Security expert Schneier praises data protection at Apple Intelligence
IT security researcher Bruce Schneier finds Apple's AI approach more data protection-friendly than its competitors' methods
Apple-Intelligence-Icon.
(Image: Apple)
When Apple Intelligence functions are released to the first users in the fall, many users are likely to ask themselves how data protection will be handled. Apple has made various announcements here: for example, as much AI as possible will run locally on the individual device and server outsourcing will be completely protected thanks to private cloud computing. But how does Apple compare to the competition from Google and Samsung? The well-known security researcher Bruce Schneier has now made an initial assessment.
Security structure good, but what about OpenAI?
The expert, who now works as Head of Security Architecture at the Tim Berners-Lee start-up Inrupt,told Wired magazine that it is apparently a "pretty impressive privacy system". The aim is to be no less secure in the cloud than on the iPhone itself. "There are a lot of moving parts to it, but I think they've done pretty well." However, Apple can also integrate ChatGPT on request. There had been massive criticism from X boss Elon Musk, for example because Apple data could end up with OpenAI.
Schneier said that Apple does remove identifying information before the request is sent. However, the problem is that there is a lot of identifying information in many requests themselves. Apple is not the only company that wants to run as many AI applications as possible locally; Google, for example, has corresponding "small" models. However, this hybrid AI still lacks PCC-like approaches. Google emphasizes that it implements "robust security measures" in its data centers. No data is sent to third parties.
Private cloud compute security check with Bug Bounty
Apple plans to have PCC and on-device AI checked by external security experts. There will be a "PCC Virtual Research Environment" for this purpose, and binary images of each PCC build will also be published. The bootloader and firmware will be published as plain text. The company is also setting up a new bug bounty program, which will presumably have high payouts.
An interesting question raised by Schneier is how OpenAI technology will be integrated into the system. The company recently demonstrated that it is apparently knitting with a hot needle when it comes to security: The macOS version of ChatGPT, a first official desktop client, simply stored chat data in plain text on the SSD.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
