Apple Must Convince Us to Trust AI With Our Data
Techno-wizardry could help keep our data safe, but it won’t eliminate the need to get the basics right.
Techno-wizardry could help keep our data safe, but it won’t eliminate the need to get the basics right.
Apple recently announced its first foray into the wild and wonderful world of AI, and it’s hoping to convince us that “Apple Intelligence” can solve the enduring privacy challenges associated with AI technologies.
Apple’s plan involves a slew of technological fixes designed to unlock the value of AI without putting people’s data at risk. Most of Apple’s AI processing will take place on-device, theoretically reducing the risk of data being leaked by or absorbed into AI models. More complex AI calculations, however, will still take place in the cloud, via an encrypted mechanism that Apple is calling “Private Cloud Compute.”
Effectively, Private Cloud Compute offers an arm’s-length alternative to conventional cloud-based AI: some subset of your data drifts into the cloud, but it isn’t stored there or passed to third parties. Apple says only specified AI models will be able to unlock the user’s data, and that the security of its AI infrastructure can be verified by independent security researchers.
That’s all well and good, but the reality is that only a tiny proportion of Apple customers will have any idea whether Apple’s privacy system is really working as advertised. The technology may well be just as effective as Apple says – but whether consumers accept it will depend, quite simply, on whether or not they trust the tech giant to do right by them.
The Rise of Techno-Wizardry
Apple isn’t the only company offering technological fixes for AI-related privacy concerns. Many tech companies are holding out synthetic data as a privacy solution: instead of feeding your data into AI models, they argue, it’s possible to use simulated datasets that are statistically similar to the real thing, but not directly traceable back to any individual’s actual data.
Some important questions remain, however. Researchers say that the more sophisticated synthetic data grows, the more closely it will approximate the data it’s mimicking – and the easier it will become to infer actual facts about individuals based on synthetic data. That’s especially true of “outlier” individuals, like a patient with an unusual medical condition or someone with huge amounts of debt. Of course, those outliers might be the very people who are most concerned about protecting their privacy.
This doesn’t mean synthetic data is a bad idea. In many cases, it may well work exactly as advertised, enabling AI functionality while protecting user privacy. But once again, this is a technological fix that’s far too complex for individuals to be able to understand.
When users put their trust in a company that’s using synthetic data, in other words, they aren’t actually trusting “synthetic data.” Instead, they’re choosing to trust the company that’s telling them that synthetic data is sufficient to protect their privacy.
In just the same way, Apple users won’t really be making an informed decision about whether Private Cloud Compute is enough to keep them safe; they’ll just be deciding whether or not Apple itself is sufficiently trustworthy.
How Much do You Trust Apple
Now, I’m not here to tell you that you shouldn’t trust Apple with your data. But it isn’t a given that you should trust Apple, either. Apple Intelligence could potentially have access to everything from our text messages to our finances to our physical and mental health, and there are good reasons to question anyone who wants access to that much of our data.
Certainly, the US Department of Justice (DoJ) believes there’s ample reason to question the purity of Apple’s motives. In its antitrust lawsuit, the DOJ accused Apple of using privacy as a marketing stunt, and deliberately degrading user privacy – by enabling app-makers to capture data, say, or encouraging and profiting from data-driven advertising.
You can agree or disagree with the DOJ’s allegations. Many of the industry experts I talk to say that Apple does a better job than most companies of prioritizing its users’ privacy and data rights. Others, of course, believe that the company’s sheer scale (and scale of data collection) demands that it be held to a higher standard.
Either way, though, we come back to the same question: how can we, as consumers, decide who to trust? Who should we allow to access our intimate personal data – and how can we assess the claims they make about how it will or won’t be used?
The reality is that just as we can’t make sense of the endless boilerplate in companies’ privacy policies, neither can we make meaningful judgments about the technologies that companies like Apple promise will keep our data safe. Instead, we have to go back to basics, and ask whether these companies are doing right by us and offering us the transparency and control over our data that we’re entitled to expect.
Privacy and Magic
The British sci-fi writer Arthur C. Clarke famously said that any sufficiently advanced technology is indistinguishable from magic. Between Apple’s Private Cloud Compute and the rise of synthetic data, it’s starting to feel like we’re entering a new era of privacy magic: technological solutions that may well work as intended, but that are simply too complex for non-specialists to understand.
That isn’t necessarily a problem. We all use technologies we don’t fully understand: how many people can explain at a technical level how an LCD screen or a rechargeable battery actually works? But this raises the stakes when it comes to data privacy – because it means that in order for techno-wizardry to work as a privacy solution, it isn’t enough for it to be effective. It also has to be trusted, and underpinned by the moral faith and credit of the company that’s putting it forward.
Look at it this way: if Cambridge Analytica told you they’d devised a private cloud solution for AI, or started selling synthetic datasets derived from your information, would you trust them? In both cases, you might well have some serious concerns – not based on questions about the underlying tech, but on your opinion of the companies deploying it.
In the new era of technological privacy fixes, organizations obviously need to build effective data infrastructure. But they also need to pay attention to the core principles on which trust is founded: transparency, consumer control and data dignity.
Organizations that get that right have an opportunity to turn technological advances into drivers of competitive advantage – while those that fail will get snubbed by consumers, no matter how advanced their privacy technologies become
.
What We’re Reading on Ethical Tech This Week
Every week, we round up the latest in Ethical Tech. Subscribe now and also get our monthly digest, the Ethical Tech News Roundup!
Scientific American - AI ‘Surveillance Pricing’ Could Use Data to Make People Pay More
The Federal Trade Commission is studying how companies use consumer data to charge different prices for the same product
Martech - U.S. state data privacy laws: What you need to know
Six states have privacy protection laws in effect, Montana's goes online Oct. 1 and 10 other state's laws will kick in by the end of next year. Here's what you need to know about them.
Human Rights Watch - 720 Australian and Brazilian Children Better Protected from AI Misuse
Child Data Protection Laws Urgently Needed to Protect All Children
The Dutch Data Protection Authority (DPA) fined Clearview AI €30.5 million on Tuesday (3 September), for illegally building a database with over 30 billion photos.
I'm confused on this one. AI has been around for 81 years. Apple, Google, Microsoft, all of them have been using AI for a long time. You mentioned that Apple is in its first foray of AI? And we need to trust them. Those using Apple products since Steve Jobs introduced the first iPhone have been using Apple AI. Your question is a good one, but I think we need to look at the record. Has Apple already earned our trust with technology? Moving into new tools within AI should follow their continued practice of data safety. For example, if they are truly doing NLP on device, that's a huge when for privacy. There has recently been frustrations with the fact that Apple isn't reporting enough child sexual predators to NCMEC. Google, Microsoft have submitted 1,000s over what Apple is submitting. I've argued this is because Apple has a strict privacy code, Microsoft and Google don't. Would love to see the data on all of this and then we can validate the trust we've already given. With that 20+ years of assumed trust, then we can decide.