In its attempt to increase revenue LinkdIn recently release the Intro App for iOS (Apple products) for making your LinkdIn life easier. However, if you are a fiduciary of any type, you may be violating ethics rules or even the law (depending on your state) by using this app for any type of client communication.
It seems that LinkdIn thinks its a good idea to do a man in the middle attack for a good purpose. Obviously this raises a HOST of security concerns above the ethical issues. LinkdIn provided a response to some of the questions that have been raised.
There are some points that we want to reinforce in order to make sure members understand how this product works:
- You have to opt-in and install Intro before you see LinkedIn profiles in any email.
- Usernames, passwords, OAuth tokens, and email contents are not permanently stored anywhere inside LinkedIn data centers. Instead, these are stored on your iPhone.
- Once you install Intro, a new Mail account is created on your iPhone. Only the email in this new Intro Mail account goes via LinkedIn; other Mail accounts are not affected in any way.
- All communication from the Mail app to the LinkedIn Intro servers is fully encrypted. Likewise, all communication from the LinkedIn Intro servers to your email provider (e.g. Gmail or Yahoo! Mail) is fully encrypted.
- Your emails are only accessed when the Mail app is retrieving emails from your email provider. LinkedIn servers automatically look up the “From” email address, so that Intro can then be inserted into the email.
I understand LinkdIn’s “Pledge of Privacy” is meant to assuage my concerns, but I have been involve with enough computer breaches and security issues regarding litigation to know that this is no real protection for you or your clients information.
I also understand that LinkdIn thinks by making a separate email account that you use makes this more palatable, but one mistakenly sent email could get you into a world of trouble.
The encrypted communications is nice, but that is only for transmission, not storage with a key that I control. LinkdIn will still decrypt, read, modify and re-encrypt my emails.
With all the hoopla surrounding the NSA’s prism program, nobody has really been concerned with how corporate players are data mining your information. Microsoft likes to point out that Google reads all of your email, but they do to and participated willingly with the NSA. In fact, all the major “free” email services shouldn’t be used for client communications or for sensitive emails. They all have this capability and storing sensitive information on a third parties server without proper security is not recommended.
Despite these assurances, I doubt my state bar would believe me if I told them that I attempted to keep all my clients information confidential if I used this App, even accidentally. Especially considering LinkdIn’s track record when it comes to user data security after 6.5 million usernames and passwords were leaked to a Russian hacker website. Oh what fun the hackers will have with this app, now that LinkdIn has graciously provided all the details on how they accomplished this feat of coding wizardry.
Needless to say, we will not be installing this App on anyone’s iDevices in our firm.
Security is really not good when you hand the keys to the kingdom over to someone else, even for a brief moment.
How Can I Help?
If you, or someone you know, need any help with Intellectual Property issues, from filing a patent, trademark or copyright, or just need advice regarding how best to protect your inventions, ideas or your brand, please contact me for a free 30 minute consultation at email@example.com or call TOLL FREE at 1-855-UR IDEAS (1-855-874-3327) and ask for Norman.
– Ex astris, scientia –
I am and avid amateur astronomer and intellectual property attorney in Pasadena, California and I am a Rising Star as rated by Super Lawyers Magazine. As a former Chief Petty Officer in the U.S. Navy, I am a proud member of the Armed Service Committee of the Los Angeles County Bar Association working to aid all active duty and veterans in our communities. Connect with me on Google +