Apple Using Differential Privacy To Protect User Data

At the Worldwide Developers Conference on Monday, Apple announced that the upcoming iOS 10 will utilize differential privacy in order to keep user information private.

Senior Vice President of Software Engineering Craig Federighi explained during Apple’s keynote that “Differential privacy is a research topic in the area of statistics and data analytics that uses hashing, sub-sampling and noise injection to enable this kind of crowdsourced learning while keeping the information of each individual user completely private.”

Apple will use differential privacy to analyze data from users’ keyboards, Spotlight, and Notes features. Federighi reported that differential privacy expert and University of Pennsylvania Professor Aaron Roth described Apple’s work in differential privacy as “groundbreaking” during a voluntary peer review.

Differential privacy works by first algorithmically scrambling user data before it reaches Apple, and then by inserting random noise data. The effect is that while Apple can still analyze patterns and trends within user data, they cannot trace any information back to a particular person.

For example, while differential privacy will allow Apple to track popular new words as they come into use through iMessaging in order to quickly recognize and adapt to changing language patterns, they will not be able to identify who in particular is using the new words.

[Photo By Justin Sullivan/Getty Images] [Photo By Justin Sullivan/Getty Images]Roth spoke to Wired about Apple’s announcement. “You might do something more clever than the people before to anonymize your data set, but someone more clever than you might come around tomorrow and de-anonymize it,” he said. “Differential privacy, because it has a provable guarantee, breaks that loop. It’s future proof.”

Roth described Apple’s differential privacy use as a “mathematical proof” that guarantees that Apple cannot glean any personal information from its users.

Not everyone is as optimistic as Roth, however. During the keynote, cryptographer and security technologist, Matthew Green, tweeted about why he remained a skeptic. “Most people go from theory to practice, then to widespread deployment,” he wrote. “With Differential Privacy it seems Apple cut out the middle step.”

[Photo By Miquel Benitez/Getty Images] [Photo By Miquel Benitez/Getty Images]In an interview with Fast Company, technology expert William Budington expressed a similar hesitance to jump on board.

“What remains to be seen is how these features will be implemented,” Budington said. “Implementing privacy-protecting algorithms are often tricky to get right—just because it works on paper doesn’t mean it will act properly when implemented in software.”

However, Budington added that “If the claims are true, it will allow Apple to do aggregate data-mining while at the same time respecting the privacy of its customers.”

Green shared more about his skepticism with reporters at Gizmodo.

“It’s a really neat idea, but I’ve never really seen it deployed,” he said. “It ends up being a tradeoff between accuracy of the data you are collecting and privacy … The accuracy goes down as the privacy goes up, and the trade-offs I’ve seen have never been all that great.”

Apple is believed to be the first major company to release differential privacy on a large scale, which explains the skepticism.

However, the company has a history of prioritizing user privacy. Unlike competitors, Apple has developed its iMessaging system with end-to-end encryption, protecting user data at a sacrifice to themselves, something neither fellow big names Google nor Facebook have done in their respective messaging services.

Earlier this year, Apple famously clashed with the U.S. government, refusing to give in to a court order to develop a backdoor so that the FBI could access an iPhone 5c belonging to one of the San Bernadino shooters.

Adam Smith, an associate professor at Pennsylvania State University who has been involved in differential privacy research for over a decade, is optimistic about Apple’s rollout.

“We don’t need to collect nearly as much as we do,” he said. “These types of technologies are a really different way to think about privacy.”

“Whether or not they’re entirely successful, I think it will change the conversation completely,” Smith continued. “I think the way people think about collecting private information will change drastically as a result of this. And that may ultimately be the biggest legacy of this project at Apple, possibly far beyond the financial implications for Apple itself.”

The new iOS 10 has been available in beta form for developers since Monday, and Apple plans on releasing a public beta in July.

[Photo By Justin Sullivan/Getty Images]