Apple is taking a deep dive into AI with its new Apple Intelligence suite of features across iPhones, iPads, and Macs. While some requests will, with user permission, be routed to OpenAI’s ChatGPT, a top exec says Apple's own AI services rely on a “blockchain-ish” model to ensure user privacy.
But what does that really mean? Following Apple's keynote presentation, its Senior Vice President of Software Engineering Craig Federighi and SVP of Machine Learning and AI Strategy John Giannandrea took the stage for a press interview about the consumer tech giant’s big AI push, moderated by content creator Justine “iJustine” Ezarik.
Asked how Apple would make sure its customer information remained private if it leaves their devices, Federighi explained that user requests sent to Apple servers are anonymized, as their IP addresses are masked and the server itself is prevented from keeping a log of information. On top of that, an image of the server software will be publicly shared so that it can be audited by independent security researchers, and user devices will only interact with servers with auditable software.
“It’s a clever kind of blockchain-ish attestation log to make sure the iPhone will only trust the software that’s been publicly put out there,” Federighi said, adding that Apple will soon issue a white paper about its security model. “It’s a really extraordinary step up in terms of the level of trust you can place in server computing.”
As the company dives deeper into AI and the personal data it uses to deliver its services, he added, “it’s essential that you can know that no one—not Apple, not anyone else—would have access to any of the information used to process your request.”
One of Apple’s most prominent executives indeed said that the firm is using “blockchain-ish” tech—but Federighi did not say specifically that the firm is using an actual blockchain, and certainly didn’t say that the tech juggernaut is building on a decentralized model.
Decrypt reached out to Apple to clarify Federighi’s comments, but did not immediately receive a response.
What it means
Apple shared some details in an extensive security blog post on Monday about Private Cloud Compute (PCC), which Apple designed to handle user requests. As Federighi noted, it anonymizes user requests and then relies on servers that use publicly auditable software to handle those AI needs.
Apple calls that last point “Verifiable Transparency.” Sound familiar?
In essence, Apple will make its software images public to prove that its system is secure. Then, it will build a check into the system to ensure that devices can only interact with servers that use software that’s been shared publicly for auditing purposes. And that system is built with cryptography.
Okay this is kinda wild — never thought I would hear an Apple exec talk about the blockchain https://t.co/stdSXVcytH
— Joshua Topolsky (@joshuatopolsky) June 10, 2024
“This promise, too, is an enforceable guarantee: user devices will be willing to send data only to PCC nodes that can cryptographically attest to running publicly listed software,” the post reads, with a bullet point further emphasizing that Apple will be “publishing the measurements of all code running on PCC in an append-only and cryptographically tamper-proof transparency log.”
Furthermore, the post adds: “Specifically, the user’s device will wrap its request payload key only to the public keys of those PCC nodes whose attested measurements match a software release in the public transparency log. And the same strict code signing technologies that prevent loading unauthorized software also ensure that all code on the PCC node is included in the attestation.”
Public keys? Nodes? A “cryptographically tamper-proof transparency log,” of all things? It’s not difficult to understand why Federighi would call it a “blockchain-ish” approach. It’s also easy to see why crypto-natives are taking shots at Apple on social media for not actually calling it a blockchain when it apparently shares so many commonalities.
“Say blockchains without saying blockchains,” tweeted Wei Dai, Research Partner at crypto investment firm 1KX, with a screenshot from the blog post.
But while the Private Cloud Compute model is designed to be transparent and invites public scrutiny, Apple is not launching a decentralized network: It’s still ultimately running the show as a centralized player. There’s no decentralized consensus model in play, and users still ultimately have to trust what Apple is saying regarding its privacy mechanisms.
“That’s not my read,” tweeted Riccardo “fluffypony” Spagni, founder of privacy coin Monero, in reply to Dai. “I think it’s more like a linked list, or actually more like [Github]. There’s no consensus mechanism here, there’s a central publisher.”
That’s not my read - I think it’s more like a linked list, or actually more like git.
There’s no consensus mechanism here, there’s a central publisher.
— Riccardo Spagni (@fluffypony) June 11, 2024
“This isn’t a blockchain,” Spagni added in a further reply.
However, Apple has been exploring the potential for blockchain tech. In a patent application filed in 2023 and published earlier this year, Apple sought to patent a “Distributed Network Management System“ that explicitly mentions the potential use of blockchain in some implementations. Elsewhere, a recently granted Apple patent describes a “decentralized ledger” used in the process of publishing media assets.
Private Cloud Compute isn’t a blockchain, based on what we know so far. But Apple said in its security post that more details are forthcoming, and the firm doesn’t appear to have shut the door on potential use cases for blockchain tech. What’s here is “blockchain-ish,” at least, in the words of Craig Federighi—and that’s an interesting claim from Apple all the same.
Edited by Ryan Ozawa.