Apple and Differential Privacy – is it different and is it private

Apple and Differential Privacy

Apple has announced that iOS10 will use ‘differential privacy’ to maintain the privacy of the data is collecting. Apple SVP Craig Federighi said that the ‘…great work in iOS 10 would be meaningless if it came at the expense of your privacy’.

I will admit that I had not come across Differential Privacy before so I did some research to find out what it means, if it will provide the results Apple wants but still protect the privacy of users. I looked at a number of articles, including a paper by Microsoft research.

What is Differential Privacy

It is the statistical science of trying to learn as much as possible about a group while learning as little as possible about any individual in it. For us mere mortals that means  you can collect data in a format that lets you find out what users do as a group without allowing anything about an individual to be known. So Apple could not identify individuals and neither could anyone that managed to hack into the database.

It works by adding some ‘noise’ – random data – that obscures the real, sensitive personal information.  Federighi said it would also be using hashing (a cryptographic function that irreversibly turns data into a unique string of random-looking characters) and subsampling (only a portion of the data) to improve protection.

How does that help Apple

Apple needs to analyse user behaviour to improve the accuracy of its recommendations. For example, the links selected most often in response to a Spotlight search query or the most popular emojis. The ‘noise’ means that the results are never 100% accurate but, over time, trends emerge that are useful.

Will it work

Is depends on who you ask. The ‘Fools Gold‘ paper says it is only suitable for a narrow
set of research uses and ‘will usually produce either very wrong research results or very useless privacy protections’. But others take the opposite approach and put forward a case that it will provide useful information and maintain privacy.

Going back to the original questions. Is it different – it is a different approach. Is it private – the techniques mentioned by Apple point towards privacy being maintained. Unless Apple has an independent body review the approach we may never know how private your data will be, but it certainly seems to be a good idea if everything is done correctly.

 

References

http://research.microsoft.com/pubs/64346/dwork.pdf

https://github.com/frankmcsherry/blog/blob/master/posts/2016-02-03.md

https://research.neustar.biz/2014/09/08/differential-privacy-the-basics/

http://www.recode.net/2016/6/13/11925660/apple-differential-privacy

https://www.wired.com/2016/06/apples-differential-privacy-collecting-data/