If you are using Exchange at work, I would definitely recommend keeping your personal data (email, contacts, calendar) in a separate account, which the iPhone will seamlessly combine for you.

Where I've worked, if an IT guy started accidentally nuking people's Blackberrys that IT guy wouldn't just be fired, he would be destroyed.

On the other hand, if your device is actually lost then you would want the entire device to be nuked.

I suppose it boils down to how much the employer is willing to invest in its employees. If the employer is not willing to pay for the devices the employee uses for work, then the employer is probably not going to manage those devices responsibly. For that reason, I would never connect my personal device to work unless my employer was willing to pay for it.

If your employer acts like they're doing you a favor by allowing your device on their network, then that's probably a good indication that you shouldn't do it.

I'd be completely fine with my workplace being able to nuke their own information, so long as they couldn't touch my personal data.

Well, I wouldn't be perfectly fine with it, but it seems like a reasonable minimum level of separation.

OTOH, a corporation really does want to wipe the whole thing if it's lost, which is why the Exchange level wipe works this way. It's listed as a business feature: http://www.apple.com/iphone/business/integration/

I've been going back and forth about having my phone linked to Google this way. I don't like the concept of handing them an invitation to remote wipe my phone. On the other hand, there does not seem to be a better way to do over the air contact syncing etc (without signing up for MobileMe). My current position is to also sync to my desktop as a "if Google dies somehow" data store and think of my phone as somewhat more disposable repository.

The advantage of ActiveSync is "push" email notifications and integration of your Exchange calendar and address book with the base Android calendar and address book.

If you use IMAP to access the Exchange server, the Exchange server cannot wipe your phone.

If you connect to Google's servers (IMAP), Google cannot wipe your phone via their servers.

[1] On my Nexus One, the ActiveSync email plugin was pre-installed and I don't remember seeing the request for wipe permissions when I first configured it. When Google (or whoever) pushed an update for the ActiveSync plugin, it did ask me for wipe permission. That was my first clue that I sold my soul.

It is interesting that the Android plugin has some UI words about the authority to wipe the phone. In my recollection iOS did not display anything like that.

It is also interesting that Google's set-up tutorial for iOS promotes the ActiveSync method but doesn't mention remote wipe:

http://www.google.com/support/mobile/bin/answer.py?answer=13...

And that is the problem. Your phone is controlled by someone else. It's not really your phone.

People's misconceptions about the technologies they build their lives around sometimes give space to a lot of pain.

- the fact that this is technically possible,

- the fact that the software and service providers think it is appropriate to offer the feature,

- the fact that some employers (such as the one in the article) actually think it is even slightly reasonable behaviour to use the feature on someone's personal phone,

- the fact that the wiping behaviour isn't already clearly illegal with horrific penalties, or

- the idea that the kind of employee waiver mentioned in the article might actually be considered a fair and enforceable part of any employment contract.

This is just so completely wrong, it's hard to know where to start!

First and most importantly, employers cannot remote-wipe your phone if you haven't paired it with their Exchange infrastructure. Remote-wipe is part of the technical contract you enter into when you link your phone to your company's internal infrastructure. Therefore, while it's totally reasonable to be outraged at the prospect of your employer wiping your phone, the answer is simply "don't let them".

Why do IT departments need this capability? That's easy: when you synced your phone up to their email system, you collected an unspecified number of company secrets. Some of those secrets come with a legal obligation to safeguard them. In a surprisingly large number of companies, some of those obligations have theoretical criminal penalties attached to them.

Turning off your Exchange access doesn't get rid of secrets Exchange disclosed to you already. Companies turn over tens or even hundreds of employees a week. It's absurd to suggest that they'd leave this matter up to chance, with or without a "scrub your device regularly" policy.

More to the point: when companies lose PI, PII, or financials, they end up in the newspaper. Usually, when there's even a reasonable likelihood that data has been exposed, companies are required to notify impacted business partners, incurring contractual and legal expenses. Even if you just left the phone in a bar, and the thief is almost certainly just going to wipe the phone anyways. It's naive to suggest that companies accept the risk of landing in the paper or in court every time someone loses a phone.

It's also perfectly reasonable to point out (bad) IT departments that require you to tie your personal phone to their email systems. By all means, bring up "remote-wipe" when they refuse to buy you a crappy Blackberry instead of letting you B.Y.O.

Physician, heal thyself. You wrote:

> Companies turn over tens or even hundreds of employees a week.

Unless this is some difference I have never previously encountered between British and American English usage, that seem a pretty clear reference to employees coming and going. In the context, what else could you possibly be referring to apart from the danger of leaking data because employees who used to have legitimate access still had the data after they left?

No, they aren't.

For one of my clients, I work with high-end security hardware used in places like banks, medical facilities, etc. These are the kinds of place where you access the server room through an airlock. They are affected by issues like SarbOx and HIPAA in the US, various international data protection legislation, etc. If your device doesn't comply fully with every single point on their standard network security checklist, they won't even consider buying it. You get the idea.

And exactly none of those things, in any way, according to even the most conservative experts, would require the kind of invasive wiping of personal data on a personal phone that we are discussing here. Several people replying to my post have claimed without citation that such a facility is somehow a legal requirement for businesses handling sensitive data. My disagreement with their position doesn't make them wrong. The facts do.

(Edit: This comment got hit by a downvote faster than any human being could possibly have even read it. If anyone would like to have a discussion based on cited laws/regulations, facts with supporting references, etc. then I will be happy to debate with them. If anyone would like to debate the ethical issues surrounding merging work life and personal life, I'm game. But if all we're going to do is make vague claims about the law somehow requiring this kind of facility and downvote anyone who disagrees, then this whole conversation is rather pointless.)

Your "legal requirement" argument is a red herring. I think you just want to argue. Nobody is claiming that companies have a "nuke from orbit" legal requirement; what they have instead are requirements to safeguard data and penalties if the fail.

This entire discussion is about wiping a personal phone completely, not just company data on it.

I challenged this behaviour in my original comment. You replied to that post and said explicitly that there was nothing wrong with it, citing legal obligations to protect company data, PR risks of leaks, etc. Several other posters have made similar arguments nearby.

I replied to you and pointed out that none of these arguments require or justify giving an employer the ability to wipe an employee's personal phone entirely.

Since that time, you have in various posts accused me of not reading things before replying to them, mocked me, accused me of just wanting to argue, and generally been rude and unconstructive. You have not, however, actually defended your position in your original post that the ability to remote wipe an entire personal phone is a "completely reasonable due-diligence security mechanism" or addressed any of the three specific points I made in reply.

  if (RemoteWipe) {
    companyData.Erase();
    personalData.Erase();
  }

What kind of high-end security hardware are you talking about? If you used an advanced Cisco software VPN client, you could (so I hear) have it scan the client computer and enforce policies on it. If it was used on a personal computer, these would be invasive in a similar way yet you would not blame Cisco or the company if the user didn't understand this, would you? Would you be outraged that it's even technically possible?

Yes, of course. I just think it's the employer's problem in this case, not the employee's.

> Do you agree that the distinction between personal and company is vague and human defined?

No. The argument made by many people disagreeing with me in this discussion is predicated on the employee downloading data from the company Exchange system. That provides an objective standard for what constitutes "company data".

If you're going to try to broaden that in some ill-defined way to any other data the employee has, you might as well argue that any employer should have the right to audit any and all of an employee's personal property, communications or brainwaves. I am aware that some employers actually do seem to think that at least the first two are reasonable, but I vehemently disagree with them, and so does the law in most places.

> What kind of high-end security hardware are you talking about?

The relevant ones here typically record/block/modify network traffic: intrusion detection, data leakage prevention, lawful intercept, that kind of thing.

> If you used an advanced Cisco software VPN client, you could (so I hear) have it scan the client computer and enforce policies on it. If it was used on a personal computer, these would be invasive in a similar way yet you would not blame Cisco or the company if the user didn't understand this, would you?

You mean if

(a) an employee was asked to work from home,

(b) the employee was asked to access the company network using company-provided software installed on their personal computer (the VPN client), and

(c) that software then reformatted the employee's hard drive because someone in corporate IT hit the wrong button by accident,

would I have the same problem with it?

Yes, of course. As I keep saying, if the company requires that kind of control, it should be issuing employees with dedicated systems at company expense, configured appropriately. I struggle to see any circumstances under which installing software on an employee's personal property that gives the employer the ability to wipe the entire machine arbitrarily would ever be justified.

Exactly, it doesn't!

If you have data that is important enough for leakage control at the edge of your network, then it must not be accessible outside of your controlled systems at all.

An employee's personal phone is never a controlled system for the purposes of this policy.

After all, what if the phone isn't stolen, but infected by a data-stealing virus during the employee's personal use?

If companies had the black-and-white perspective on risk you have here, nobody would ever be able to deploy a line of code.

In most cases, the ability to wipe a typical employee's personal phone in response to anything would be a ludicrous over-reaction.

On the other hand, if you have someone who really does need to access sensitive data on their phone, and leaking that data is a $100,000,000 kind of risk, and there is $100,000s of layered security that normally protects that data, then maybe company IT should be authorised to spend $100s on a properly secured device that they can remote wipe if necessary, in preference to giving an obvious attack vector straight past that security.

As you say, it's about the risk. I don't see any circumstances under which risking using an employee's personal phone to access genuinely sensitive data off-network is justified. Either the damage if it leaks is bad, in which case the barrier for providing a company phone is pretty low, or the damage is negligible, in which case requiring a remote wipe facility that can destroy the employee's own property is silly.

I think it's the employees. You know, because it's their phone and in their interest to keep it separate. Did they ask their phone vendor for a phone which could keep the data separate? Did they read the user manual? Did they vote with their feet or dollars? Did they give a damn at all?

> Do you agree that the distinction between personal and company is vague and human defined?

No. The argument made by many people disagreeing with me in this discussion is predicated on the employee downloading data from the company Exchange system. That provides an objective standard for what constitutes "company data".

But if I sync my contacts with a company Exchange server, I cannot add contacts without them being stored on the Exchange server. If I add a personal contact, those details are sent to the company. Is this now personal or company data? How is the Exchange server to know that you don't want contact X deleted? And why should it listen to you if that would just be a way around it's security?

If I open an email with a picture and save it, it goes into the camera roll as a copy. Is that now a personal copy or a company file?

If I get a company email with a link to the corporate intranet and I login, is the cached data in Safari which has corporate data in it but which did not come from the Exchange server, is that company or personal?

If you're going to try to broaden that in some ill-defined way to any other data the employee has, you might as well argue that any employer should have the right to audit any and all of an employee's personal property, communications or brainwaves.

No, that would be stupid.

As I keep saying, if the company requires that kind of control, it should be issuing employees with dedicated systems at company expense, configured appropriately

No it shouldn't. If the company requires work from home it should issue dedicated systems at company expense. If it merely requires control over whatever system you use then it should only provide advice and understanding when you agree to that control.

Just because a company requires control should you wish to access things remotely does not mean that they are obliged to provide the device. Only if they require you to use a device should they provide one. If they do not require it but you choose to provide one, they should be allowed to require restrictions and refuse if you do not agree.

The interesting bit is that these restrictions are

a) not intuitive to a nontechnical person

b) obvious to anyone who knows about them.

I struggle to see any circumstances under which installing software on an employee's personal property that gives the employer the ability to wipe the entire machine arbitrarily would ever be justified.

When that personal property has no other support for erasing important data apart from wiping the entire machine, yet the company mandates that devices be able to erase company data.

What else do you want? You keep switching between:

- Some perfect device which does not exist

- The scenario in the newsitem, where nothing bad happened except the person was shocked and annoyed

- Some hypothetical scenario where extreme damage was done to the person

What are you really arguing? That it's unfair? That it's less than ideal? That the company is horrible? That Microsoft is horrible?

What's your point?

iPhones and other activesync devices cannot but wipe everything or nothing, and companies do demand the ability to wipe data.

Some companies may demand employees buy personal devices for work use, that's unpleasant and possibly illegal. Many do not.

Those that do not often give people the option to use approved personal devices if they prefer them to work provided ones.

If people choose to do that without understanding what they are doing, that is unfortunate. In an ideal world it wouldn't happen, but it does actually happen.

The best thing to do is:

a) Have backups of your important stuff

b) Have a mindset where you can accept things goind weirdly in systems you don't understand.

c) Have a mindset that you accept the more technical and complex the systems involved in your life are, the more this sort of thing is going to happen.

1. If it is the employee's device, then everything belongs to the employee by default.

2. If the employer wants to allow access to certain company facilities or data using that device, then it is the employer's responsibility to ensure that such access complies with any necessary policies, without affecting anything that is none of the company's business.

3. If the employer can not or will not do this, then they should not provide the access in the first place.

4. They always have the option of providing suitable company hardware to the employee with whatever restrictions may be necessary to comply with their policies, at their own expense.

5. Arguments about how the company allowed but didn't require access, the employee consented, etc. are very weak here. Most employees would not be aware of the implications of such policies, and in many workplaces there is a fine line between what is required and what is not required (but if you don't do it we'll penalise/fire you). You're just leaving room for the employer (with its expert system administrators and retained lawyers and heavyweight HR leverage and much greater financial resources) to trample on the employee while wriggling out of any consequences.

> The best thing to do is:

> a) Have backups of your important stuff

> b) Have a mindset where you can accept things goind weirdly in systems you don't understand.

> c) Have a mindset that you accept the more technical and complex the systems involved in your life are, the more this sort of thing is going to happen.

I wonder if you'd feel the same way if, say, your identity was stolen because your home network was compromised by a zero-day exploit in whatever browser you are using to read Hacker News and a data-stealing worm sneaked in. I'm sure you're aware of the theoretical risk of that happening, and you chose to connect to the Internet anyway, so I guess you've accepted the consequences, and anything bad that happens will be your fault rather than the malicious attacker's.

The person who wants the end result gets to agree to the other person's policies.

If your employer wants your device to have email then they get to agree to your policies about your phone. [Edit: except for the big point that this is impossible with current iPhones and Exchange servers].

If you want your phone to have access to your ecompany email then you get to agree to their policies.

I wonder if you'd feel the same way if, say, your identity was stolen because your home network was compromised by a zero-day exploit in whatever browser you are using to read Hacker News and a data-stealing worm sneaked in. I'm sure you're aware of the theoretical risk of that happening, and you chose to connect to the Internet anyway, so I guess you've accepted the consequences, and anything bad that happens will be your fault rather than the malicious attacker's.

My response: Oh shit, now I have to deal with identity theft.

Your response: Let's legislate to forbid providing internet browsers unless the browser provider and ISP can guarantee this can't possibly happen because it's not reasonable for me to audit their code. Let's legislate websites to forbid access unless they can guarantee this can't happen. How could they be allowed to let me on their website without forcing me to consult expert legal advice and have big neon sign warnings about what an accident on their website might do to my computer?!

And in this case, does it sound like the victim made an informed decision that she wanted this end result?

> My response: Oh shit, now I have to deal with identity theft.

I take it you've never actually been on the wrong side of this one, then. I don't believe anyone who has would be so cavalier about it. And yes, I have. It's one of the reasons I'm so adamant in discussions like this that (a) sensitive data must be properly protected, and (b) systems should not be designed so that they can seriously damage an individual without adequate safeguards.

> Your response:

Find perp. Do very unpleasant things to him. Ensure that victim does not suffer any more than necessary due to perp's actions.

There is no clear cut destinction, on an iPhone. It's not about dilligence, but practicality - there is no other way to wipe an iPhone but "completely" or "not at all".

Firstly, this is a complete straw man: protecting company secrets from the company mail server does not in any way require deletion of personal data on a personal phone.

The phone does not make that distinction. It is not possible to remotely wipe half an iPhone.

Basically, your entire counter-argument is a non-argument. Nothing you have said in any way justifies a company having the power to interfere with your personal data

There is no distinction on an iPhone. It does not make a distinction. Personal data is not kept separately. Company data is not kept separately. There are no divisors. There is no restriction. No sandboxing, no virtual machines. The distinction you keep making between "personal data" and "company data" is in your mind not in the iPhone data store. The iPhone data store is binary data stored in a nonsentient device which has no person itself and no understanding of personhood. There is no distinction between personal and company data in iOS. Email on an iPhone is just another app which does not distinguish personal from company messages. Your personal inbox and your exchange inbox can be merged into one unified inbox on an iPhone because an iPhone does not make a distinction between personal and work data. You can have a personal Exchange email account.

Not being able to do something properly is not an excuse for doing it badly and causing serious damage to someone as a result.

In this case, if an employer cannot (a) allow an employee iPhone to connect to their mail store and (b) secure their own data appropriately without also (c) compromising the employee's, then they should not permit that access in the first place. They should provide the employee with a dedicated device, at company expense, over which the company can have whatever control it requires.

I already addressed the underlying issue you raise in my original reply; it was point #1. Perhaps you would care to further the debate by replying there, instead of resorting to sarcasm and mockery?

Yes it really is. I'm not a builder but if I had to shelter from weather I would make a shelter. And my excuse for it being a low quality shelter is that I can't make a perfect one. And that would be better than nothing because at least I wouldn't die. Your idealism is idealistic but not helpful.

If iPhones couldn't read company email they wouldn't be as useful or as popular. If they could do so, but only by enforcing a horrible dual-personality where you had to manually switch between contexts they wouldn't sell as well or be as popular or useful. If they share data they are easier to use and more popular but not as easy to secure.

You say "not being able to do something properly" without addressing the fact that there is no accepted "proper" way to do it. They didn't ignore the proper way because they were lazy or stupid. Exchange email started on Windows Mobile devices for office use. That it has spread to consumer phones means the assumptions under which it was designed no longer hold.

and causing serious damage to someone as a result.

1) As far as we are told, no damage at all happened to her, she didn't even get lost after losing her navigation system.

2) We don't know that /serious/ damage happened to her.

3) The more serious the potential damage, the more important it was for her to have a backup of her important data and a backup of her important systems. There's no getting around this tradeoff.

4) The more serious the potential damage, the more important it is for her to understand what she is doing when making changes to her device and not blankly follow instructions to hook it up to things willy nilly.

Your second paragraph is a "person should be protected from all harm they don't understand by an all seeing overlord" argument, and it falls down where anyone else wants to do anything else or accept a different risk profile than uninformed easily panicked J. Bloggs.

> Yes it really is.

I don't really know what I can say to this post. You have somehow turned this whole incident into the victim's fault, mitigating the consequences of the company IT staff's mistake into the victim's responsibility, and my argument that it is not reasonable for an employer to introduce such a drastic facility to destroy an employee's personal property without giving the employee fair warning into some unbounded "no-one should be responsible for anything" argument. We live in two different universes.

Nobody is at fault. The user didn't understand, the phone and email system isn't perfect, the IT staff made a mistake.

These things happen. It doesn't need government legislation, lawyers and compensation. Shit happens.

What do we do differently in future? We could try educating people about IT, but people don't care about IT. We could try legislation, but that costs time and money and makes life less pleasant.

We could try not getting upset when everything isn't perfect and ideal. That helps.

What makes you think the employee didn't get fair warning?

As I understand it, the material was put together by an outside team of expert security consultants, who came in and audited the company's usual policies and the access requirements for people to do their jobs sensibly.

The executives watched the presentation and concluded that this was great, because now all of their staff would know not to leave CDs with sensitive data lying around on their desks when they went home.

The front-line grunts -- who were mostly geeks, this being a software company -- concluded that more than 98% of the recorded data leakage incidents in this 5,000 person company, and 100% of the serious ones, would have been prevented by (a) refusing to exempt senior/executive management from the corporate IT security policies that applied to all other staff and (b) requiring sales people only to use company laptops with the standard security software installed and maintained by corporate IT when going off-site.

(I'm pretty sure that I really am remembering the statistics here accurately, BTW. Listening to the executives on the conference call after watching the presentation was the kind of bang-head-on-wall moment you don't quickly forget.)

?!

The corporate IT people screwed up and issued a data-loss command they apparently had neither reason nor authorisation to issue. Someone's personal property was completely wiped as a result.

We don't know how much valuable personal data was on that phone, but it could have held e-mails, photographs, etc. They could have been important, have great sentimental value, even have been evidence in a legal action (e.g., photos taken after a road accident).

In any case, this is clear cut negligence. The phone wipe might not have been deliberate, but the damage was done and it is absolutely clear who was at fault.

> What makes you think the employee didn't get fair warning?

Well, for one thing, this:

"It was my account, in my name [and] I'd paid all the bills," Stanton says. "It didn't make any sense to me that somehow work could get through AT&T, who I thought controlled my phone, and could completely disable the phone and the account."

Does that sound like the employee was properly informed to you?

Then they should have a backup.

In any case, this is clear cut negligence

?! Unless you want a world where every employee's every mouse click is monitored by another employee and everything takes two people, three times as long and costs four times as much in auditing you have to accept that accidents are not the same as negligence.

Remote wipe is a web interface. Assuming the IT staff was supposed to wipe a different device, they either misread or misremembered the ID or misclicked (or were misinformed). One click.

If you put your life on the line where one click can destroy it and you have no backup, and you still connect your device to systems you don't understand, you're running a huge risk and no amount of legislation will ever help you.

Does that sound like the employee was properly informed to you?

It sounds like someone who doesn't know how something works. They could well be someone who had it explained, agreed, then forgot. Or wasn't listening, or didn't care. Lots of people do that. Like the executives in your other comment who sat through a security presentation and then moments later showed they hadn't understood it at all on a conference call.

That would be the part where you turned mitigating the IT guy's screw-up into the victim's responsibility again.

> Assuming the IT staff was supposed to wipe a different device, they either misread or misremembered the ID or misclicked (or were misinformed). One click.

If you have a system that can do that much damage because of a single missed click, then it's not just negligence, it's gross negligence.

> If you put your life on the line where one click can destroy it and you have no backup, and you still connect your device to systems you don't understand

If you don't understand the system, how are you supposed to know that one click can do this? It's clear from the article that the victim in this case didn't understand that it was possible at all.

> They could well be someone who had it explained, agreed, then forgot.

Seriously? You think that an employee was told, clearly and unambiguously, that by connecting their phone up to work e-mail they ran the risk of having their entire phone wiped including all of their non-work-related stuff at any time just because someone missed a single mouse click over in IT, and they forgot this?

If the discussions about this article everywhere I read other than HN are at all representative, most employees given a clear explanation of this policy would have immediately turned around and told corporate IT to shove it, demanding a company phone to use instead of allowing their personal one anywhere near such a system.

But I'm not. No matter what you do to the IT person, how much you sue him or her for, how hard you torture them, how much you hang draw and quarter them or put their head on a spike, or whatever, however much you take out your frustration on them you will not change the fact that your ultra important files are now gone.

The only way to change that is to take a backup.

I'm not interested in blaming the "victim" (accidents don't have victims, crimes have victims) and I'm not interested in punishing the person who made a mistake, assuming it was a genuine mistake.

I'm interested in making it not happen again, mitigating the consequences (for both parties), and doing so without ruining everyone elses life because one person was dumb and another careless.

If you don't understand the system, how are you supposed to know that one click can do this? It's clear from the article that the victim in this case didn't understand that it was possible at all.

If you hit your head hard enough, your frontal lobes can tear on the sharp bits inside your skull. If you don't understand this you can still drive a car. You can still make and sell cars. You can still walk over a cracked pavement or ride a bicycle.

Ignorance is only a defense in the sense that it gets people to feel sorry for you, ignorance does not make the universe undo the damage or help you compensate for the damage. Ignorance may be a defence, but it's still a stupid policy.

I don't understand what this change may do to my phone so I will take a backup -> good.

I don't understand what this change may do to my phone but I trust the government will have prohibited the employer from allowing it do anything I would consider bad -> bad.

Seriously? You think that an employee was told, clearly and unambiguously, that by connecting their phone up to work e-mail they ran the risk of having their entire phone wiped including all of their non-work-related stuff at any time just because someone missed a single mouse click over in IT, and they forgot this?

No more than they would be told that a single misclick of the accountant's mouse might lead to them not being paid that month, or that a single misclick of the HR's mouse might lead to them being marked deceased, or a single click of the HR's mouse might select the wrong file to upload and leak their SSN to the world.

It is not reasonable to inform everyone of everything which might go wrong. There is too much which might go wrong.

No, you could also not give the employer such a destructive power in the first place. Moreover, if you must give them that power, you could ensure that it cannot be invoked accidentally by a single person missing a single mouse click. You don't seem able to understand that not allowing the problem to arise in the first place would automatically avoid the negative consequences for all concerned.

You also seem to be latching onto something about government prohibiting actions, as if I'm advocating some sort of specific statute law to prevent this behaviour. The only thing I'm saying is that everyone should be responsible for their own actions and the consequences thereof, and that if someone through their carelessness harms another then the law should deal with the culprit accordingly. This is a basic principle of common law and common sense, I'm just applying it in context.

As an example. You use your phone for company business and have sensitive data on customers, including payment info, birth dates, addresses, socials, etc. If your company knows this data exists on your phone, they have a LEGAL obligation to wipe that data in certain circumstances.

So allowing any company data onto your phone is not only consent but implicit consent to the company arbitrarily wiping your entire phone?

I'm with the guy in the original article: I would love to see you make that argument with a straight face while standing before a judge in court. I imagine the consequences would be... expensive.

If you read almost every company's AUP you'll see that by using or connecting to their systems you are consenting and giving up your right to privacy.

Unfortunately, so far, exactly no-one responding to my original comment has managed to provide even a specific statement of what they think the law requires an employer to do in this context, never mind any verifiable citations. And yet, several different posters claim that there is some form of legal obligation on an employer that not only justifies but actively requires them to have this kind of facility to do it. What legal obligation do you all think a company has to be able to destroy an employee's personal data arbitrarily? What precedent do you think has been established, and in what jurisdiction?

> If you read almost every company's AUP you'll see that by using or connecting to their systems you are consenting and giving up your right to privacy.

Companies say all kinds of things in agreements. Many of them are completely one-sided, some to the extent of being abusive of an employer-employee relationship.

Fortunately, given that many of them are imposed without any real scope for negotiation, courts tend to rule that the unreasonable ones are not enforceable. Those conditions that interfere with an employee's life outside of work are among the most commonly struck down; see the status of overly broad non-compete clauses in many US states or most of Europe, for example.

You could start by not being a panicky reactionary mess about it.

It is useful to be able to wipe a remote mobile device with access into a company computer system when it it is lost, compromised or in unfriendly hands.

From that follows that software developers made it possible and providers made it available and employers think it reasonable to use on any mobile device which agreed to access their servers, personal or not.

It isn't illegal with "horrific penalties" - why would it be?

This whole discussion is about a company wiping an employee's personal phone, by accident and for no reason, including cutting off an active call and disrupting the navigation system they were using. Do you really not see why this behaviour is unacceptable?

It cannot be unacceptable to have accidents. Or, you can choose to not accept it if you like but they will still happen.

This was not a serious accident like a poisoning due to dodgy food labelling or a car crash or a bulldozer knocking her house down, and therefore it does not require legislation and it certainly does not require "horrific pentalties".

If that is your position, then we have very different ethics here.

> This was not a serious accident

Several people in this discussion seem to bring that up, but as far as I can see we don't know either way. It is certainly possible that the same action could have caused loss of much personal data of sentimental and/or direct financial value, cut off communications at an important moment with all kinds of serious consequences, left a driver stranded with no navigation to get them back to familiar territory, etc. Even if that didn't happen in this particular case, it was pure luck.

Well, if you want to be silly about it, by your argument shouldn't we make mistakes illegal and then slaughter everyone because everyone makes mistakes?

That is not my argument.

You see where I said "an erased phone is not a serious problem therefore it doesn't need legislationg" Where did that give you the idea that I think manslaughter is OK?

It is certainly possible that the same action could have caused loss of much personal data of sentimental and/or direct financial value, cut off communications at an important moment with all kinds of serious consequences

Even if it did cause those things, those are not serious consequences. Problems serious enough for legislation are things which are likely to result in a high rate of injury and death, or be long term dangerous/injurious to a lot of people (eg. shoddy building codes).

If you really want nationwide legislation forbidding companies from letting employees use personal phones to read email because they might lose their only copy of sentimental pictures, and prefer that to suggesting the person have a second copy of their pictures, then we have incredibly different views on how life is and should ideally be.

I have a dumb phone, iPod and an iPad for personal use - which I find a better combination than one do everything device.

I have a pretty terrible attitude towards phone usage - I rarely answer it (I usually let it ring out and return the call if it is from someone important). Most people I deal with regularly know to text or email me rather than phoning.

Stanton wouldn't have been surprised to see this kind of remote control on a company phone.

But this iPhone was hers.

"It was my account, in my name [and] I'd paid all the bills," Stanton says. "It didn't make any sense to me that somehow work could get through AT&T, who I thought controlled my phone, and could completely disable the phone and the account."

The whole news item is "person doesn't understand how a system they use works, as a result gets confused shocked and indignant".

There's no news here. Exchange ActiveSync has been working that way for, what, 4-7 years or so.

If you haven't learned what something can do, then you have every right to be confused, but pretty much no right to be annoyed.

This kind of nuanced technology with personal phone and phonebill connected over a third party network to a company email and calendar does not have "a nontechnical explanation" for how it works. There is no nontechnical explanation for what kind of security problems you might end up with if someone steals a mobile phone with a live email account - from revealed information in emails and calendars and address books and live address book searches, to social engineering to forged messages. The phone might have a VPN connection.

Someone else got trampled by the march of technologic complexity, that's perhaps the news.

Pretty much every legal system in the world exists because such a position is more idealistic rather than realistic. No human being has the capacity to fully understand every interaction and agreement they participate in as a routine part of daily life. If people actually stopped to read and understand all the small print, taking expert advice where they needed it to fully appreciate the implications, then society would literally collapse in days. Likewise, if everyone refused to use any device where they had not received full technical training in every aspect of the functionality, society would fall apart.

We counter this problem using legal techniques, such as requiring that any term in a contract must be reasonable and understood by both parties for it to be enforceable. The law in most jurisdictions also explicitly recognises that not all contractual agreements are made between parties of equal bargaining power and resources, and therefore tends to give the benefit of the doubt to the little guy. In this case, if it isn't illegal for a company to exert this kind of control over an employee's personal property without the involvement of flashing neon signs and professional legal advice, perhaps it should be.

What I find odd is that a company allows people to keep confidential company information on a personal device at all.

There are many reasons to require this, including insider information, or other legally-required barriers, as well as company-protected information.

Yes it is, but it doesn't say anything about the company wiping the phone negligently because someone in IT screwed up.

Also, it's rather like holding up a flashing neon sign saying "I'm about to beat you up" before you beat someone up. You might have made them aware of the problem, but that doesn't mean your actions are either justified or legal.

> What I find odd is that a company allows people to keep confidential company information on a personal device at all.

Exactly. If the data is sensitive, it should be controlled properly by the company using company equipment. That has been my argument all along.

> There are many reasons to require this, including insider information, or other legally-required barriers, as well as company-protected information.

To require what? If you mean an arbitrary wipe of a personal device that is not limited to company information, which is what this whole discussion is about, then I'm starting a new club for posters telling me about how there may be legal requirements that necessitate such a facility without actually saying what those requirements are, what laws impose them, or in what jurisdiction. Please take a membership form and join the queue. :-)

To the extent that this is covered by law, and I am not a lawyer, it will be under something like "a company covered by this regulation will use industry standard practices to protect customer data on mobile devices".

One of the industry standard practises is remote wipe of the whole device in the event of theft. Personal or not, the distinction is idealistic and not realistic.

Please remember that the question here is whether some sort of generic laws or regulations might implicitly require an employer to have the power to compromise their employees' personal phones and wipe their personal data, given that none of the people arguing on legal/regulatory grounds has ever come up with any citation that makes this requirement explicit.

In his post, jodrellblank mentioned "industry standard practices" as an example of such generic legal wording. The fact that many large businesses accept the policy of using employees' personal devices does not make it an industry standard. The fact that many more do not does mean that it is not an industry standard.

i expect that if my phone is ever lost or stolen, and the IT guy find someone bruteforcing some email password, that they will call and check if it's me or not before wiping my personal phone.

The warning always say "if phone is lost". it never mention "if you forget your password" or anything. that's a huge difference for the average joe to understand... hell, even the guy that writes xkcd got locked out of his android phone one day playing with the lock pattern!