Privacy Roundup from Summer Developer Conference Season 2024

Ahh, summer. A time for hot dogs, swimming pools, and software developer conferences. For third-party application developers to deliver new tools with the best features for the lucrative fall quarter, they must have access to all the APIs and tools by the summer before. This has meant that early summer has become known as a time for announcements from the major big tech platforms.

Anyone even remotely adjacent to the tech industry can probably tell you the main takeaway emphasized by Google, Microsoft, and Apple in their respective developer conferences using just two words: Artificial Intelligence. If the last couple of years have been building hype for AI, this summer’s developer conference season may be seen as a turning point from research to reality, as all three companies emphasized significant investments to bring AI to practically every platform. Google, Microsoft, and Apple all announced major new developments and initiatives around AI that impact privacy.

Taken holistically, three main takeaways emerge for privacy professionals from the announcements made this summer, and we’re going to cover each of them. First, every platform will have some AI integrations that require privacy risk analysis. Second, privacy risks from AI are more likely to be realized because AI will be an integrated system-level feature rather than an application-level or user-level add-on. Third, major privacy-relevant announcements were not limited to AI, but include changes to password management and advertising on Apple systems.

AI is front and center for all platforms, with a significant focus on hardware advancements that can limit privacy risks

Google, Microsoft, and Apple each advanced a vision of multi-model AI as a central focus for developers and users of their platforms, including through deep integrations of AI into existing software and hardware. As the platforms prioritize AI, these updates will also impact the shape of privacy protections that users expect in years to come. For example, smaller AI models that can be executed locally and hardware advancements that enable on-device processing can limit privacy risks by eliminating the need to share data with cloud providers or third parties to take advantage of AI capabilities. 

Google’s vision presented at I/O emphasized their development of LLMs at a variety of sizes, from Gemini Ultra (a large but slow model capable of handling inputs with multiple millions of tokens) to Gemini Flash (a lightweight, fast, and efficient model that is only capable of handling more limited inputs). Google also announced a series of LLM-based AI models designed to fill the gap between these two, including a general purpose model (Gemini Pro); an embeddable model that will be built directly into Google’s Chrome browser and could allow web developers to perform queries without requiring a network connection (Gemini Nano); a text-to-video generation model (Veo); and a new iteration on their text-to-image generation model (Imagen 3). Google engineers have also announced several open models (Gemma 2B and 7B; CodeGemma; and PaliGemma). The privacy tradeoff of model size is this: the smaller the model, the easier it is to operate locally. Large models are more efficiently operated in a cloud environment as a service, requiring data to be transferred to a third-party.

Google also emphasized the capabilities for each of their models. With the exception of Veo and Imagen 3, Google’s models are natively multi-modal. Multi-modality means that each tool will have the capacity to interact in text, images, audio, or other input modalities. This shift is part of a larger trend of integrating AI into a variety of form factors, that also brings new challenges related to transparency and accuracy. Google also emphasized context size for each model. Context size refers to the amount data that can be provided to an AI model, with a larger context size generally leading to more coherent and responsive results. Sissie Hsiao said during the Google I/O Keynote that this large context window will allow people to “tackle complex problems that were previously unimaginable.” The more capable the model, the more data privacy concerns are implicated because a more capable model can treat a wider range of data as valid inputs.

Meanwhile, Microsoft and Apple emphasized deep integrations of AI into existing software and hardware. Microsoft’s vision may have best been summarized by Satya Nadella in an interview with the Wall Street Journal after Microsoft Build where he said: “The future I see is a computer that understands me versus a computer that I have to understand.” This vision was also among the first things Nadella mentioned in his keynote, and it was emphasized with both hardware integrations and Windows integrations of AI. At WWDC, Apple’s announcements centered on “Apple Intelligence,” which follows an approach Apple has developed as part of their culture of “start[ing] with the customer experience and work[ing] backwards to the technology”. Microsoft and Apple also announced separate partnerships with OpenAI, making OpenAI’s announcement of GPT-4o worth following closely because it will be integrated in both the Microsoft and Apple ecosystems.

In presenting their new developer tools, all three companies emphasized a focus on “responsible AI.” Google outlined several new and expanded safeguards for AI at Google I/O. Microsoft held a breakout session on responsibly operationalizing AI and highlighted their Responsible AI Transparency report released earlier in the month. Apple tied their Apple Intelligence approach to their four principles for responsible AI development. If AI is to be a part of every user’s typical daily use of computing systems, then it must be done responsibly.

Each company made this clear and outlined the implications of this for developers using their tools. For example, any cloud-based approach to AI highlights the fundamental privacy tension at the core of AI-based computing: the more data the AI has access to, the better the results it can provide. On-device processing limits the personal data sent to third parties to produce AI-based results. However, an on-device approach is limited by the model size and computational capabilities of the hardware, but it can handle less complex queries with fewer privacy and security implications. Based on the announcements and developer tool lineups, all three companies understand and are attempting to account for these tradeoffs.

More AI tools being integrated as system-level features will bring novel privacy challenges for platforms

Google, Microsoft, and Apple have laid out a vision of AI that is deeply integrated into many products and features, including many system-level integrations. System-level integration, whether done with embedded AI models, hardware-supported AI, or operating system integrations, may bring benefits to both developers and users. Users may benefit from system-level summarization or re-writing tools, for example. Developers unfamiliar with AI but using system-provided software developer kits may be able to incorporate these integrations with minimal configuration and coding. At the same time, system-level AI integrations add challenges for platforms seeking to navigate how to communicate and record consent preferences for the flow of information needed to power such features, particularly in the context of workplace-assigned or government-assigned devices.

Microsoft’s hardware integrations and Windows integrations were central to their pitch to developers on their support for AI. Let’s start with hardware integration because more AI-capable local hardware means less data would have to leave the device for third party AI services. Microsoft is using the Snapdragon X Elite and Snapdragon X Pro line of chips on their newly-announced CoPilot Plus PCs and Surface Pro devices. For comparison, Apple’s M4 Neural Engine is capable of 38 trillion operations per second, whereas the neural processing unit in the Snapdragon X Elite is capable of 45 trillion operations per second. Microsoft’s support for and inclusion of this line of chips in their upcoming products signals both their seriousness about hardware integration for AI tasks and their recognition that on-device processing is a win for privacy and security.

The other clear focus of Microsoft’s announcements is Windows integration. Building AI into the operating system makes it easier for developers to take advantage of the technology and easier for users to have consistent expectations about how their data will be used. Nadella compared their announcement of the Windows Copilot Runtime, which is a system-level set of libraries that software developers can use to integrate AI into their native Windows applications, to the Win32 libraries that have been core to Windows application development since the mid 1990s. Better integration of AI leads to more use of AI, raising the stakes of AI-focused privacy risk analysis.

Similarly, Apple’s on-device processing can be seen in a handful of tools, including Image Playground, a tool for generating images in a restricted set of styles that is available system-wide and accessible anywhere that an image could serve as a valid input, including Messages. Apple also introduced on-device, system-wide, text tools for language, including proofreading, rewriting, and summarizing text. On-device photo and video editing and curation tools round out their consumer-facing take on AI. Note that these on-device AI examples are less open-ended and more task- or use case-oriented, making privacy tradeoffs clearer.

Apple’s changes to Siri are perhaps the clearest example of Apple’s focus on system integration. First released in 2011, Apple has announced major changes to Siri to support a more integrated user experience with two clear privacy protections for cloud-based AI. Apple’s first privacy protection is called Private Cloud Compute, which isolates computation to provide data protection during cloud-based computations. The details of this architecture are complex, but the goal is simple: to provide the most trustworthy “Apple Intelligence” experience possible. Apple’s second cloud-based AI privacy protection relates to their announced partnership with OpenAI to handle queries that cannot be performed within the Apple Intelligence ecosystem. Siri will prompt users before sending any data or queries to OpenAI, making users aware of any OpenAI processing before it happens.

Key data privacy principles, including data minimization, purpose limitation, and respect for data context (i.e., recognition of data as sensitive or non-sensitive) can sometimes be in direct tension with always-accessible AI services, particularly those that would send input information to third-party servers as context for an AI prompt. In some cases, AI features being announced will rely on strictly on-device processing or processing within a trusted execution environment. In others, however, the data may be sent to the platform to process queries or requests, but that transfer may not always be obvious with respect to basic system-level integrations, even if the transfer may contain confidential or personal information that would implicate data protection laws.

As AI services are more widely used, the amount and scope of data provided to them in the form of user queries from the products and systems that support them will grow, raising overall organizational risk while simultaneously making on-device processing a more valuable risk mitigation tool. Privacy professionals will have to consider carefully whether and how to enable these services for their organizations, especially with respect to workplace and government-assigned devices, while individuals will have to be cognizant of what data is required for their interactions with AI interfaces, particularly when working on a business-owned computer.

Major privacy announcements aren’t limited to AI

Amongst so much AI-related news, there were two significant announcements from Apple unrelated to AI but that directly impact privacy: Apple Passwords, and AdAttributionKit.

Apple introduced a new Passwords application, which replaced iCloud Keychain and competes more directly with third-party applications like LastPass and 1Password. Anyone interested in locking or hiding applications on their iOS device, will soon have the ability to hand their phone to someone else and be assured that sensitive data and applications will remain protected. Passkeys will get another opportunity to replace passwords as Apple will enable by default a new feature to automatically transition from passwords to passkeys on iOS and macOS.

Finally, an Apple announcement with serious impact for privacy professionals: Apple introduced AdAttributionKit, which introduces a new approach for advertising attribution on both iOS and the web. It can be configured to work with SKAdNetwork but it has been received as a replacement for all attribution functions. All data involved is subject to “crowd anonymity,” which is Apple’s approach to privacy protection by adding statistical noise to potentially identifiable data. Apple has also made this framework app store agnostic, which means that it should allow attributions for advertisements on apps installed via alternative app marketplaces. This aligns with efforts from other large platforms to navigate new solutions for advertising that are less reliant on sharing third-party data across the advertising ecosystem. At the same time, it solidifies some of the differences between Apple’s approach and that taken by Google, which recently announced a shift in direction for deprecation of third party cookies.

Summary

Major developer conferences showcased AI as the dominant theme this summer, with Google, Microsoft, and Apple each announcing significant AI integrations across their platforms. Privacy professionals face challenges in assessing AI-related privacy risks, and those challenges must be addressed as AI transitions from isolated applications into deeply embedded system functions.