Apple Vice President of Software Engineering, Craig Federighi, discussed his company’s thoughts on ad tracking and more at the European Data Protection and Privacy Conference today. Not surprisingly, he stressed the importance of privacy for Apple — which has made it a centerpiece — in particular and users in general.
Privacy is possible…
It is “absolutely possible to design technology that respects [customer] privacy and protects their personal information,” Federighi said during this speech. “When it comes to privacy protections, we’re very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from.”
…but it’s under assault
Apple believes privacy to be a fundamental human right and builds privacy into all the operating systems used in its products. “We’re responsible not only for upholding Apple’s commitments to privacy, but for actually embodying those commitments as code,” he said.
Echoing CEO Tim Cook’s 2018 warning on the evolution of privatized surveillance, Federighi stressed the danger we face: “Never before has the right to privacy — the right to keep personal data under your own control — been under assault like it is today.”
Federighi spoke a little about the history of computing, pointing out that data was originally kept on floppy discs in a box beside the desk, not in the cloud. Now, he warns: “The mass centralization of data puts privacy at risk — no matter who’s collecting it and what their intentions might be. So, we believe Apple should have as little data about our customers as possible.
[Also read: How to stay as private as possible on the Mac and How to stay as private as possible on Apple’s iPad and iPhone]
On Apple’s approach to privacy
“Now, others take the opposite approach,” he said. “They gather, sell, and hoard as much of your personal information as they can. The result is a data-industrial complex, where shadowy actors work to infiltrate the most intimate parts of your life and exploit whatever they can find — whether to sell you something, to radicalize your views, or worse.”
Apple’s response to this is not to collect the data in the first place, which it calls data minimization.
He pointed to another strand in Apple’s strategy: To process what data is collected on the device, rather than in the cloud. This approach is designed to keep private data under a user’s control.
Apple also continues to work to make it as transparent as possible when it is collecting data, and to provide users with control over that process. Apple watchers know this is a continuing process; maintaining data security is also critical to the entire attempt.
On designing privacy into everything
Federighi told the conference that every single product and feature is developed in collaboration with Apple’s teams of privacy engineers. That’s not unusual, he conceded. “What makes us different is that Apple’s privacy engineers are not trying to find justifications to collect as much data as possible.
“Quite the opposite,” he said. “If we can’t say that we’ve ensured the best outcome for privacy and the user’s experience, we won’t ship that software to our customers. Period. ”
On end-to-end encryption
Apple’s software chief looked at the evolution of the iPhone and the need for end-to-end encryption.
Observing that the device is used to share some of the most important personal and enterprise information users have, Apple saw the need for privacy as paramount, which is why it put end-to-end encryption inside these devices.
“The problem is that communication over the internet is rarely so direct as that. When you communicate with another person online, your message doesn’t reach them until it has traveled through a number of intermediaries — from the free Wi-Fi you might use to the internet service providers that are the backbone of the Internet. If the data you send is unprotected, those intermediaries and others are able to listen in on your conversation. And they can exploit what you say for their own purposes.”
Apple put this kind of protection inside FaceTime from the start. It has taken almost 10 years, but “now even the most data-hungry tech companies have started building encryption into their communication products,” he said.
[Also read: 12 security tips for the ‘work from home’ enterprise]
On location and tracking
“Where you go says a lot about who you are,” Federighi explained, “like whether you go to a particular place of worship, or a particular medical clinic that specializes in a particular illness. There is an enormous potential for this kind of data to be misused. And the way some apps are designed, users may have no idea that they’re giving it away.” Federighi talked up Apple’s continued work to protect this kind of information, including its use of Approximate Location technologies.
Federighi also discussed Apple’s work to prevent rapacious ad firms from tracking users across the internet.Pausing to observe that, far from breaking the ad economy, ad revenue has climbed every year since Apple began to limit this practise on its platforms, he said:
“When we launched ITP, other companies — the ones that had grown very attached to invasive tracking — said that users didn’t deserve to have these protections. And they claimed that ITP would, quote, ‘sabotage the economic model of the internet.’
This didn’t happen.
Federighi also discussed the forthcoming App Tracking Transparency protection the company is building; it’s designed to prevent apps from tracking users without express permission.
“Of course, some advertisers and tech companies would prefer that ATT is never implemented at all. When invasive tracking is your business model, you tend not to welcome transparency and customer choice,” he said.
Some have already begun to make outlandish claims, like saying that ATT — which helps users control when they’re tracked — will somehow lead to greater privacy invasions.
To say that we’re skeptical of those claims would be an understatement. But that won’t stop these companies from making false arguments to get what they want. We need the world to see those arguments for what they are: a brazen attempt to maintain the privacy-invasive status quo.
Federighi also had a lot to say concerning the way regulators and tech firms can work together. “Yet on their own, even the most visionary laws are not enough in themselves. These principles behind the regulation have to find expression in the technology that companies like Apple create. So as policymakers look at the evolving landscape and decide what steps are essential, we do the same, with the unique tools at our disposal.
“Speaking again as an engineer: we are never content. Old solutions become out-of-date pretty quickly; the pace of change is relentless. But so, I think, is the pace of progress. Every day, we’re working to expand the frontier of what’s possible. To deliver great product experiences and great privacy, without compromising either. Of course, the tools available to engineers and policymakers are very different.
“But our efforts can inform and reinforce one another — as they must. Together, we achieve results that would be impossible alone.”
You can read the complete transcript here.