Is federal BYOD for mobile moving too fast?

Federal agencies are moving toward “BYOD” mobile policies even as questions about security and privacy continue to arise, according to panelists speaking April 4 at the FOSE conference.

A number of agencies have instituted or are considering BYOD (Bring Your Own Device) policies because many employees rely on their personal smart phones and tablets to manage their lives. The White House is preparing to release a governmentwide BYOD policy.

At the same time, the BYOD trend presents some tricky challenges not fully resolved yet, according to speakers on a FOSE panel.

Because of the ubiquity of smart phones in peoples’ lives, the government is moving toward BYOD “whether we like it or not,” said Rob Burton, partner at the Venable LLP law firm. “But this train may be moving too fast.”

One of the sticking points is whether government agencies have the right to examine or download personal information from employee devices. Burton cited a recent Supreme Court case involving a municipality investigating a policeman for alleged violations. The city downloaded personal information from the policeman’s city-owned smart phone, and the court ruled that was reasonable.

In that case, the court ruled that the government agency had a right to examine the personal information. But if the device had been owned by the policeman, the ruling might have been different, Burton suggested. The privacy expectation presumably would trump any agreements signed by the employee, he added.

“There might be some expectation of privacy in BYOD,” Burton said. “There is some real complexity in BYOD and the courts probably will deal with it.”

Another challenge is security against the growing threat of foreign agents seeking to gain access to U.S. government information, Burton said.

“We think the cyber issues for BYOD are a huge legal area and will be very tough and challenging for corporations and government agencies,” Burton said.

Even at agencies with BYOD policies in place, employees might choose not to participate because of objections to the terms of the policy, according to another panelist at a related seminar.

At the General Services Administration’s Federal Systems Integration and Management Center, about half of the 120 employees currently own personal mobile devices, said Chris Hamm, operations director at the center.

Under an existing BYOD policy and a mobile device management system, the workers are able to use those devices to access email and calendar applications, as well as some other Web browser-based applications, Hamm said.

For connection and integration with GSA’s network, the agency requests that before a device can be connected, the employee sign several agreements for security and access authorizations, Hamm said. One of the agreements is to allow remote wiping of the device under certain conditions.

Currently, only about 10 percent of the employees have opted to sign the agreements for network access for their devices, Hamm said.

“The prospect of remote wiping bothers people the most,” he added.

The FOSE conference is sponsored by 1105 Media, parent company of Federal Computer Week.