equipment on a business network, you are subject immediately to that business’s requirements for all network equipment that have departed the business, which means, in laymen’s terms, it will be wiped clean. Period. No ifs, and’s, or but’s.
Let’s test the theory. I will give you an Exchange profile on a random server with basic credentials. If you can remove the email account, but I can still wipe your phone, I will agree that you are, at a basic level, somewhat correct.
Hopefully this clears up your confusion.
I tried to read Brandon Phipps’s last reply carefully, but I’m not sure I understand it fully.
I have an iPad1 (yes, they still exist and still work!) which has been connected to my company’s Exchange server for all of 3 days, until I received a company-owned iPhone, whereupon I deleted the Exchange from my personal iPad and went on with my life (as desdinova70 says, the password enforcement requirement went away, so I thought I was now free from any Exchange security mandate).
This was 6 months ago. Just this morning I was playing with my own Exchange OWA account, and discovered a menu where I can perform wipes myself. To my shock, that personal iPad1, the one that had Exchange on it for 3 days and then not at all for more than half a year since then, is still on the list — I could wipe it myself if I wanted! How is that possible? Since that device no longer has any connection to my employer, surely I should be able to remove the permission I’d implicitly given them back when I did?