Meta is developing Private Processing, a technology for WhatsApp that allows users to utilize AI in a privacy-preserving manner. This feature enables users to process messages securely, ensuring that no one, including Meta and WhatsApp, can access their data. Independent security researchers will continuously validate the privacy and security architecture.
AI has transformed interactions with technology, but traditional processing methods expose user requests to providers, conflicting with the privacy of end-to-end encryption. Private Processing aims to deliver AI capabilities, like message summarization, while maintaining user privacy through several principles:
- Optionality: Users can choose to use AI features.
- Transparency: Users are informed when Private Processing is utilized.
- User control: Users can prevent sensitive messages from being processed by AI.
Private Processing operates in a Trusted Execution Environment (TEE), allowing users to direct AI for tasks without compromising their privacy. Key requirements include:
- Confidential processing: Prevents unauthorized access to user data during processing.
- Enforceable guarantees: Modifications to the processing must be detectable.
- Verifiable transparency: Users and researchers can audit the system's behavior.
The threat model for Private Processing identifies potential attack vectors and vulnerabilities, focusing on protecting sensitive data against various threat actors, including malicious insiders and external attackers. The system is designed to minimize risks through layered security measures, including:
- Non-targetability: Prevents attackers from targeting specific users.
- Stateless processing: No retention of user messages post-session.
Private Processing establishes secure connections using Oblivious HTTP (OHTTP) and employs Remote Attestation + Transport Layer Security (RA-TLS) for secure communication. The system processes user requests in a Confidential Virtual Machine (CVM), ensuring data is encrypted and not stored after processing.
The design of Private Processing emphasizes:
- Confidential processing: Data is encrypted end-to-end.
- System software: Prohibits remote access and implements code isolation.
- System hardware: Utilizes confidential virtualization technologies for enhanced security.
To enhance transparency, Meta plans to publish components of Private Processing, expand its Bug Bounty program, and release a detailed security engineering design paper. This initiative aims to foster independent security research and improve the overall security of AI processing in messaging.
Private Processing is expected to be available soon, with a commitment to user privacy and security at its core. Feedback from users and the security community is welcomed to refine the system further.