Skip to content

Apple’s AI Partnership with Google Raises Questions About User Privacy

Cupertino, California—Apple has announced that its long-delayed Siri upgrade, now called ‘Siri AI,’ will use Google’s Gemini language models. What this means for user privacy is a topic of discussion among tech enthusiasts and experts alike.

The company confirmed at its Worldwide Developers Conference (WWDC) yesterday that Siri AI will run on Nvidia hardware installed in Google servers. However, Apple is still making the same promises about user privacy it did before, when all of its AI models were either running locally on devices or on Apple-controlled server hardware.

For years, Apple has touted user privacy as a key benefit of using its platforms. Its cloud services use encryption that’s intended to keep other people—including Apple employees—from being able to gain access to it. And the company has long advertised its use of on-device processing for things like scanning images, keeping as much data as possible from leaving your device in the first place.

But with Apple Intelligence, Apple has run up against the limits of its own hardware. The kinds of language and reasoning models that can run locally on an iPhone or Mac are relatively small, limiting their capabilities and accuracy. Apple’s Private Cloud Compute system was a partial solution but relied on Apple’s own server hardware; to get the kind of capacity it would need to support Siri AI, Apple would have had to commit to a huge data center buildout that it has so far avoided.

Apple’s Craig Federighi and other Apple executives got on a smaller stage after the WWDC keynote to explain to the press and other media how it planned to preserve user privacy while still getting the kind of compute capacity it needed. “This is the amount of the Google system we use, which is none,” says Federighi, standing in front of a blank slide in a much more intimate theater than the giant outdoor auditorium where he had introduced CEO Tim Cook a couple of hours before.

Federighi has just outlined a ‘traditional chatbot architecture’—a client app running on your device that reaches out to cloud-based models running on third-party servers. Those models can then reach out to Google Search or something similar “to [ground themselves] in world knowledge.” Apple’s system still depends on an on-device model for simpler queries.

For ‘more sophisticated’ questions, your device will contact cloud-based models, again co-developed by Apple and Google: a general-use model called AFM 3 Cloud, an image-generation model called ADM 3 Cloud, and an advanced model called AFM 3 Cloud Pro for “agentic tool use and complex reasoning.” The first two models, Apple says, still run on Apple’s silicon on Apple’s servers. The Cloud Pro model is the one running on Google-owned Nvidia hardware.

To do this while still making the same privacy promises, Apple has introduced a new iteration of Private Cloud Compute, this one designed to run on third-party hardware. Apple is using Nvidia’s Confidential Computing, Intel’s Trust Domain Extensions, and Google’s Titan security chip to provide layers of protection similar to what Apple provides for its own servers.

To provide additional protection, Apple keeps ‘a cryptographically verifiable, append-only ledger of all Google Cloud hardware that is part of the PCC fleet,’ and Apple’s devices will only trust software on these servers that is signed by Apple. The Google Cloud servers don’t yet support all the same protections as Apple’s own Private Cloud Compute servers, but Apple says it ‘will be gradually ramping towards the complete set of protections throughout the summer preview period.’

Important decisions, like which model to use and what apps have access to what data, are handled by an on-device feature Apple calls the ‘System Orchestrator.’ Among its duties is making sure that only the data needed to answer a user query is sent off-device in the first place (your device could generate an answer about a recipe you were sent in the Messages app, for example, without getting information about the person who sent it to you, when they sent it, or why they were sending it).

“While we absolutely minimize what is sent up to PCC, the critical thing about PCC is, architecturally, that’s at that point an efficiency measure,” said Federighi. “Because PCC itself, by design from the ground up, is going to vaporize any record of that data the moment after it answers your question… This is not stored. It’s all in a form where it’s completely transient.”

Source: Original article

Leave a Reply

Your email address will not be published. Required fields are marked *