Apple Intelligence took center stage at this year’s Worldwide Developers Conference (WWDC) 2023, highlighting new artificial intelligence (AI) features that will debut with the upcoming iOS 18, iPadOS 18 and macOS Sequoia. During the event, the tech giant revealed that some of the processing for the AI features will be done on-device, while more complex tasks will be handled by its Private Cloud Compute (PCC) system. Apple also shared details about its PCC architecture and stated that there is a strong focus on data privacy and security.
Apple shares details about Private Cloud Compute
Craig Federighi, senior vice president of software engineering at Apple, said during the event, “Your data is never stored or accessed by Apple.” While Apple Intelligence has created a sense of curiosity among many users, some are also skeptical about the company’s ability to live up to these claims. Among them was Tesla CEO Elon Musk who posted on X (formerly known as Twitter), “Apparently absurd that Apple is not smart enough to build its own artificial intelligence, but is somehow able to ensure that OpenAI will protect your security and privacy! “. Specifically, Apple has stated that it uses its internal AI models for both on-device and server-based computing.
Now Apple has shed more light on how its Private Cloud Compute will work in a blog post. Explaining data security issues with traditional cloud servers, the tech giant claimed it was building a custom infrastructure with key changes to protect user data. There are three important pillars — stateless computing, non-targeting and verifiable transparency.
Stateless Computing Private Cloud Compute
Traditionally, cloud servers have a simple workflow. The data is pinged to the servers where the cloud computers first log it using the user’s credentials. This allows servers to ping information back to the user after running a task. Cloud servers also store some or all of the data to offer the user as a backup, in case the data is requested again (due to file corruption or accidental deletion). This also helps to optimize costs as the servers do not have to recalculate the data.
In contrast, Apple said its Private Cloud Compute runs “stateless data processing” where the user’s device sends data to the PCC only for the purpose of fulfilling the user’s inference request. It also claimed that user data remains on the server only until it is returned to the device and “no user data is retained in any form after the response is returned.” The company added that user data is not retained even through logging or debugging.
He also argued that even Apple staff with privileged access to the runtime could not circumvent the guarantee of stateless computation.
Non-targeting of Private Cloud Compute
Cloud servers also face external threats from hackers and bad actors trying to find vulnerabilities to breach the system. Apple said it has developed two measures to defend user data from attackers.
First, the tech giant uses protections for Apple silicon and other related hardware to ensure that hardware attacks are rare. Because of Apple’s experience in running cloud operations, it has developed hardware that narrows the possibility of cyberattacks. It further added that any hardware attack at scale would be “prohibitively expensive and likely to be detected”.
For small-scale attacks, Apple claims that its extensive revalidation in data centers (once data arrives and before it reaches cloud computing for processing) ensures that hackers cannot target a specific user’s data.
“To protect against smaller, more sophisticated attacks that might otherwise escape detection, Private Cloud Compute uses an approach we call targeted diffusion to ensure that requests cannot be routed to specific nodes based on users or their content,” added the tech giant
Verifiable transparency of Private Cloud Compute
Finally, Apple invites security researchers to verify the end-to-end security and privacy measures of the Private Cloud Compute system. He claimed that once the PCC is launched, it will make software images of every production version of the cloud system publicly available for security research.
To further aid research, Apple will release each production image of Private Cloud Compute software for binary inspection across the OS, applications, and all other execution nodes. Researchers will be able to verify this against measurements in the transparency log. Researchers will be offered rewards for finding flaws in the system.
