Let’s talk about AI and end-to-end encryption
I think this is the most important discussion with respect to AI:
"[...] I would say that AI is going to be the biggest privacy story of the decade. Not only will we soon be doing more of our compute off-device, but we’ll be sending a lot more of our private data. This data will be examined and summarized by increasingly powerful systems, producing relatively compact but valuable summaries of our lives. In principle those systems will eventually know everything about us and about our friends. They’ll read our most intimate private conversations, maybe they’ll even intuit our deepest innermost thoughts. We are about to face many hard questions about these systems, including some difficult questions about whether they will actually be working for us at all."
I lead technology at a non-profit newsroom where we've banned use of hosted AI models on sensitive data like reporting notes and source information. We've turned off AI assistants on our cloud services, and we've deployed client-side encryption for sensitive documents.
Even if we think vendors are trustworthy (I don't), sending this level of data to any third party creates a honeypot for surveillance and potential misuse by government, law enforcement, the vendors themselves, and beyond. If a vendor has access to your most personal data and receives a criminal subpoena, which could easily come from the government or from a third party, you might never know that your information was compromised. (Civil subpoenas sometimes allow vendors to notify you that this happened.)
So these solutions are pretty interesting, although fall far short of the encryption standard the author and I would both like to see:
"Apple’s approach to this problem is called “Private Cloud Compute” and it involves the use of special trusted hardware devices that run in Apple’s data centers. [...] Apple ensures that no long-term state is stored on these machines, and also load-balances your request to a different random server every time you connect."
As the author notes, when this level of data is being gathered centrally and is potentially available for government use (or even vendor use beyond our intent as users), serious questions are raised about who this software actually works for. Is it ours? Is it empowering? Is it covertly a system of control and monitoring? Or all of the above?
I think the answer, sadly, is inevitable.
[Link]
·
Links
·
Share this post
I’m writing about the intersection of the internet, media, and society. Sign up to my newsletter to receive every post and a weekly digest of the most important stories from around the web.