The recent firing of a Google employee demonstrates how you relinquish your privacy—and private data, including personal photos—when you put work accounts on your personal device.
[Photo: Engin Ozber/iStock]
The Bill of Rights covers only what the government can do to you. Unless you work for the government, many of your rights to free speech and freedom from search and seizure stop when you walk in, or log in, to your job. “If you’re on your employer’s communications equipment, you’ve got virtually no privacy in theory and absolutely none in practice,” says Lew Maltby, head of the National Workrights Institute.
The lack of workplace digital privacy has become a hot topic with the recent firing of four Google employees for what Google says were violations such as unauthorized accessing of company documents and the workers say was retaliation for labor organizing or criticizing company policies. One of them, Rebecca Rivers, recounts how her personal Android phone went blank when she learned that she’d been placed on administrative leave in early November. (Google subsequently fired Rivers.)
“At nearly the exact same time, my personal phone was either corrupted or wiped,” she said at a Google worker rally in November. The loss was especially painful for Rivers, who is transgender. “Everything on my phone that was not backed up to the cloud was gone, including four months of my transition timeline photos, and I will never get those back,” she said, her voice quavering.
How did this happen? Likely through an Android OS feature called a work profile, which allows employers to run work-related apps that the employer can access and manage remotely. Apple iOS has a similar capability called MDM, mobile device management, in which work apps run in a virtual “container” separate from personal apps. Various companies make MDM applications with varying levels of monitoring capabilities.
Rebecca RiversEverything on my phone that was not backed up to the cloud was gone.”
There are many legitimate reasons why a company might want to use this tech: It allows them to implement security measures for protecting company data in email and other apps that run in the separate work profile or container, for instance. They can easily install, uninstall, and update work apps without you having to bring the device in.
But they can also spy on you, or wipe out all your data—whether deliberately or negligently. That’s why mixing work networks and personal devices is a bad idea. If a company says you have to be online, they should provide the gear to do it. Annoying as it is to lug two gadgets around, the annoyance (and danger) of surrendering your own device to corporate control is a lot worse.
All modern phones have GPS capability. With a work profile or MDM toehold in your phone, an employer could install an app to track everywhere you go, as Owen Williams at OneZero points out. He gives the example of MDM maker Hexnode, which goes into great detail on how it can track device location at all times.