Each year at Apple’s developer conference (WWDC), the privacy segment starts with an affirmation “we believe that privacy is a fundamental human right”. As a privacy specialist I’ve always found that statement curious, privacy IS a fundamental human right and has been formalized as such since 1948. The Universal Declaration of Human Rights outlines 30 articles with the 12th affirming that “No one shall be subjected to arbitrary interference with their1 privacy”.
Last year’s event saw some substantial shifts with the effective killing of Identifier for Advertisers (IDFA) after having introduced it as a privacy-preserving measure less than a decade earlier. This year, the announcements in the keynote and the subsequent privacy pillars in focus session were more incremental, productizing some of last year’s changes.
TLDR, on the overall the announcements were underwhelming mostly providing pre-existing, albeit tightly integrated capabilities. The primary area I was really excited about was Apple’s push for privacy engineering and getting developers to build for privacy by adopting some fundamental “pillars” including data minimization, on device processing as well as user transparency and control.
- IP address blocking: provided in both native mail and browsing (Safari) to shield the users IP address (and by extension their approximate location) from third parties.
- Privacy reports: these dashboards provided for both browsing (Safari) and apps deliver transparency so that individuals can see if and when their data is shared with third parties. This function has serious limitations as data shared on the server-side (rather than directly from the app/browser) would be completely opaque to Apple.
- SIRI on device voice processing: following concerns over the years regarding external contractors listening to recordings to help improve speech recognition, Apple has introduced on device voice processing thanks to the on-chip Neural Engine. The commitment is that the audio data will never leave the device.
- iCloud+: a new paid tier of iCloud that provides two2 privacy centric services,
- Private Relay: a built-in, always active VPN service with location fidelity, meaning that the it cannot be used to mask a user’s city or country.
- Hide My Email: allows users to generate random email addresses to use with different services. This allows the individual to hide their identity and potentially shield themselves from harm in the case where a provider suffers a breach.
- iCloud account access features: as part of the privacy portion of the keynote Apple curiously highlighted two iCloud features that are NOT privacy focused. The first allows the user to recover their account through a nominated friend and the second is the Digital Legacy Program, which makes it easier for pre-approved individuals to gain access to iCloud data of a deceased person.
What continues to be unclear is how much of the data Apple shields from third parties it keeps for itself and how much control the user has regarding the collection of their data by Apple. This is not a new concern, last year when Apple required application developers to provide the list of third parties with whom they shared user data, they preset themselves as an exception, effectively pre-approving any user data developers shared with Apple.
Lastly, with more data being routed through Apple cloud services, their responsibility for data protection from malicious attackers as well as from disproportionate government lawful access requests increases proportionally.
1 The original text is “his privacy” which I’ve taken the liberty of correcting.
2 iCloud+ also provides HomeKit Secure Video which allows individuals to store unlimited home surveillance feeds but is not a privacy feature.