16 June 2016

The New York Times: “Can Apple think outside the Device?”

Many of its competitors have been moving beyond devices toward experiences that transcend them. These new technologies exist not on distinct pieces of hardware, but above and within them. They are things like Alexa, Amazon’s ambient assistant, which lives on the internet and is ready to help you on the Amazon Echo but also on any other device that a programmer adds it to. In an era of flat iPhone sales, Apple, too, has been talking up the importance of online services, which it sees as a crucial part of its future growth.

So the primary question Apple had to answer at its annual developer conference this week was whether it could expand its worldview. Could it break free from the limiting perspective of individual devices?

The answer: Yes, but slowly — and it’s hard to tell if Apple is thinking big enough.

Farhad Manjoo

Apparently not. The problem with Apple’s device-centric approach, as pointed out in the article as well, is that Siri, Apple’s ‘intelligent assistant’, can’t know what you do on other devices – even if you buy exclusively Apple products! Just stop to think for a second how dumb that is! She also has a different set of capabilities on each Apple device, and can’t perform them outside of those specific devices.

Another question I don’t see answered (or even asked) anywhere is: what happens when you replace a device, say your iPhone? Does Siri need to learn everything about you from scratch? And by extension, all the knowledge accumulated across the years about the owner is lost forever…

But by accepting this lesser assistant users gain much better privacy, right? Well, starting with iOS 10, Apple will be relaxing its tough stance on privacy with something called ‘differential privacy’ and will collect much more data on users – to feed its intelligent services of course. Differential privacy is supposed to obscure individual identities by adding mathematical noise to collected data, not too much as to make data unusable, but just enough to remove personally identifiable information. It remains to be seen how well can it work in practice.

As an academic researcher and a security professional, I have mixed feelings about Apple’s announcement. On the one hand, as a researcher I understand how exciting it is to see research technology actually deployed in the field. And Apple has a very big field.

On the flipside, as security professionals it’s our job to be skeptical -- to at a minimum demand people release their security-critical code (as Google did with RAPPOR), or at least to be straightforward about what it is they’re deploying. If Apple is going to collect significant amounts of new data from the devices that we depend on so much, we should really make sure they’re doing it right -- rather than cheering them for Using Such Cool Ideas. (I made this mistake already once, and I still feel dumb about it.)

Matthew Green

Post a Comment