It turns out that there’s at least one thing the ideologically divided U.S. Supreme Court can agree on: digital privacy. Last week’s unanimous ruling that police must acquire a warrant prior to examining the contents of an arrested person’s “cellphone” was loudly applauded by advocates of digital privacy rights.
“These decisions are huge for digital privacy,” said Electronic Frontier Foundation staff attorney Hanni Fakhoury in a press release issued by that organization. “The court recognized that the astounding amount of sensitive data stored on modern cell phones requires heightened privacy protection, and cannot be searched at a police officer’s whim.”
How widely the impact of the decision will be felt was a point of debate in the immediate aftermath of the ruling. Some groups, such as the EFF, interpreted the ruling as having broad implications, possibly impacting the manner in which government agencies conduct electronic searches and cyber surveillance.
But what does the decision mean for enterprise mobility? Should CIOs and business leaders rethink enterprise mobility practices or policies following the ruling? What about BYOD?
Here are a few reasons why they probably should.
I’m no lawyer – and the totality of my judicial knowledge comes from the Law & Order rerun vault. But it doesn’t take a law degree to understand that the already treacherous legal terrain surrounding the handling of personal information on mobile devices used for work may have gotten even slipperier for employers.
If mobility privacy laws had a color, the current shade would be gray. That’s mostly because the lines between work and personal are increasingly blurring for a large percentage of the workforce. No one knows where the line is drawn and even businesses that require employees to sign a waiver may be exposed to privacy violation lawsuits if they mishandle personal information.
“Employers commonly assume the right to wipe data stored on BYOD devices, but indiscriminate data wipes that include employees’ personal information, including personal contacts, emails, photographs, videos, books, music, etc., could result in loss of irreplaceable personal data,” according to a recently published white paper, Mitigating Security & Compliance Risks With EMM, from market research firm Heavy Reading. “Employers could be subject to criminal and civil liability if the employee has not authorized such wipes.”
The recent Supreme Court ruling may have tilted the scales of justice toward employees, as it establishes the first real precedent regarding digital privacy in the US. If the recently arrested now have the right to shield the digital content of their smartphones from law enforcement, it would be reasonable to assume that “the privacies of life” stored on the personal devices of employees, as Chief Justice John Roberts put it, will now enjoy an elevated level of protection.
While it’s still unclear if an employer is completely protected if it owns its workers’ mobile devices, some legal authorities believe that a corporate-liable (owned) device policy (aka COPE) gives organizations a more easily wielded shield against privacy lawsuits than a BYOD policy.
A second element of the court ruling that could complicate the already onerous array of regulatory requirements aimed at mobile communications is the concurring opinion of Justice Samuel Alito, which encourages legislatures to become more active in defining digital privacy rights for the 21st century. If federal, or even state, lawmakers follow through on Justice Alito’s challenge, businesses could soon be confronted with a new series of compliance hoops to jump through.
BYOD end points, which are often only loosely managed and monitored by IT, can at times present a compliance challenge – to say the least.
A third and final reason that last week’s ruling could cause CIOs to reconsider widespread support of BYOD is the cultural milestone it represents.
Though few high-profile security breaches can be traced to mobile end points, security experts believe that it’s just a matter of time before malicious hackers and cyber terrorists focus their full attention on smartphones, tablets and other mobile end points. That watershed moment will likely occur when enterprises fully exploit the productivity benefits of extending their core business processes and behind-the-server data to a mobilized workforce.
The average age of the justices of the current US Supreme Court is 68. If this ancient and august body, with a reputation for being technology tone deaf, is capable of recognizing the power and potential of mobile computing, as was clear from Chief Justice Roberts’ opinion, how long before the world’s most technology savvy organizations do the same?
It’s a simple equation. As mobile devices store more and more of a business’s sensitive information, they become increasingly attractive targets of malicious hackers. CIOs and business leaders need to ask themselves: Will BYOD be able to withstand these inevitable assaults?
While the actions of the Supreme Court only affect businesses in the US, European governments already tend to provide employees with greater digital privacy protection than in the US, according to the Heavy Reading white paper.
BYOD has a prominent place in the enterprise mobility landscape. Last week’s ruling, however, may be the latest sign that BYOD’s role in securing sensitive information and tracking regulatory information should be limited.