Apple Addresses Privacy Questions About ‘Hey Siri’ And Live Photo Features

Though Apple has long been vocal about its stance on security and privacy, it has recently begun utilizing that stance as a sales tool. If you’d like to keep personal data — anonymized or not — to yourself as much as possible, the company has messaged, then you should invest in Apple hardware.

That policy, of course, requires extra examination when Apple launches features that require data to be sent off of your phone in order to be effective. The ‘Hey Siri’ feature, for instance, now no longer requires that your phone be plugged in to power to be active. An ‘always listening’ phone logically raises some questions about how that data will be handled, transmitted and sent. Live Photos, as well, are a new wrinkle — photographs with audio and motion attached.

These new features have raised some questions about how Apple will maintain user privacy. Our own Natasha Lomas covered some of those queries this morning. In a Q&A provided to TechCrunch, Apple has attempted to address them.

That information, along with some knowledge I’ve gleaned from talking to folks around town this week, makes the answers to some of these questions clearer.

Live Photos

Live Photos are a new kind of iPhone image ‘format’ that look like a normal picture until you ‘force touch’ them (tap and push). When you do so, the photo comes alive with a bit of motion and audio — 1.5 seconds before the picture and 1.5 seconds after it.

Live Photos are treated almost exactly like any other photo shot on an iPhone. This means that they’re encrypted, both at rest and in transit to iCloud.

Because Live Photos record motion before your still image, they are continuously buffered beginning the moment you open your camera app and see the Live icon (orange circle) at the top of your screen. Apple says that this 1.5 second recording only happens when the camera is on, and this information is not permanently saved until you take a picture, period. Screen Shot 2015-09-11 at 4.26.15 PM

“Although the camera is “recording” while you’re in Live Photo mode, the device will not save the 1.5 seconds before until you press the camera button,” says Apple. “The pre-captured images are not saved to the user’s device nor are they sent off the device.”

The 1.5 seconds after the still capture are also recorded because you’ve tapped the camera button in live mode. 

From what we’ve gleaned, Live Photos are a single 12-megapixel image and a paired motion format file, likely a .mov. They are presented together by iOS but are actually separate entities tied to one another. This means that you can send a Live Photo to someone as a still image if you choose — or save it as a still image separately. You do not have to include the motion format. If you want someone else to be able to view them as Live Photos, of course, they have to be running iOS 9 or above. The total size of a Live Photo varies like any compressed image, but on average it takes up roughly the space of two 12-megapixel images.

“We treat privacy and security of Live Photos the same that we do for existing Photos and Videos. They don’t leave the device for any reason unless you purposely share it or elect to use iCloud,” says the company.  

The Live Photos feature is on by default but can be turned off with a tap of the icon.

Hey Siri

Perhaps the larger question is how does not having to have your iPhone plugged in affect the privacy of Apple’s ‘Hey Siri’ feature? Being able to say the phrase at any time to activate Siri is convenient, but raises some questions about what Apple means by ‘listening’ and whether any of that stuff is recorded.

Hey Siri is an optional feature that is enabled by an opt-in step in iOS 9’s setup. You can choose never to enable it. If you do enable it, nothing is ever recorded in any way before the feature is triggered.

“In no case is the device recording what the user says or sending that information to Apple before the feature is triggered,” says Apple.

Instead, audio from the microphone is continuously compared against the model, or pattern, of your personal way of saying ‘Hey Siri’ that you recorded during setup of the feature. Hey Siri requires a match to both the ‘general’ Hey Siri model (how your iPhone thinks the words sound) and the ‘personalized’ model of how you say it. This is to prevent other people’s voices from triggering your phone’s Hey Siri feature by accident.

Until that match happens, no audio is ever sent off of your iPhone. All of that listening and processing happens locally.

“The “listening” audio, which will be continuously overwritten, will be used to improve Siri’s response time in instances where the user activates Siri,” says Apple. The keyword there being ‘activates Siri.’ Until you activate it, the patterns are matched locally, and the buffer of sound being monitored (from what I understand, just a few seconds) is being erased, un-sent and un-used — and unable to be retrieved at any point in the future.

Of course, as has always been the case with Siri, once a match is made and a Siri command is sent off to Apple, it’s associated with your device using a random identifier, not your Apple ID or another personalized piece of info. That information is then ‘approved’ for use in improving the service, because you’ve made an explicit choice to ask Apple’s remote servers to answer a query.

“If a user chooses to turn off Siri, Apple will delete the User Data associated with the user’s Siri identifier, and the learning process will start all over again,” says Apple.

The subtext here, of course, is the constant battle Apple will have to wage to balance the data needs of its more advanced personalization and convenience features with its relatively hardcore position on user privacy.

Could Apple do more if it continuously sent (anonymized) data back to its servers regardless of a personalized Siri match? Surely. It would give its data scientists a ton more data to work with to make the service better at a more rapid clip. And the argument could be made that since the data was anonymized, no harm is done. That’s certainly the argument that Google uses to provide better Google Now services and to utilize the data to target ads.

But because Apple has explicitly challenged itself to move as little data as possible off of your local device, and to keep that data internal (not sharing it with partners), it will need to stay solidly on the conservative side of the line with any features like Hey Siri and Live Photos.

And it will doubtless have to answer questions like these any time it pushes the boundaries of what is possible with its cloud services.