Privacy is a fundamental human right. From Tim Cook at the very top to engineers on the front line, this belief permeates Apple and drives the company's product development process every bit as much as the technology itself. As much as Apple is designing for experience and for accessibility, the company is also designing for privacy.

Apple's belief in privacy is made manifest again today with the launch of an updated version of and the release of white paper explaining the privacy and security safeguards behind the company's new Face ID biometric identity system.

I had the chance to talk with Apple ahead of the new site going live and came away impressed. Not with the focus, because I've come to expect that, but with the depth and thoughtfulness of how privacy and security were being considered across teams and from the very beginning of product development.

New features aren't simply created and then handed off to a "privacy and security team" mandated to shellack a thin veneer of legalese on top. Privacy and security are intrinsic parts of the process, from hardware to software, on-device and through Apple's servers.

Why Apple's stance on privacy matters

Because of their business models, Google, Facebook, and similar companies build and retain complex information models about us, including our behavior and our relationships.

They claim not to share or sell that data, but through their advertising systems, they share and sell insight into users. We can quibble about how much and what patterns can be derived from them, but when you see an ad for a product you'd previously searched for, or you see your photo used in an ad, you feel exposed.

What's more, the simple act of keeping all that information, whether for themselves or for their advertising customers, is a vulnerability. The potential for abuse, no matter how unlikely, is staggering:

  • "Which way are you going to vote? If you thought information about your web history would be made public, now which way would you vote?"
  • "You are transacting business in our country. Your servers will be made available to us. You will show us all interactions between individuals on the following lists…"
  • "Hey, let's see what your ex is up to…"

The examples above are extreme and safeguards no doubt exist to try and prevent such exploits. But this isn't FUD. Google has stolen Wi-Fi data in the past. Uber has tracked people without their knowledge. Government agency contractors have snooped outside the bounds of law and morality. This is a real, valid concern.

The only way to absolutely prevent the abuse and disclosure of personal data is not to store that data. Google, Facebook, and other large data harvesting companies simply can't do that. But Apple can.

Apple, because of its own business model, has no need to persist our data, our behavior, and our relationships on its servers. What's more, by virtue of the company's belief in privacy and security, it wants no part of our data. Instead, it encrypts our data end-to-end in transit and purges it as quickly as is practical.

Take some of the new features like Siri and Faces (in Photos) sync. For years, Apple has stuck to on-device data because, by definition, it is more private and secure. But it's not more convenient, especially when you have to retrain Siri or re-identify photos every time you switch devices. So, now, Apple is doing secure, private sync between devices.

It's different than typical sync where the single truth lives on the server and all your devices sync to that truth. That leaves the truth exposed and vulnerable on the server. Apple's implementation encrypts the data end to end and then moves transist it via a secure version of CloudKit, the infrastructure behind iCloud.

Apple doesn't store anything and doesn't even "see" anything aside from the encrypted blobs going through the system. Only devices you've set up with your Apple ID have the keys to decrypt and make use of the data.

The services that Apple offers are also in silos, so data — and potentially identifying patterns — can't pass between them. It's part of what lets Apple scale technologies like differential privacy from detecting trends in the QuickType keyboard to detecting trends in bad websites on Safari and data types in Health.

Best of all, by continuing to publish privacy and security policies and white papers, and rolling out technologies like differential privacy and neural networks for Face ID, Apple invites scrutiny. The more people examine, probe, push back, and find bugs, the more Apple has to live up to and improve. Standards are meaningless of you're not continually held up to them.

The downside of privacy-first

It takes Apple longer to implement secure, private versions of popular services like assistant or photo sync, and the company has yet to implement all the services Google and even Facebook offer "for free".

(I put "for free" in quotes because nothing is for free. Data is more valuable than money. It's so valuable, these companies spend billions of dollars to harvest it and, instead of paying us for it, convince us they're doing us a favor by letting us give it to them for their services.)

Critics have said Apple's policies on privacy and security keep means the company will never catch up to its rivals. Of course, critics said the same thing about artificial intelligence, then Apple debuted A11 Bionic, silicon three years in the making.

The point is valid, though: Apple is deliberately sacrificing expediency for privacy. From Apple's point of view, privacy is inextricably linked to making the product great. And the company will take time to make what it believes are great products. That frustrates some but it comforts others.


I still use Google for work and Facebook for real-life friends and relatives but I lock them down as much as possible. For all my personal stuff, though, I use Apple. I may be missing out on some features and conveniences, but it's currently worth it to me.

As someone who covers consumer technology, I'm glad there is that choice. As a consumer, I'm glad I have that choice.