Apple's security message: Keep data safe by keeping it out of the cloud

Posted:
in iPhone edited April 23

Apple consistently beat the drum about data security at its Wonderlust event and it's a message that's worth emphasizing -- keeping your data safe sometimes means keeping it out of the cloud altogether.




Apple certainly has a better track record than some companies when it comes to corporate data security. And, the company has emphasized many times over the years that it doesn't try to monetize your info in the same was as Google and other companies.

The risk is always there that someone, somewhere may get access to your personal information in the cloud.

Doubling-, tripling-, and perhaps even quadrupling-down on the concept of data security this week, Apple emphasized features in both the A17 Pro System on Chip (SoC) powering the iPhone 15 Pro and the S9 System in Package (SiP) powering the Apple Watch Series 9 that enhance personal data security by helping to keep more of your most intimate health information local, and out of the cloud altogether.

The key is the increased capability of the Neural Engine components of both these systems - the part of both systems that manages Machine Learning (ML) functions.

Keeping data on device



During the event, Deidre Caldbeck, Apple's Director, Apple Watch Product Marketing, gave an explanation of how the S9 chip works.

"Thanks to the powerful new Neural Engine, Siri requests are now processed on-device, making them faster and more secure," said Caldbeck. "This means that the most common requests, like 'Siri, start an outdoor walk workout,' no longer have to go to the cloud, so they can't be slowed down by a poor Wi-Fi or cellular connection."

What's more, Caldbeck explained that Siri health queries are processed on-device by the S9, eliminating roundtrip cloud data movement to record and view personal health data like sleep schedule, medication info, workout routines or menstrual period data.

Siri Health data is processed on Apple Watch S9 instead of the cloud
Siri Health data is processed on Apple Watch S9 instead of the cloud



Later on during the event, Sribalan Santhanam, Apple's VP, Silicon Engineering Group, echoed some of Caldbeck's comments to explain how the iPhone 15 Pro's A17 Pro chip worked.

"The Neural Engine uses machine learning on the device without sending your personal data to the cloud," said Santhanam. He couched his explanation with examples of convenience more than security, as the capability enables typing autocorrect functionality to work more accurately, or being able to mask subjects in photos from their background, or even to create a Personal Voice.

Regardless, the emphasis is the same. Both the new S9 and A17 Pro processors do more on-chip, to keep your data on the device instead of traveling to the cloud.

Inside Apple's Neural Engine



Apple introduced the Neural Engine with the A11 chip when it rolled out the iPhone 8 and iPhone X, and it's been a part of Apple Silicon ever since.


The A17 Pro features twice the Neural Engine performance as the M2



Apple assiduously avoids terms like "artificial intelligence" in its press releases and the scripts for its events, and it's easy to understand why -- the term is politically loaded and intentionally vague. Not that "Neural Engine" is any less vague, as it implies if not AI, something parallel.

Ultimately, whatever you call the technology, it's all about making machine learning more efficient. Apple's Neural Engine is a cluster of compute cores known generally as Neural Processing Units (NPUs).

In the same way that Graphics Processing Units (GPUs) are specialized silicon designed to accelerate the display and processing of graphics information, NPUs speed the processing of Machine Learning (ML) algorithms and associated data. They're both distinct from the more generalized designs of CPUs, aimed at handling massive amounts of high parallelized data processing quickly and efficiently.

The iPhone 15 Pro's A17 Pro chip sports a Neural Engine with 16 cores, the same number of cores as the Neural Engine found in the M2 and M2 Max chips powering newer Mac models.

While the M2 neural engine can process 15.8 billion operations per second, Santhanam confirmed that the A17 Pro's is much faster.

"The Neural Engine is now up to twice as fast for machine learning models, allowing it to process up to 35 trillion operations per second," said Santhanam, describing the A17 Pro.

Edge computing, straight to the device



The global trend in cloud computing continues to emphasize development of edge networks which move data and compute capabilities out of monolithic data centers clustered in specific geographic areas, and closer to where the user needs the functionality.

By doing so, cloud computing services can deliver much faster performance and considerably lower latency (by reducing the round-trip time it takes for packets of data to travel). In fact, this functionality is absolutely vital to getting so-called "metaverse" -- a word that Apple will also never say out loud -- to work like its makers envision.

In some ways, Apple's development of ML capabilities in its own silicon reflect this emphasis on moving data closer to the user. As these Apple executives noted during the event, leaning on ML capabilities on the device provides both greater security and faster performance.

In that respect, the data privacy aspect of this almost seems like an afterthought. But it's really a central part of the message implied by Apple -- your data is safer on our devices than others.

Ultimately this is a big win for any consumer who's worried about who might see their personal information along the way.



Read on AppleInsider

Comments

  • Reply 1 of 18
    This is one of the most significant improvements with Siri. It might just be me, but I have noticed over the years that Siri takes longer responding to queries and the issue is not the internet connection, but what if it’s the internet providers slowing these down so that they don’t get a false positive mistaking them for a DOS attack?  Plus, are these queries using a lot of encryption and what kind of hit does it take performance wise?

    I have noticed that some of the new devices have thread capability, so does this mean future HomePods and Apple TVs will be able to function better with Homekit by using on-chip Siri on those devices?
    cornchipjahbladewilliamlondonjeffythequickAlex1Nwatto_cobra
  • Reply 2 of 18
    This on device processing is also important for bad or no internet connection situations.
    jahbladechasmjas99baconstangAlex1Nbeowulfschmidtwatto_cobra
  • Reply 3 of 18
    This on device processing is also important for bad or no internet connection situations.
    I dont have any issues of internet connection unless your in Timbuktu. W dual sim on different carrier helps a lot even in overseas. So this ON device processing is again an additional layer of availability of your request.
    williamlondonjas99
  • Reply 4 of 18
    mpantonempantone Posts: 2,065member
    The use of cloud services (or really anything on the Internet) is an exercise in risk assessment.

    The fact that the adjective "cloud" being used doesn't change anything. Hell, you could balance your checkbook on a standalone computer and still risk losing all of your records if the drive crashes, corrupts the data, and you have no backup.

    Nothing new here from Apple, just reiterating what needs to be repeated occasionally to a new generation (or oldsters who have somehow forgotten how things were 10-20 years ago).
    dewmeAlex1Nbeowulfschmidtwatto_cobra
  • Reply 5 of 18
    I would never store my passwords (or passkeys) in iCloud keychain – I am using Safe+ that allows password syncing using WiFi between my devices.
    williamlondonAlex1N
  • Reply 6 of 18
    mpantonempantone Posts: 2,065member
    xyzzy-xxx said:
    I would never store my passwords (or passkeys) in iCloud keychain – I am using Safe+ that allows password syncing using WiFi between my devices.
    That's less risk but not zero risk. There's still a small chance of an intruder snooping in on your private Wifi network (whether it be a person or some sort of malware installed on one of your devices, including your wifi router). This is far riskier on someone else's WAN, even a corporate wireless network managed by network administrators.

    Writing your passwords down on a sheet of paper and storing it in a fire safe is less risky but more inconvenient. This is easier to do if you're single. It's much more challenging to do in a family where people are sharing accounts, passwords, and services.

    Again, this is all about risk assessment and each person understanding the risks and accepting their decision to use/not use the network. It's a tradeoff between security and convenience. Time and cost are two other factors. There are probably more.

    Remember that even a password written on a piece of paper can be unearthed on the server (your bank, insurance company, brokerage account, school, webmail provider, airline, Netflix, whatever).

    And even if you don't use the Internet at all, your private data (name, SSN, DOB, sex, etc.) are still available on corporate machines like your bank, the government, healthcare providers, etc.
    edited September 2023 StrangeDaysAlex1Nwatto_cobra
  • Reply 7 of 18
    jfabula1 said:
    This on device processing is also important for bad or no internet connection situations.
    I dont have any issues of internet connection unless your in Timbuktu. W dual sim on different carrier helps a lot even in overseas. So this ON device processing is again an additional layer of availability of your request.
    Congratulations, not my experience though. I've had problems in subways, large crowds, US National parks, and other real areas. Areas with no cellular signal are not helped by having dual sims. Many areas of the US have no cellular service. I spent two weeks camping this summer, and not a single bar of cell service. I had to drive for miles for cell service good enough to have internet.
    jas99Alex1Nbonobobwatto_cobra
  • Reply 8 of 18
    xyzzy-xxx said:
    I would never store my passwords (or passkeys) in iCloud keychain – I am using Safe+ that allows password syncing using WiFi between my devices.
    That's really all a question of probabilities and risk assessments. iCloud Keychain is end-to-end encrypted, so not particularly risky. It is preferable over manually remembering or writing down passwords because of the tendency of people to leave such things lying around, and also because user-generated passwords are much more likely to be guessable, shorter, used repeatedly or varied based on a predictable pattern, etc. Additionally, Keychain recognizes sites where passwords are to be used, and thus won't offer them up if the user follows a link to a bogus site or lands on an opportunistic bogus site by mistyping the URL.  Safe+ might also be great, but of course, the fact that it syncs wirelessly means it's sending out (probably encrypted) data that can be intercepted. 
    Alex1NCelticPaddy
  • Reply 9 of 18
    jfabula1 said:
    This on device processing is also important for bad or no internet connection situations.
    I dont have any issues of internet connection unless your in Timbuktu. W dual sim on different carrier helps a lot even in overseas. So this ON device processing is again an additional layer of availability of your request.
    Come visit Vermont. The mountains block signal all the time. Or walk inside a brick building.
    edited September 2023 jas99williamlondonAlex1Nbeowulfschmidtwatto_cobra
  • Reply 10 of 18
    chasmchasm Posts: 3,328member
    xyzzy-xxx said:
    I would never store my passwords (or passkeys) in iCloud keychain – I am using Safe+ that allows password syncing using WiFi between my devices.
    Have you reviewed Safe+’s privacy policy? You may want to if you haven’t, and compare it to Apple’s iCloud privacy policy.

    I think you’ll find that iCloud’s encryption and lack of data collection policy differs VERY materially from most other providers — as in it’s better.
    jas99AppleZuluwilliamlondonAlex1Nwatto_cobra
  • Reply 11 of 18
    dewmedewme Posts: 5,413member
    mpantone said:
    The use of cloud services (or really anything on the Internet) is an exercise in risk assessment.

    The fact that the adjective "cloud" being used doesn't change anything. Hell, you could balance your checkbook on a standalone computer and still risk losing all of your records if the drive crashes, corrupts the data, and you have no backup.

    Nothing new here from Apple, just reiterating what needs to be repeated occasionally to a new generation (or oldsters who have somehow forgotten how things were 10-20 years ago).
    You are so right.

    Redundancy never went out of fashion. Wear it with pride. Also consider acquiring your redundancies from more than one supplier to avoid having all of your redundancies ripping in the same place. 
    Alex1Nwatto_cobra
  • Reply 12 of 18
    Microsoft Voice Command had this back in 2004.

    Contacts on your Windows Phone that you wanted to call, simply hold the button and say, "call Mike Jones on mobile"
    Voice command would instantly respond with "Call Mike Jones on mobile?"
    I respond, "Yes"
    and the call would go through.

    The whole idea of having my voice be telegraphed to some computer for processing 20 (it was November 2003 when Voice Command was released) years later is a bit ludicrous, especially when the Windows Phones at the time were still 5 years behind the first iPhone.

    Voice recognition isn't new, by any stroke of the imagination.

    The phone I had was pretty tricked out.  I had the HTC TyTN, with 64MB of RAM and I did put Voice Command on my 128MB SD card.
    Alex1N
  • Reply 13 of 18
    jfabula1 said:
    This on device processing is also important for bad or no internet connection situations.
    I dont have any issues of internet connection unless your in Timbuktu. W dual sim on different carrier helps a lot even in overseas. So this ON device processing is again an additional layer of availability of your request.
    Congratulations, not my experience though. I've had problems in subways, large crowds, US National parks, and other real areas. Areas with no cellular signal are not helped by having dual sims. Many areas of the US have no cellular service. I spent two weeks camping this summer, and not a single bar of cell service. I had to drive for miles for cell service good enough to have internet.
    I’ve been considering a separate Esim for uk train journeys. One on say 3 and the other on say EE. Looking at the coverage maps on ofcom, they compliment each others coverage. Thing is, not sure how fast switching between networks is, especially at 125 mph…
    Alex1Nwatto_cobra
  • Reply 14 of 18
    jfabula1 said:
    This on device processing is also important for bad or no internet connection situations.
    I dont have any issues of internet connection unless your in Timbuktu. W dual sim on different carrier helps a lot even in overseas. So this ON device processing is again an additional layer of availability of your request.
    Congratulations, not my experience though. I've had problems in subways, large crowds, US National parks, and other real areas. Areas with no cellular signal are not helped by having dual sims. Many areas of the US have no cellular service. I spent two weeks camping this summer, and not a single bar of cell service. I had to drive for miles for cell service good enough to have internet.
    I’ve been considering a separate Esim for uk train journeys. One on say 3 and the other on say EE. Looking at the coverage maps on ofcom, they compliment each others coverage. Thing is, not sure how fast switching between networks is, especially at 125 mph…
    It has been over a decade since I lived in Europe, so I can't help you there.
    williamlondonwatto_cobra
  • Reply 15 of 18
    xyzzy-xxx said:
    I would never store my passwords (or passkeys) in iCloud keychain – I am using Safe+ that allows password syncing using WiFi between my devices.
    The Keychain is encrypted 
    williamlondonwatto_cobra
  • Reply 16 of 18
    xyzzy-xxx said:
    I would never store my passwords (or passkeys) in iCloud keychain – I am using Safe+ that allows password syncing using WiFi between my devices.
    The Keychain is encrypted 
    Not only that, the passwords in your keychain are double encrypted (with a decryption key stored only in your personal devices' Secure Enclave) so that Apple can't view them even after the session encryption between you an Apple is finished. I have no idea if the people who make Safe+ do the same thing. For all I know, Safe+ has unencrypted access to your passwords on their servers, much like VPN companies have unencrypted access to all your data once your traffic reaches their servers. And it seems to me that Safe+ is a German company. That's definitely not as bad as a Chinese company, but I don't want to start studying German or EU privacy laws. If you are American, you probably want your passwords protected by an American company.
    appleinsideruserwatto_cobra
  • Reply 17 of 18
    jfabula1 said:
    This on device processing is also important for bad or no internet connection situations.
    I dont have any issues of internet connection unless your in Timbuktu. W dual sim on different carrier helps a lot even in overseas. So this ON device processing is again an additional layer of availability of your request.
    Come visit Vermont. The mountains block signal all the time. Or walk inside a brick building.
    There is almost nowhere in the U.S. that doesn't have a region, however small, with low or no coverage.  The county in which I live in Kentucky has towers spaced out at just about the maximum range, because people don't want towers in their back yards, and since this county is one of the richest, per capita, in the state, and not far off in the entire nation, Fiscal Court is fairly restrictive on approving new ones.  Even the next county over, the most populous in the state, has a number of no to low coverage spots.

    Even in areas with blanket coverage, outages occur.  As well, if one's phone is in airplane mode for whatever reason, it would be nice to be able to use Siri.
    watto_cobra
  • Reply 18 of 18
    Microsoft Voice Command had this back in 2004.

    Contacts on your Windows Phone that you wanted to call, simply hold the button and say, "call Mike Jones on mobile"
    Voice command would instantly respond with "Call Mike Jones on mobile?"
    I respond, "Yes"
    and the call would go through.

    The whole idea of having my voice be telegraphed to some computer for processing 20 (it was November 2003 when Voice Command was released) years later is a bit ludicrous, especially when the Windows Phones at the time were still 5 years behind the first iPhone.

    Voice recognition isn't new, by any stroke of the imagination.

    The phone I had was pretty tricked out.  I had the HTC TyTN, with 64MB of RAM and I did put Voice Command on my 128MB SD card.
    All voice recognition is not the same. Microsoft Voice Command was very limited in what it could do, and required the user to be literal and specific. "Call Mike Jones on mobile" would get a "try again" response if he was listed as Michael Jones in your contacts. "Call my brother" would never get beyond "try again," and you'd certainly never be asked to identify who you brother is for future reference.

    The point of sending Siri commands to "some computer for processing" is to allow for far more sophisticated computational work to be applied in order to allow for different accents, interpretation of varied ways of stating commands, and for a significantly wider variety of tasks to be carried out. In 2003, sending voice commands over the cellular/wireless internet for processing wasn't even possible. BlackBerry was still cranking email through its proprietary centralized email system in order to minimize the use of a very, very limited capacity for data transmission over cellular networks.

    By 2011, the calculus had flipped. With increased bandwidth, transmitting voice commands over the cellular internet for offsite processing allowed for significantly more robust voice recognition and linguistic interpretation than could have been handled by an A5 chip in an iPhone 4S.

    Now, with significantly greater processing power in portable devices, things can flip again, and Siri commands can effectively be processed on-device without a loss of computational capacity. This, in turn, allows for the higher level of data security inherent in not transmitting the voice command data at all.
    bonobobmuthuk_vanalingamwatto_cobra
Sign In or Register to comment.