Apple, Microsoft, Uber Turn to New Data Privacy Technology

Apple instituted a privacy technology, called differential privacy, that enables its software to understand users without spying on their activities. Now, Microsoft and Uber are also trying out the same technology. While differential privacy reportedly can keep data anonymous, experts warn that it’s becoming easier than ever to identify people from anonymous data sets. That includes biometrics; Citigroup has abandoned a project begun in 2015 to allow customers to scan their irises to access their accounts at an ATM.

The Wall Street Journal reports that, two year ago, MIT researchers found that, “shoppers could be identified by linking social-media accounts to anonymous credit-card records and bits of secondary information, such as the location or timing of purchases.”

Differential privacy works by “blur[ring] the data being analyzed by adding a measurable amount of statistical noise,” so that “someone trying to find links in the data would never be sure which question a particular person was asked.”


University of California, Santa Cruz assistant professor Abhradeep Guha Thakurta reports that, “differential privacy is key to Apple’s artificial intelligence efforts.” The company has been seen as a “laggard” in developing AI due to its privacy policies, but, said Thakurta, “to succeed in the AI era they have to collect information about the user.”

Since debuting differential-privacy software in September, said Apple software engineer Katie Skinner, “The company is now receiving millions of pieces of information daily — all protected via this technique — from Macs, iPhones and iPads running the latest operating systems.”

WSJ also reports that Citigroup has abandoned its 2015 project due to “the cost and complexity of collecting and managing millions of customers’ biometric data,” as well as the fact that, “a large database of biometric data is also particularly juicy target for hackers.”

“If I steal your password, you make a new password,” said HYPR chief executive George Avetisov. “But how do you make a new fingerprint?”

As a result, banks are now turning to customers to “store and safeguard” their own biometric information via their smartphones. In the past year, Wells Fargo, JPMorgan Chase and Bank of America have “started to roll out new ATMs that can link to customers’ mobile devices,” whereby “customers will sign in through their phones, potentially using a fingerprint, and then transmit a code to the ATM.” Citigroup’s apps already “use voice, face and fingerprint recognition, although the bank has yet to roll out cardless ATMs.”

According to a survey by the University of Oxford and Mastercard, “while nine out of 10 bankers wanted to take advantage of biometrics, only about a third reported a good experience so far using the technology.” In the U.S., which “doesn’t have national identification databases, “ banks are “on their own to figure out how to record and store customers’ biometric markers,” which “adds extra steps, complexity and cost.” By retaining the data on individual phones, “banks wouldn’t have to protect treasure troves of genetic templates from hackers.”

“Think of your phone as becoming like your house keys,” said Avetisov. “Hackers want the biggest payoff and attacking one person is a more difficult and low-profit attack.”