How Different is Apple’s Differential Privacy?

Apple has claimed at every possible opportunity that it knows very little about its users, as privacy-focused marketing was a way to differentiate itself from competitors such as Microsoft and Google. But the company found itself in an awkward situation – see its efforts in AI – when its privacy policy obstructed its progress, which ultimately prompted Federighi to acknowledge that collecting user information is essential to making good software. Apple had to find a way to offer “great features and great privacy”. The answer: differential privacy. Wired has tried to find out more on this topic.

“Differential privacy is a research topic in the areas of statistics and data analytics that uses hashing, subsampling and noise injection to enable…crowdsourced learning while keeping the data of individual users completely private. Apple has been doing some super-important work in this area to enable differential privacy to be deployed at scale,” Apple SVP Craig Federighi said on stage yesterday.

What sets differential privacy apart is that it lets Apple learn as much as possible about a group, “while learning as little as possible about any individual within it.” To make that clearer, Apple is able to collect and store user data that helps it understand what people want, like, say, and do. “But it can’t extract anything about a single, specific one of those people that might represent a privacy violation, and neither, in theory, could hackers or intelligence agencies”, Wired explains.

According to Aaron Roth, a University of Pennsylvania computer science professor whom Apple’s Federighi quoted in his keynote presentation, differential privacy is “future proof”. “Differential privacy lets you gain insights from large datasets, but with a mathematical proof that no one can learn about a single individual.”

So, in the end, Apple collects more information about you, just like Facebook or Google does. But the difference between Apple and its competitors is that Apple is only transmitting that data using differentially private forms. The transformations, as named by Federighi, are hashing, subsampling and noise injection, and all of these techniques serve the purpose of protecting your data.

The official Apple response sent to Wired when asked to detail the technique was:

Starting with iOS 10, Apple is using Differential Privacy technology to help discover the usage patterns of a large number of users without compromising individual privacy. To obscure an individual’s identity, Differential Privacy adds mathematical noise to a small sample of the individual’s usage pattern. As more people share the same pattern, general patterns begin to emerge, which can inform and enhance the user experience. In iOS 10, this technology will help improve QuickType and emoji suggestions, Spotlight deep link suggestions and Lookup Hints in Notes.

Even the professor quoted by Federighi gave a general answer without going into details: “I think they’re doing it right.” So it remains to find out more about what happens in reality over the next few months.