Apple: how data harvesting is core to it addressing privacy
Company prepares to deploy ‘differential privacy’ as it develops user services
Apple’s head of software engineering, Craig Federighi, giving the keynote address at the Worldwide Developers’ Conference: “We believe you should have great features and great privacy,” Federighi said. Photograph: Gabrielle Lurie/AFP/Getty Images
It is one of the defining observations of the online age: “If you are not paying for it, you’re not the customer: you’re the product being sold.” It’s a simple maxim that highlights the sort of compromise we make in the era of Google and Facebook, giving up our data, and with it a large chunk of our privacy, to companies for a range of digital services.
However, at this point it’s clear that most people don’t mind being the product – most of us have happily allowed ourselves to be sold off in return for using their search engine or webmail or social networking.
In the larger sense, though, that line (appropriately enough, often credited to a commenter on web forum Metafilter) gives the illusion of a choice in the matter. In reality, there isn’t much of a choice – these companies don’t have significant rivals, and the upstarts that do exist and which refuse to harvest your data don’t work as well, on the whole.
Furthermore, the accumulation of our data is what makes these services so good. Social networking, most obviously, is by its very nature built on the volunteered private details of billions of people, but all sorts of technologies are being fuelled by increasingly sophisticated analysis of big data sets. And with all of us carrying smartphones in our pockets that can gather and transmit massive amounts of data about our whereabouts and activities, those data sets are only getting bigger and bigger.
Ultimately, that accumulation of data is a major competitive advantage for Google and Facebook, in particular, which few other companies can rival, and especially not those companies that take a firm stand on user privacy.
Which brings us to Apple, which has always loudly disavowed the gathering of data at the expense of their customers’ privacy. Apple co-founder Steve Jobs made it a point of pride, and current chief executive Tim Cook doubled down on the policy earlier this year during the company’s battle with the FBI over the bid to crack the iPhone of one of the assailants in the San Bernardino terrorist attack.
However, while the company evidently values their customers’ privacy, it would be naive to think this stance was based purely on a matter of principle. Rather, it is the result of the alignment of their interests with those of their users. Most obviously, and returning to that opening maxim, Apple’s customers most certainly are paying for “it”, whether the it is an iPhone, iPad or MacBook. With customers paying handsomely for their products, Apple maintains margins miles ahead of its rivals and thus doesn’t have to monetise those customers by selling their attention and data to advertisers.
Growing out of this situation was the conviction that the privacy and security of the iPhone in particular is a unique selling point, further differentiating the iPhone from Android smartphones, and thereby further justifying those high margins.
The company often boasts about how little it knows about its users, and how it encrypts iMessage and Facetime, and so on. It’s a marketing angle born of its natural incentives not to make a product of its users, and one that it is extremely committed to. Hence the firm stance against the FBI.
However, at a certain point this prioritisation of their users’ privacy has come to limit their ability to rival the services offered by Google, in particular, and to a degree Facebook. Apple’s iCloud services, incorporating data storage, cloud photo management, webmail and so on, have often paled in comparison to those offered by its rivals. At its worst, it seemed as if Apple was giving itself a ready-made excuse to offer less compelling services under the banner of its commitment to privacy.
So at last week’s Worldwide Developers’ Conference keynote, Apple’s head of software engineering, Craig Federighi, announced they were going to do something about this.
“We believe you should have great features and great privacy,” Federighi said. “Differential privacy is a research topic in the areas of statistics and data analytics that uses hashing, subsampling and noise injection to enable . . . crowdsourced learning while keeping the data of individual users completely private. Apple has been doing some super-important work in this area to enable differential privacy to be deployed at scale.”
For those of us who aren’t mathematicians, “hashing, subsampling and noise injection” might as well be a magical incantation, so we’re going to have to take Apple on its word that differential privacy does what they claim it can do.
There will be plenty of experts, however, who will closely scrutinise Apple’s application of differential privacy, particularly as the company moves into the field of health tech with advances in the Apple Watch and its related health and fitness software efforts.
In a fascinating post on differential privacy by Matthew Green, a cryptographer and professor at Johns Hopkins University, he concluded by pointing out that tension. “If Apple is going to collect significant amounts of new data from the devices that we depend on so much, we should really make sure they’re doing it right . . . At the end of the day, it sure looks like Apple is honestly trying to do something to improve user privacy, and given the alternatives, maybe that’s more important than anything else.”