Brian X. Chen and
Steve Lohr have an
article (and a video) in
The New York Times about privacy issues:
No one has considered Apple a serious data company, until now.
For years, Apple has offered Internet services like email and online calendars. But, with the introduction of health-monitoring technology and a new service that will allow people to buy things wirelessly with some Apple devices, the Cupertino, California company positioned itself as a caretaker of valuable personal information, like credit card numbers and heart rates.
Talk about unfortunate timing. Just last week, a number of celebrities, including the Oscar-winning actress Jennifer Lawrence, discovered that hackers broke into their Apple accounts, stole nude or provocative photos, and posted those photos on the Internet. Even though Apple found no widespread breach of its online service, the company’s ability to protect its customers’ private information— for perhaps the first time— was openly questioned.
Against that background, Apple faces two threats to its new services: one from hackers always looking for clever ways to steal financial information, and another from regulators increasingly interested in ensuring that information gleaned from health monitoring devices stays private.
So Apple executives, in a two-hour presentation and in media interviews, were careful to explain what the company planned to do with the information users were sharing through the health-monitoring capabilities of a smartwatch called the Apple Watch, which will be available next year, and its new payment service, Apple Pay.
Timothy D. Cook, Apple’s chief executive, said in an interview that in contrast to companies like Amazon and Google that relied on tracking user activity to serve ads or sell things, Apple still primarily made money from selling hardware. With Apple Pay, which will be available next month, Apple does not store any payment information on the devices or on Apple’s servers. It simply acts as a conduit between the merchant and bank.
“We’re not looking at it through the lens that most people do of wanting to know what you’re buying, where you buy it at, how much you’re spending and all these kinds of things,” Cook said. “We could care less.”
Jeff Williams, Apple’s head of operations, noted that, for the Apple Watch, Apple is forbidding app developers from storing any health information on Apple’s iCloud service. He added that all health information logged by the watch would be encrypted on the device and users would decide which apps had access to the data.
Some security experts are already pleased by what they see of Apple’s payment system. Apple Pay relies on a technology called near-field communication to exchange information wirelessly between devices. The new payment system could also drive faster adoption of a chip-based security feature called EMV, an acronym for Europay, MasterCard, and Visa, the companies that first backed the technology.
EMV is more secure than the magnetic stripes on credit cards, because a new string of numbers is created for each purchase, making it difficult for hackers to use a stolen number for another purchase, or to counterfeit credit cards. The technology has been widely adopted in Europe, but American banks have been slow to use it.
Tom Pageler, the chief information security officer at the computer security company DocuSign, said EMV (which Apple Pay uses) could help avoid recent giant breaches at retailers like Target, where the information of forty million cardholders was stolen.
“If we move to EMV, all that data will be useless to criminals,” Pageler said.
The Apple Watch will add to a field of health-monitoring devices that is largely unregulated. Personal health sensors, like Fitbit and Jawbone, are not deemed medical devices by the Food and Drug Administration. And personal health data collected by individuals for their own use is outside the federal laws controlling the use of patient information.
But regulators are closely watching this fast-growing market, and the Apple Watch will only add to the scrutiny. The FDA has issued a list of mobile applications for which it has warned that it will “exercise enforcement discretion”. The list includes software used by individuals to log personal data on activity and exercise, food consumption, and sleep patterns, and make suggestions about health and wellness.
The key, privacy advocates say, is the practices that govern how personal data is handled and analyzed by the device makers and software developers. “The Achilles’ heel for privacy and consumer protection are apps connected to marketing, where the information can be gathered and used,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “I do not believe safeguards are in place to protect consumer health information that will be gathered for profiling and targeting.”
Apple has made it clear to developers of health apps that it wants to protect privacy. Last week, it updated its guidelines for app developers, stating that apps working with HealthKit, Apple’s new set of tools for tracking fitness and health statistics, may not use the personal data gathered for advertising or data-mining uses, other than for helping manage an individual’s health and fitness, or for medical research.
The guidelines also say that app developers cannot share data with third parties without the user’s consent. “I think Apple is certainly aware of the privacy issues with health data,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. “But whether it really enforces those guidelines to uphold its privacy commitments will be the real test.”
Mark A. McAndrew, a partner with the law firm Taft Stettinius & Hollister, which works with health and science clients, questioned whether Apple had the tools and resources to keep developers in check. Apple already has over one million apps to monitor in its App Store for iPhones and iPads, and occasionally questionable apps do get published.
“It may not be as much of an Apple issue as much as it is: how do you police the app developers?” McAndrew said.
Rico says it'll all shake itself out eventually...
No comments:
Post a Comment