Apple's New Differential Privacy Feature is Opt-In

[Kagami190]

Ugh another "next" screen that my racist uncle is going to be convinced is Obama trying to spy on him.

No uncle joe it's just anonymous information collecting but whatever select no you wouldn't understand why words were changing to hieroglyphics anyway

 

[OLDCODGER]

Information is money. If I were ever to decide to share I would want paying - up front.

 

[KidAKidB]

It will depend on the implementation, of course - but "differential privacy" is not something Apple came up with. It's a specific concept developed in the academic community, largely in response to concerns regarding how companies like Google and Facebook vacuum up every bit of personal information they can.

If done right, it will allow Apple to offer products on par with Google Now, for example, without sacrificing your personal privacy.

I am pretty sure you've never heard Google or Facebook use the specific term "differential privacy".

Actually Google has used the term "differential privacy" as they have been using it in their Chrome browser for a couple years. They use it mainly for the "Report an Issue" form though so it's not a major roll out, but they have mentioned it.

 

[Wahlstrm]

Well, that escalated quickly..

 

[KidAKidB]

That's what I meant about critical. Apple as a health company cannot exist without privacy. Tim Cook is setting up the chess board for a major move into an industry that none of its current competitors will be able to compete in without completely changing their culture and business model. Google cannot compete with Apple on privacy because its very business model depends on data mining and knowing as much as possible about its customers.

A future Apple Watch as a health device with a full range of vitals monitoring will essentially put a tricorder on everybody's wrist warning people of issues even before they experience any symptoms. It will literally change and prolong human life.

Steve Jobs' Apple was about music and other creative production and consumption and it served the company well. That was his passion. Tim Cook is definitely passionate about Health and that's where he's leading the company into the future. I like where it's going.

Using your logic, Apple cannot compete with Google because of the fact that they don't data mine and know as much about their customers though.

Both companies can compete in different ways, it's not like Google doesn't have the means to keep private information such as health data private. Google has one of the best data security teams in the world.

 

[dk001]

Could be, but you should take their track record into account: Apple has a longstanding consistent track record concerning user privacy which makes them more credible compared to some other companies.

Personally I am and I really don't see this being effective. I fully expect it will work well for some. For others I doubt it works well at all. Kind of like the aforementioned proactive feature.
[doublepost=1466860890][/doublepost]

Why not give us 3 level of choices:
1. Full opt in whereby I allow Apple to scan all my emails, everything like Google does so I can get the smartest Siri assistant possible
2. The current suggested method like in this article
3. No data sharing at all.

I would be happy to allow Apple to go thru my information if it resulted in a smarter Siri and as long as the information was stored for a certain period of time and not sold to advertisers , I would be content

That makes a bit of sense. In the present presented presentation it looks like we will get nothing or a bit of something.
[doublepost=1466861007][/doublepost]

It will depend on the implementation, of course - but "differential privacy" is not something Apple came up with. It's a specific concept developed in the academic community, largely in response to concerns regarding how companies like Google and Facebook vacuum up every bit of personal information they can.

If done right, it will allow Apple to offer products on par with Google Now, for example, without sacrificing your personal privacy.

I am pretty sure you've never heard Google or Facebook use the specific term "differential privacy".

meanwhile Apple is turning it into a marketing term ... not what the originators had in mind I suspect.
[doublepost=1466861220][/doublepost]

You're thinking of the recent John Gruber interview with Craig Federighi. Obviously Apple is aware of this, but I don't think they are planning on making the user identifiable by other means either.

They've made themselves "the guys who care about privacy" so they know they are under a microscope and will get called out if they turned around and did something they said they wouldn't.

Okay ... there is personal privacy, demographic privacy, and demographics. Which one is Apple talking about? Depending on the article, interview, or keynote, the apparent reference leans toward one of but not all.
[doublepost=1466861457][/doublepost]

Privacy laws is not just critical, it's legally binding and enforced in health care. I've worked in hospitals, co-workers have gotten fired for gossiping and blabbing about celebrities that were inpatients, and (the hospital employees) posting and blabbing about it on Facebook etc. All the managers and supervisors try to catch this kind of activity.

HIPAA privacy laws protect the privacy of health care patients….. HIPAA laws are most definitely enforced in health care.

There is no chance in hell a tech company will succeed wide-scale in health care unless they have embraced privacy rights.

When they say healthcare I wonder if the meaning refers to aspects like insurance.

 

[RoboCop001]

The researchers have used the word infeasible (technical term meaning not likely). Never have they said impossible. If someone wanted to "brute force" it, they can ID you with the data Apple will plan to collect.

Just to clarify, I did say "Seems like" before I wrote "impossible" - so it wasn't an absolute statement, and it was only my take-away from the video, not saying that's what they said

 

[ipedro]

Using your logic, Apple cannot compete with Google because of the fact that they don't data mine and know as much about their customers though.

Both companies can compete in different ways, it's not like Google doesn't have the means to keep private information such as health data private. Google has one of the best data security teams in the world.

It's a matter of perception. In no way would I trust my most personal data (my health) to a company who's foundation and main business is selling data. Android users aren't Google's customers. They're the product that is sold to its real customers: advertisers. That's why Google gives Android away for free.

Apple is setting the stage of public perception that it doesn't want your private data and that nobody ever sees it but you. That's the advantage that they're building in health that Google can't compete with unless it changes its very foundation as a data mining company.

 

[dk001]

It's a matter of perception. In no way would I trust my most personal data (my health) to a company who's foundation and main business is selling data. Android users aren't Google's customers. They're the product that is sold to its real customers: advertisers. That's why Google gives Android away for free.

Apple is setting the stage of public perception that it doesn't want your private data and that nobody ever sees it but you. That's the advantage that they're building in health that Google can't compete with unless it changes its very foundation as a data mining company.

That is the one aspect I feel many miss. Google is selling demographic data. It's not selling my personal data. They sell that I buy online and browse REI, not the fact I have a medical condition or have a prescription.

I like what Apple is attempting. What I am trying to do is separate the "marketing" from "what is actually happening".

 

[ipedro]

That is the one aspect I feel many miss. Google is selling demographic data. It's not selling my personal data. They sell that I buy online and browse REI, not the fact I have a medical condition or have a prescription.

I like what Apple is attempting. What I am trying to do is separate the "marketing" from "what is actually happening".

Again, Google could be taking all the care in the world and in fact never sell my data, but the public's perception that it is a company that makes money selling data is going to handicap it significantly when it comes to entering a field where privacy is paramount.

Public opinion is actually far more important than facts. That's the reality that everyone from marketing dependent companies to PR sensitive politicians have to live in.

 

[macfacts]

It's a matter of perception. In no way would I trust my most personal data (my health) to a company who's foundation and main business is selling data. Android users aren't Google's customers. They're the product that is sold to its real customers: advertisers. That's why Google gives Android away for free.

....

Google collects data but does not sell it. Google sells ad space for advertisers.

The only people that can access the data Google collects are the Government with a court order. You say your health data is most personal and private? The Government already has access to your health records.

 

[69Mustang]

Again, Google could be taking all the care in the world and in fact never sell my data, but the public's perception that it is a company that makes money selling data is going to handicap it significantly when it comes to entering a field where privacy is paramount.

Public opinion is actually far more important than facts. That's the reality that everyone from marketing dependent companies to PR sensitive politicians have to live in.

That's a dangerous sentiment; one I sincerely hope you don't adhere to personally. Unfortunately, you're right in the fact that a lot of people buy into that sentiment. Adhering to the facts would make a lot of the meme level ideas in this forum disappear. Fact: Google isn't entering healthcare, Google has been in healthcare for years. Google Health: https://en.wikipedia.org/wiki/Google_Health - Sounds familiar doesn't it? A quick search with the terms "google and healthcare" will show that Google doesn't have a handicap when it comes to healthcare. From all indications, healthcare is a big focus at Google. The've already gotten certified for HIPAA compliance with their apps: https://support.google.com/a/answer/3407054?hl=en

Google is probably doing happy backflips at the prospect of Apple getting further into healthcare. For all their prowess in other areas, Google sucks at marketing. Apple doesn't. The rising tide of Apple's marketing is going to raise all boats, similar to what it did for Spotify via Apple Music.

As for differential privacy, I think it's a good thing. Also, it's another area Google has been working on for a fairly long time. Peek at RAPPOR

 

[zzLZHzz]

since Apple to thru all this trouble to ensure privacy, I would trust them on it.

Then again, I always said that there is no privacy once you are connected to the internet.

 

[EricTheHalfBee]

That's a dangerous sentiment; one I sincerely hope you don't adhere to personally. Unfortunately, you're right in the fact that a lot of people buy into that sentiment. Adhering to the facts would make a lot of the meme level ideas in this forum disappear. Fact: Google isn't entering healthcare, Google has been in healthcare for years. Google Health: https://en.wikipedia.org/wiki/Google_Health - Sounds familiar doesn't it? A quick search with the terms "google and healthcare" will show that Google doesn't have a handicap when it comes to healthcare. From all indications, healthcare is a big focus at Google. The've already gotten certified for HIPAA compliance with their apps: https://support.google.com/a/answer/3407054?hl=en

Google is probably doing happy backflips at the prospect of Apple getting further into healthcare. For all their prowess in other areas, Google sucks at marketing. Apple doesn't. The rising tide of Apple's marketing is going to raise all boats, similar to what it did for Spotify via Apple Music.

As for differential privacy, I think it's a good thing. Also, it's another area Google has been working on for a fairly long time. Peek at RAPPOR

From the Wiki you linked to:

According to its Terms of Service, Google Health is not considered a "covered entity" under the Health Insurance Portability and Accountability Act of 1996; thus, HIPAA privacy laws do not apply to it.

Google Health was also discontinued in 2011. That ship has sunk, so it's not going to be "raised" at all.

As to Google Apps, this sums it up:

Administrators for Google Apps for Work, Education, Government, and Google Apps Unlimited domains must review and accept a BAA before using Google services with PHI.

A BAA (Business Associate Agreement) is an agreement entered into by a company that wishes to store health information using Google Apps (perhaps a word processor document on a patient or using Gmail to communicate private data to another physician). It's the same agreement people using Microsoft Office (or any number of software packages out there) must enter into when dealing with health data. While this software has to be secure, the onus on keeping data private lies more with the associate than the software they are using.

Besides, the "requirements" that allow Google Apps, Microsoft Office and others to be used for confidential health care information have nothing to do with HIPAA itself. Simply adhering to several industry standards and best practices in areas like encryption and security are what make them suitable for HIPAA compliance (once they enter into a BAA). It also makes them suitable for a wide range of other uses that require the same kind of privacy/security. So it's not like Google specifically designed Google Apps for HIPAA compliance - it's more like adhering to other ISO standards ALSO allowed them to be HIPAA compliant.

The Apple Watch is kind of in a grey area in regards to HIPAA (which isn't really defined in the areas of personal devices that can track data). If the data stays on the Watch, then it's not required to be compliant. If the data is transmitted to a health care provider, then it's required. This is still up in the air in regards to ResearchKit and HealthKit. However, Apple has a big advantage here in that they have tight control over their hardware & software. They would have a much easier time gaining HIPAA compliance for something like the Apple Watch or the iPhone than an Android vendor would for their smartwatch or phone. Even if Android itself gained HIPAA compliance, that would not automatically extend to all device manufacturers as each device is not only different in terms of hardware but also in software (and any custom modifications the OEM did to Android). Each manufacturer would need to go through the necessary process to become HIPAA compliant on a device-by-device basis. Something I doubt many of them will ever bother to do. Hell, they can't even keep up with issuing patches/updates for security fixes.

 

[05barbs]

By constantly taking the route of ensuring user privacy Apple will continue to gain customer trust and new buyers who are worried about intrusions into their lives.

 

[69Mustang]

From the Wiki you linked to:



Google Health was also discontinued in 2011. That ship has sunk, so it's not going to be "raised" at all.

As to Google Apps, this sums it up:



A BAA (Business Associate Agreement) is an agreement entered into by a company that wishes to store health information using Google Apps (perhaps a word processor document on a patient or using Gmail to communicate private data to another physician). It's the same agreement people using Microsoft Office (or any number of software packages out there) must enter into when dealing with health data. While this software has to be secure, the onus on keeping data private lies more with the associate than the software they are using.

Besides, the "requirements" that allow Google Apps, Microsoft Office and others to be used for confidential health care information have nothing to do with HIPAA itself. Simply adhering to several industry standards and best practices in areas like encryption and security are what make them suitable for HIPAA compliance (once they enter into a BAA). It also makes them suitable for a wide range of other uses that require the same kind of privacy/security. So it's not like Google specifically designed Google Apps for HIPAA compliance - it's more like adhering to other ISO standards ALSO allowed them to be HIPAA compliant.

The Apple Watch is kind of in a grey area in regards to HIPAA (which isn't really defined in the areas of personal devices that can track data). If the data stays on the Watch, then it's not required to be compliant. If the data is transmitted to a health care provider, then it's required. This is still up in the air in regards to ResearchKit and HealthKit. However, Apple has a big advantage here in that they have tight control over their hardware & software. They would have a much easier time gaining HIPAA compliance for something like the Apple Watch or the iPhone than an Android vendor would for their smartwatch or phone. Even if Android itself gained HIPAA compliance, that would not automatically extend to all device manufacturers as each device is not only different in terms of hardware but also in software (and any custom modifications the OEM did to Android). Each manufacturer would need to go through the necessary process to become HIPAA compliant on a device-by-device basis. Something I doubt many of them will ever bother to do. Hell, they can't even keep up with issuing patches/updates for security fixes.

Apologies, but I am not sure what point you're trying to make. Nothing you wrote counters my refutation of ipedro's quotes. He's been asserting that Google would have a hard time entering heathcare because of their business model. I pointed out Google is not entering healthcare, they've been there for a while. I provided evidence of that. Google Health was part of that evidence and looks strikingly similar to what Apple is trying to do now. You mention the initiative was cancelled, but you failed to mention why it was cancelled. It was cancelled to to lack of widespread adoption. Not quite sure why you think that ship is sunk. Pretty sure they are going to reintroduce that program through their Life Sciences division of Google X. They were a bit ahead of curve, just like they were with Android Pay. Android Pay was languishing until Apple marketed the stew out of it's mobile payment solution.

Like I said earlier Apple's marketing machine is great and brings visibility like no other. It floats all boats. Google and others are most likely happy as a tick on a hound about Apple and Healthcare. Their venture capital arm, Google Ventures, went from reportedly spending 9% on healthcare to 39%. They are not entering healthcare, they're already in.

I don't think the Android handset makers will have as hard a time as you do. Most likely they'd choose to only make their flagships compliant. That's one phone each, two with Samsung. With Google providing the software, the manufacturers would just have to make sure their skins are not in conflict with Google's compliance measures.

 

[kdarling]

I think the HIPAA stuff really deserves its own thread, but...

The OS isn't the real problem. Each manufacturer can comply with HIPAA on their devices. Mostly this would seem to entail mandating PINs and secure Bluetooth connections.

And of course Android Wear is controlled by Google, like watchOS is by Apple.

--

The real problem is likely with third party fitness apps. They're the weak link which often don't use secure comms, have no stated privacy policy, leak info, etc.

The FTC tested both iOS and Android apps a couple of years ago, and found that they equally were liable to send personal and health data to multiple servers, including perhaps advertisers.

https://www.privacyrights.org/mobile-medical-apps-privacy-consumer-report.pdf

https://www.ftc.gov/system/files/do...95411/consumer-health-data-webcast-slides.pdf

https://www.ftc.gov/system/files/do...d-controlled-health-data-final-transcript.pdf

--

Another problem is the number of states that sell "anonymous" health info. The trouble is, researchers have often easily found ways to cross reference data and figure out individuals. The is where differential privacy might help, up to a point.

 

[dk001]

Apologies, but I am not sure what point you're trying to make. Nothing you wrote counters my refutation of ipedro's quotes. He's been asserting that Google would have a hard time entering heathcare because of their business model. I pointed out Google is not entering healthcare, they've been there for a while. I provided evidence of that. Google Health was part of that evidence and looks strikingly similar to what Apple is trying to do now. You mention the initiative was cancelled, but you failed to mention why it was cancelled. It was cancelled to to lack of widespread adoption. Not quite sure why you think that ship is sunk. Pretty sure they are going to reintroduce that program through their Life Sciences division of Google X. They were a bit ahead of curve, just like they were with Android Pay. Android Pay was languishing until Apple marketed the stew out of it's mobile payment solution.

Like I said earlier Apple's marketing machine is great and brings visibility like no other. It floats all boats. Google and others are most likely happy as a tick on a hound about Apple and Healthcare. Their venture capital arm, Google Ventures, went from reportedly spending 9% on healthcare to 39%. They are not entering healthcare, they're already in.

I don't think the Android handset makers will have as hard a time as you do. Most likely they'd choose to only make their flagships compliant. That's one phone each, two with Samsung. With Google providing the software, the manufacturers would just have to make sure their skins are not in conflict with Google's compliance measures.

https://static.googleusercontent.co...s/terms/2015/1/hipaa_implementation_guide.pdf

 

[ConnYoungy]

So how do we opt in?