Google Glass and corporate policies

GarudaMin

For those in InfoSec positions (especially those higher up in the chain who deals with policies):

Have you guys started writing policies for your workplace for Google Glass yet? If so, want to share what you are doing (banning it completely or creating acceptable policy, etc.)?
If you haven't thought about it yet, I urge you to start now since it's out.

NovaHax

I would imagine most organizations that have secure facilities that prohibit photograph or video technology will just lump glass in with those.

GarudaMin

Right. But what about wearing in workplace? We know that any action one does (recording, taking picture, etc.) go straight to Google, a huge security and privacy concern there.

GarudaMin

Google changed their Privacy and Terms on April 14th (my conspiracy theory is due to Glass). It has extended its reach (a whole lot):

"When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services...."

https://www.google.com/intl/en/policies/terms/archive/20131111-20140414/

networker050184

I don't see why it would be any different than modern cell phone rules. Both have basically the same ability to capture photos and video. So probably not much to change besides adding a specific clause for Glass.

GarudaMin

Not necessarily. Smart phones can be managed by MDM solutions (such as disabling camera based on geolocation, controlling apps, etc.). Anything you do with Glass go straight to Google, no controls (unless MDM solutions update their features).

networker050184

Right, but I'd think it would fall into the same category as a personal cell phone, camera etc that isn't company controlled.

GarudaMin

True. But I worry a little bit more since Google really is evil.

the_Grinch

We sent out a directive explicitly banning Google Glass from all properties. An out and out ban saves us from having to be concerned with and proving that cheating/colluding was occurring. In theory the "no video photography without written approval several weeks in advance" should cover it, but obviously the argument then is that they were turned off. Save yourself the hassle and explicitly write the policy banning the device if you are in an environment that warrants that type of security.

tpatt100

I would just push for a complete ban because it's not worth the hassle to try and write up security controls for it. Any place I worked with security facilities didn't allow any mobile devices inside the secure rooms so I assume wearing a camera on your face counts as a mobile device.

FloOz

A lot of people around my office have been wearing the Google Glasses, and there is already lots of talk about incorporating some sort of policies to their usage. I'm pretty sure they will be banned soon from the workplace. Many areas have very sensitive information as well the potential theft of documents from user PCs. (record your screen)