Azure Spatial Anchors approach to privacy and ethical design

Since we launched Azure Spatial Anchors just over 6 months ago, we've heard from all of you on your excitement for this spatial understanding technology. It will really bridge the gap between our digital and real worlds. We've also heard from many of you with curiosity on how we can, together, approach this new technology in an ethical, transparent and sustainable way for all of us. We believe that tech companies have a responsibility to be transparent about how we design our products, so with that in mind, I wanted to share with you how we are thinking about this.

Azure Spatial Anchors was born, from Day 1, to be ready for a world in which you control your data and your space.

First, Azure Spatial Anchors defaults to data segregation. Each of you - our customers, our partners, our developers - controls your own Spatial Anchor data store and access. You can choose to create one subscription, and thus a store, for all of your spatial data, or you can choose to divide subscriptions between different apps, different users, or any scheme you deem appropriate. In addition, your data is not shared with and not used for AI training for other subscriptions or scenarios. Azure Spatial Anchors only accesses your spatial data when you ask us, via an API call in your application, for a query to re-localize into the world.

Second, Azure Spatial Anchors defaults to image-less anchor creation and query. When you create or locate an anchor via the Azure Spatial Anchors SDK, images of the environment are only processed locally on your edge device. The image is processed in a derived format, reduced to only what is needed for computer vision algorithms to re-localize and persist your holograms. This is the only image-related data that is transmitted to and stored in the service (in your data segregated subscription!). We are continuing to choose the most secure format for your Spatial Anchor data, and scientists on our team continue to push state of techniques for privacy-preserving image-based localization. If you want to read more about that research (which I highly recommend) you can find it here.

Third, Azure Spatial Anchors defaults to pose only anchor query. When you locate an anchor via the Azure Spatial Anchors SDK, we do not return the image-related data to the edge device making the call. We return a 6 degrees-of-freedom pose - a tuple that allows you to re-localize and persist holograms. This extra measure removes the threat for a rogue edge device to take advantage of Spatial Anchors data.

These three defaults are the essential components of Azure Spatial Anchors’ privacy-first architecture. Many of you have expressed satisfaction with default settings but sometimes want to make your own choices:  some of you have high fidelity images that you want to submit, some of you would like to get the point clouds back to a device so you can see them for yourself, and some of you would like to share your Spatial Anchor data for others to also party in your mixed reality space. We are looking at how we can empower you to do all of the above while preserving our commitment to protecting privacy and other human rights. This is our journey, and we look forward to creating this holographic landscape together with you.

Keep in touch, give us feedback and let's keep the conversation going on Twitter in the meantime. Thank you for listening,

Alex