TechNews Pictorial PriceGrabber Video Mon Nov 25 17:51:51 2024

0


With Apple Pay and Smartwatch, a Privacy Challenge
Source: BRIAN X. CHEN and STEVE LOHR



The Apple Watch introduced this week will be available next year, with its new payment service, Apple Pay. Credit Jim Wilson/The New York Times

No one has considered Apple a serious data company, until now.

For years, Apple has offered Internet services like email and online calendars. But Tuesday, with the introduction of health-monitoring technology and a new service that will allow people to buy things wirelessly with some Apple devices, the Cupertino, Calif., company positioned itself as a caretaker of valuable personal information, like credit card numbers and heart rates.

Talk about unfortunate timing. Just last week, a number of celebrities, including the Oscar-winning actress Jennifer Lawrence, discovered that hackers broke into their Apple accounts, stole nude or provocative photos, and posted those photos on the Internet. Even though Apple found no widespread breach of its online service, the company’s ability to protect its customers’ private information ― for perhaps the first time ― was openly questioned.

Against that background, Apple faces two threats to its new services: one from hackers always looking for clever ways to steal financial information, and another from regulators increasingly interested in ensuring that information gleaned from health monitoring devices stays private.

So Apple executives, in a two-hour presentation and in media interviews Tuesday, were careful to explain what the company planned to do with the information users were sharing through the health-monitoring capabilities of a smartwatch called the Apple Watch, which will be available next year, and its new payment service, Apple Pay.

Timothy D. Cook, Apple’s chief executive, said in an interview that in contrast to companies like Amazon and Google that relied on tracking user activity to serve ads or sell things, Apple still primarily made money from selling hardware. With Apple Pay, which will be available next month, Apple does not store any payment information on the devices or on Apple’s servers. It simply acts as a conduit between the merchant and bank.


“We’re not looking at it through the lens that most people do of wanting to know what you’re buying, where you buy it at, how much you’re spending and all these kinds of things,” he said. “We could care less.”

Jeff Williams, Apple’s head of operations, noted that for the Apple Watch, Apple is forbidding app developers from storing any health information on cloud computing servers. He added that all health information logged by the watch would be encrypted on the device and users would decide which apps had access to the data.

Some security experts are already pleased by what they see of Apple’s payment system. Apple Pay relies on a technology called near-field communication to exchange information wirelessly between devices. The new payment system could also drive faster adoption of a chip-based security feature called EMV, for Europay, MasterCard and Visa, the companies that first backed the technology.


Times technology columnist Molly Wood says consumers may see a rise in the use of mobile payments now that the iPhone has a chip that will work at tap-to-pay payment terminals.
Publish Date September 9, 2014. Image CreditSoftcard, via PR Newswire

EMV is more secure than the magnetic stripes on credit cards because a new string of numbers is created for each purchase, making it difficult for hackers to use a stolen number for another purchase or to counterfeit credit cards. The technology has been widely adopted in Europe, but American banks have been slow to use it.
Continue reading the main story Continue reading the main story
Continue reading the main story

Tom Pageler, the chief information security officer at the computer security company DocuSign, said EMV ― which Apple Pay uses ― could help avoid recent giant breaches at retailers like Target, where the information of 40 million cardholders was stolen.

“If we move to EMV, all that data will be useless to criminals,” Mr. Pageler said.

The Apple Watch will add to a field of health-monitoring devices that is largely unregulated. Personal health sensors, like Fitbit and Jawbone, are not deemed medical devices by the Food and Drug Administration. And personal health data collected by individuals for their own use is outside the federal laws controlling the use of patient information.

But regulators are closely watching this fast-growing market, and the Apple Watch will only add to the scrutiny. The F.D.A. has issued a list of mobile applications for which it has warned that it will “exercise enforcement discretion.” The list includes software used by individuals to log personal data on activity and exercise, food consumption and sleep patterns, and make suggestions about health and wellness.
Photo
Health information logged by the Apple Watch will encrypted. Users decide who has access to the data. Credit Jim Wilson/The New York Times

The key, privacy advocates say, is the practices that govern how personal data is handled and analyzed by the device makers and software developers. “The Achilles’ heel for privacy and consumer protection are apps connected to marketing, where the information can be gathered and used,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “I do not believe safeguards are in place to protect consumer health information that will be gathered for profiling and targeting.”

Apple has made it clear to developers of health apps that it wants to protect privacy. Last week, it updated its guidelines for app developers, stating that apps working with HealthKit, Apple’s new set of tools for tracking fitness and health statistics, may not use the personal data gathered for advertising or data-mining uses other than for helping manage an individual’s health and fitness, or for medical research.

The guidelines also say that app developers cannot share data with third parties without the user’s consent.

“I think Apple is certainly aware of the privacy issues with health data,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. “But whether it really enforces those guidelines to uphold its privacy commitments will be the real test.”

Mark A. McAndrew, a partner with the law firm Taft Stettinius & Hollister, which works with health and science clients, questioned whether Apple had the tools and resources to keep developers in check. Apple already has over one million apps to monitor in its App Store for iPhones and iPads, and occasionally questionable apps get published.

“It may not be as much of an Apple issue as much as it is, How do you police the app developers?” Mr. McAndrew said.


}

© 2021 PopYard - Technology for Today!| about us | privacy policy |