Subscribe & Follow
Apple joins AI scene late but raises privacy standard
If you know anything about Apple, you’ll understand that this approach to computing is new territory for the iPhone and they’ve integrated this in the most nerdy way possible.
The name for the solution, Private Cloud Compute (PCC), is predictably focused on communicating privacy above all else to its users.
Apple says that this system extends the robust privacy measures of Apple devices into the cloud environment and “sets a new standard for cloud privacy”.
Traditionally, cloud-based AI processing had inherent privacy risks due to the need for unencrypted access to user data.
PCC directly addresses these challenges with a new approach that prioritises user privacy.
State security
First there’s Stateless Computation where user data is only used to handle requests and is then deleted. This approach could also circumvent data management laws in the US.
The US Lawful Access to Encrypted Data Act was designed to enhance law enforcement's ability to access encrypted data, both at rest (stored data) and in motion (transmitted data).
For data in motion (data transmission off device), the bill mandates that communication service providers with over a million monthly active users must be capable of providing law enforcement with decryption or decoding of communications.
Providers must be able to decrypt or decode intercepted communications unless technically impossible due to actions of unaffiliated entities. But, since Apple is disposing of the data afterwards, they cannot be compelled to provide it.
From a customer protection side, Apple has enforceable guarantees in place where the security and privacy features of PCC are backed up by technical proof.
Anonymous
PCC blocks anyone, even Apple staff, from accessing user data during processing, and its design makes it difficult for hackers to target specific users' data. Apple will also publish software images of PCC builds, allowing researchers to verify the system's privacy claims.
Apple is hiding user device's IP address behind a third-party relay before sending requests to external servers. This stops the linking of requests with specific users, improving privacy.
Requests are also scrambled using the public keys of checked PCC nodes, making sure they are encrypted from end to end and blocking access to the request in transit by any entity outside of the PCC nodes.
This encryption pipeline is a legitimately exciting step in the evolution of cloud computing and could force a Google to follow suit on Android and prioritise user trust and data protection. With PCC, users can benefit from cloud-based AI while maintaining control over their personal information.