Apple, Microsoft and Google are heralding a new era of what they describe as artificially intelligent smartphones and computers. The devices, they say, will automate tasks like editing photos and wishing a friend a happy birthday.
But to make that work, these companies need something from you: more data.
In this new paradigm, your Windows computer will take a screenshot of everything you do every few seconds. An iPhone will stitch together information across many apps you use. And an Android phone can listen to a call in real time to alert you to a scam.
Is this information you are willing to share?
This change has significant implications for our privacy. To provide the new bespoke services, the companies and their devices need more persistent, intimate access to our data than before. In the past, the way we used apps and pulled up files and photos on phones and computers was relatively siloed. A.I. needs an overview to connect the dots between what we do across apps, websites and communications, security experts say.
“Do I feel safe giving this information to this company?” Cliff Steinhauer, a director at the National Cybersecurity Alliance, a nonprofit focusing on cybersecurity, said about the companies’ A.I. strategies.
All of this is happening because OpenAI’s ChatGPT upended the tech industry nearly two years ago. Apple, Google, Microsoft and others have since overhauled their product strategies, investing billions in new services under the umbrella term of A.I. They are convinced this new type of computing interface — one that is constantly studying what you are doing to offer assistance — will become indispensable.
The biggest potential security risk with this change stems from a subtle shift happening in the way our new devices work, experts say. Because A.I. can automate complex actions — like scrubbing unwanted objects from a photo — it sometimes requires more computational power than our phones can handle. That means more of our personal data may have to leave our phones to be dealt with elsewhere.
The information is being transmitted to the so-called cloud, a network of servers that are processing the requests. Once information reaches the cloud, it could be seen by others, including company employees, bad actors and government agencies. And while some of our data has always been stored in the cloud, our most deeply personal, intimate data that was once for our eyes only — photos, messages and emails — now may be connected and analyzed by a company on its servers.
The tech companies say they have gone to great lengths to secure people’s data.
For now, it’s important to understand what will happen to our information when we use A.I. tools, so I got more information from the companies on their data practices and interviewed security experts. I plan to wait and see whether the technologies work well enough before deciding whether it’s worth it to share my data.
Here’s what to know.
Apple Intelligence
Apple recently announced Apple Intelligence, a suite of A.I. services and its first major entry into the A.I. race.
The new A.I. services will be built into its fastest iPhones, iPads and Macs starting this fall. People will be able to use it to automatically remove unwanted objects from photos, create summaries of web articles and write responses to text messages and emails. Apple is also overhauling its voice assistant, Siri, to make it more conversational and give it access to data across apps.
During Apple’s conference this month when it introduced Apple Intelligence, the company’s senior vice president of software engineering, Craig Federighi, shared how it could work: Mr. Federighi pulled up an email from a colleague asking him to push back a meeting, but he was supposed to see a play that night starring his daughter. His phone then pulled up his calendar, a document containing details about the play and a maps app to predict whether he would be late to the play if he agreed to a meeting at a later time.
Apple said it was striving to process most of the A.I. data directly on its phones and computers, which would prevent others, including Apple, from having access to the information. But for tasks that have to be pushed to servers, Apple said, it has developed safeguards, including scrambling the data through encryption and immediately deleting it.
Apple has also put measures in place so that its employees do not have access to the data, the company said. Apple also said it would allow security researchers to audit its technology to make sure it was living up to its promises.
Apple’s commitment to purging user data from its servers sets it apart from other companies that hold on to data. But Apple has been unclear about which new Siri requests could be sent to the company’s servers, said Matthew Green, a security researcher and an associate professor of computer science at Johns Hopkins University, who was briefed by Apple on its new technology. Anything that leaves your device is inherently less secure, he said.
Apple said that when Apple Intelligence is released, users would be able to see a report of what requests are leaving the device to be processed in the cloud.
Microsoft’s A.I. laptops
Microsoft is bringing A.I. to the old-fashioned laptop.
Last week, it began rolling out Windows computers called Copilot+ PC, which start at $1,000. The computers contain a new type of chip and other gear that Microsoft says will keep your data private and secure. The PCs can generate images and rewrite documents, among other new A.I.-powered features.
The company also introduced Recall, a new system to help users quickly find documents and files they have worked on, emails they have read or websites they have browsed. Microsoft compares Recall to having a photographic memory built into your PC.
To use it, you can type casual phrases, such as “I’m thinking of a video call I had with Joe recently when he was holding an ‘I Love New York’ coffee mug.” The computer will then retrieve the recording of the video call containing those details.
To accomplish this, Recall takes screenshots every five seconds of what the user is doing on the machine and compiles those images into a searchable database. The snapshots are stored and analyzed directly on the PC, so the data is not reviewed by Microsoft or used to improve its A.I., the company said.
Still, security researchers warned about potential risks, explaining that the data could easily expose everything you’ve ever typed or viewed if it was hacked. In response, Microsoft, which had intended to roll out Recall last week, postponed its release indefinitely.
The PCs come outfitted with Microsoft’s new Windows 11 operating system. It has multiple layers of security, said David Weston, a company executive overseeing security.
Google A.I.
Google last month also announced a suite of A.I. services.
One of its biggest reveals was a new A.I.-powered scam detector for phone calls. The tool listens to phone calls in real time, and if the caller sounds like a potential scammer (for instance, if the caller asks for a banking PIN), the company notifies you. Google said people would have to activate the scam detector, which is completely operated by the phone. That means Google will not listen to the calls.
Google announced another feature, Ask Photos, that does require sending information to the company’s servers. Users can ask questions like “When did my daughter learn to swim?” to surface the first images of their child swimming.
Google said its workers could, in rare cases, review the Ask Photos conversations and photo data to address abuse or harm, and the information might also be used to help improve its photos app. To put it another way, your question and the photo of your child swimming could be used to help other parents find images of their children swimming.
Google said its cloud was locked down with security technologies like encryption and protocols to limit employee access to data.
“Our privacy-protecting approach applies to our A.I. features, no matter if they are powered on-device or in the cloud,” Suzanne Frey, a Google executive overseeing trust and privacy, said in a statement.
But Mr. Green, the security researcher, said Google’s approach to A.I. privacy felt relatively opaque.
“I don’t like the idea that my very personal photos and very personal searches are going out to a cloud that isn’t under my control,” he said.