Apple's Erik Neuenschwander details privacy policies & feature in new interview

Erik Neuenschwander

Apple head of user privacy Erik Neuenschwander discussed the Cupertino tech giant's privacy policies and protections in a new deep-dive interview for Data Privacy Day.

Neuenschwander sat down with Rene Ritchie to discuss the company's privacy goals, as well as the mechanisms and policies it implements to reach those goals. In the interview, the privacy chief reiterated Apple's commitment to keeping its users' data safe, secure, and away from prying eyes.

For example, the Apple executive said that the company's pro-privacy stance has a long legacy dating back to Steve Jobs, and comes from its goal of putting the customer first.

"In that respect, when we think about our customers, we think about privacy being a fundamental human right," Neuenschwander said. "And how the only way that you're going to realize that is by designing it into everything that we build."

Neuenschwander then spoke about Apple's specific privacy policies. The company thinks about keeping user data private in a three-step system, which includes data minimization, control and transparency, and security.

For example, features like on-device intelligence allow Apple to minimize the amount of data it collects. Neuenschwander added that, if the company does collect data, it ensures that the user has control and insight into how and why that data is used. Security features like end-to-end encryption keeps data private from malicious actors or authoritarian governments.

Apple CEO Tim Cook echoed this commitment to privacy in a tweet about Data Privacy Day. He calls privacy a fundamental human right, a mantra often used by Cook when discussing the topic.

We believe privacy is a fundamental human right, and the best technology is one that people can trust. At Apple, we're constantly innovating to give our users more control over how their data is used and the choice with whom to share it. #DataPrivacyDay
— Tim Cook (@tim_cook) January 28, 2022

The Apple privacy chief also detailed some of the company's other privacy features, including the App Tracking Transparency mechanism that stops apps from tracking users across other apps and websites, and Hide My Email, which gives users more granular control over which companies or sites get access to their actual email address.

Ritchie's full interview with Neuenschwander clocks in at about 19 minutes and is well worth a watch for anyone interested in Apple's privacy and security policies.

Follow AppleInsider on Google News

4 Comments

patchythepirate

said about 2 years ago

I wish there was some dramatic way Apple could get the word out about how much better they are at privacy, security, and safety. No matter how many nuanced and interesting presentations and interviews they do, every normie I talk to says, "eh, they're all the same," and somehow even have conviction about it and continue to disagree with me even if I clearly explain why that's not the case.

I think the underlying psychology is along the lines of: "it's easier to fool a person than show them they've been fooled."

I wonder how Apple can get it to sink in, maybe an obnoxiously large ad campaign that normies can't help but see? Making points like, "giving up privacy is giving up your voice," "Own Your Identity," "Own Your Voice," possibly also, "everyone deserves the right to privacy," or maybe even more on the nose, "privacy is a fundamental human right." Followed by a simple list: "Apple does not sell or track your: Purchases with Apple Pay/Card, your Photos, your Gender, your Sexuality, your facial features, your browsing history, your texts, your voice calls, your video chats, [etc]."

They could also do something funny, like the the old mac vs pc commercials with Justin Long; have Apple Guy vs The Other Guy, eg:

Apple Guy: Hey look at all the cool ways I can enjoy my photos and share them.

The Other Guy: Mine is cool too, look!

Apple Guy: Hmm, I guess that's cool [being polite]. Hey, uh, what's that under your arm?

The Other Guy: Oh, this? [pulls out huge scroll that flops to the floor.] This is just the terms of service for my photo service, I decided to print it out so I can skim it. Let's see here, [looks at scroll] it says I can upload unlimited photos!

Apple Guy: What's that? [Points to spot on scroll]

The Other guy: Oh, that's nothing, it just says they are the ones that actually own my photos and can use them for whatever they want, or sell them, or track my facial ID and compare it with photos from other people to see who I associate with, and.. hmm, well, uh, anyway, did you know if you saute spinach it helps to bring out the trace minerals."

bobolicious

said about 2 years ago

'Apple doesn't possess that special key to read the data' ? (5:35)
I understood Apple has a key to every account: fixitalready.eff.org/apple/#/
www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT

email remains unencrypted per "iCloud does not encrypt data stored on IMAP mail servers." support.apple.com/en-us/HT202303
At last check Photos auto tags every image for search - where is a global off switch...?
Why are iCloud servers required to sync local hardware ?
Apple tech confirmed Apple Watch (with biometric data) requires iCloud to (function) sync... Is this 'privacy by design' (7:15)
Is S/MIME the only Apple independent (7:30) option and could this be more easily facilitated ? www.mailbutler.io/email-tracking/
Why does remote wipe require 'Find My iPhone' location tracking to be enabled - quid pro quo 'by design'...?

Also there is the question of all the contact data & even profile photos that others put in the Contacts app without one's knowledge and is being synced remotely aka uploaded to Apple iCloud servers...?

www.forbes.com/sites/theopriestley/2015/08/24/did-apple-lie-about-your-privacy/?sh=73feef432b09
"It's clear that Apple doesn't want to get to know you to sell your data to third parties, but it doesn't mean it doesn't want to get to know you for their own purposes."
"Ultimately, over time, this device-based strategy will prove Apple's undoing as it eventually admits it does need your personal data. It has accessed your personal data. And has done all along."

appleinsider.com/articles/21/12/08/apple-reportedly-allowing-looser-adherence-to-ad-privacy-rules-requirements
www.thelavinagency.com/speakers/shoshana-zuboff
thebaffler.com/latest/capitalisms-new-clothes-morozov

"Apple CEO Tim Cook continues to pound the idea that Apple “believe[s] strongly that privacy is a basic human right.” Alphabet/Google claims similar high-mindedness. In an opinion piece posted on the same day, the Financial Times’s Brooke Masters notes that it is “risky to rely on [Apple’s or Alphabet’s] noblesse oblige,” citing Harvard law professor Shoshana Zuboff: “These commitments change with the market winds. The only thing that matters is law.” 247wallst.com/technology-3/2021/11/01/whats-up-with-apple-10-billion-for-privacy-ar-headset-coming-and-more/

Is there a lot to consider including care in interpreting the language used to describe 'policy' vs potential 'by design' that leaves reliance entirely on policy that is 'subject to change' or worse yet a hack...?

Would offering a remote user mac Apple Server Application (apps.apple.com/us/app/macos-server/id883878097?) to offer remote distributed in house sync (or even local direct connected device sync) be more private solutions for all concerned, not unlike the web itself that was designed to be 'distributed' and thus less vulnerable to attack or surveillance ?

Perhaps I am missing something...?

robaba

said about 2 years ago

Individual servers more resistant to breach? I guess if you depend upon security-by-obscurity. No way I as a in-expert consumer has as much network security as Apple can hire on my behalf.

patchythepirate

said about 2 years ago

bobolicious said:

'Apple doesn't possess that special key to read the data' ? (5:35)
I understood Apple has a key to every account: fixitalready.eff.org/apple/#/
www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT

email remains unencrypted per "iCloud does not encrypt data stored on IMAP mail servers." support.apple.com/en-us/HT202303
At last check Photos auto tags every image for search - where is a global off switch...?
Why are iCloud servers required to sync local hardware ?
Apple tech confirmed Apple Watch (with biometric data) requires iCloud to (function) sync... Is this 'privacy by design' (7:15)
Is S/MIME the only Apple independent (7:30) option and could this be more easily facilitated ? www.mailbutler.io/email-tracking/
Why does remote wipe require 'Find My iPhone' location tracking to be enabled - quid pro quo 'by design'...?

Also there is the question of all the contact data & even profile photos that others put in the Contacts app without one's knowledge and is being synced remotely aka uploaded to Apple iCloud servers...?

www.forbes.com/sites/theopriestley/2015/08/24/did-apple-lie-about-your-privacy/?sh=73feef432b09
"It's clear that Apple doesn't want to get to know you to sell your data to third parties, but it doesn't mean it doesn't want to get to know you for their own purposes."
"Ultimately, over time, this device-based strategy will prove Apple's undoing as it eventually admits it does need your personal data. It has accessed your personal data. And has done all along."

appleinsider.com/articles/21/12/08/apple-reportedly-allowing-looser-adherence-to-ad-privacy-rules-requirements
www.thelavinagency.com/speakers/shoshana-zuboff
thebaffler.com/latest/capitalisms-new-clothes-morozov

"Apple CEO Tim Cook continues to pound the idea that Apple “believe[s] strongly that privacy is a basic human right.” Alphabet/Google claims similar high-mindedness. In an opinion piece posted on the same day, the Financial Times’s Brooke Masters notes that it is “risky to rely on [Apple’s or Alphabet’s] noblesse oblige,” citing Harvard law professor Shoshana Zuboff: “These commitments change with the market winds. The only thing that matters is law.” 247wallst.com/technology-3/2021/11/01/whats-up-with-apple-10-billion-for-privacy-ar-headset-coming-and-more/
Is there a lot to consider including care in interpreting the language used to describe 'policy' vs potential 'by design' that leaves reliance entirely on policy that is 'subject to change' or worse yet a hack...?

Would offering a remote user mac Apple Server Application (apps.apple.com/us/app/macos-server/id883878097?) to offer remote distributed in house sync (or even local direct connected device sync) be more private solutions for all concerned, not unlike the web itself that was designed to be 'distributed' and thus less vulnerable to attack or surveillance ?

Perhaps I am missing something...?

Excellent list of points and questions, thanks for putting all that together. I suppose it's quite a bit more difficult than I hoped for Apple to make some dramatic statements, which may need quite a few caveats and conditions that would take away from the impact and make it hard to convince others. I suppose the best way then is to loudly and frequently talk about the things they are doing, like Private Relay, blocking email fingerprinting (or whatever it's called), device encrypted content and messages (and facetime?)(but not email it seems), etc. It does seem like Apple is making efforts to put as much of the 'intelligence' (biting my tongue here) on device, hopefully without even a need to have device-associated cloud processing, although this may be pretty difficult for some things.

The photo searching thing for pedophile pic matches seems to be insulated for privacy protection outside of this particular context, but I can see how people see this as a slippery slope.

In short, I hope Apple can make and boldly promote some dramatic statements that will get people talking and asking the right questions, even if there's caveats that need to be explained. Apple may bloody itself a bit, but all of it's competitors will be badly bruised and beaten. But at least I think it makes sense to start doing more ads about the privacy issues, particularly where Apple is clearly superior, such as the example I mentioned. I think it'd also help if it was funny, as I attempted to do in my makeshift skit example.