ID in Apple Wallet Privacy Issues
At last week’s WWDC, Apple announced a new iOS feature due out later this year: ID in Apple Wallet. To hear Apple tell it, this means the end of having to carry your physical wallet everywhere you go. Privacy experts, however, have some concerns. In this article, we’ll tell you about ID in Apple Wallet, explain why some people are critical, and let you know if you should be worried about your privacy!
What is ID in Apple Wallet?
Starting in late 2021, you can add your official ID in Apple Wallet on your iPhone.
The feature is for official forms of identification such as driver’s licenses and state-issued IDs. At first, it will be limited to participating US states. At WWDC 2021, Apple said that the goal is to make users “fully free of [their] physical wallet”.
How does it work?
Apple hasn’t released the feature yet, but they did demo it at WWDC. From that and from what we know about Apple Wallet, we have a general outline of how it will work.
To set it up, you use your iPhone and Apple Wallet app to scan the front of your ID card.
For the time being, this will only be possible in participating US states. However, the idea of using Apple Wallet to store ID digitally is not completely new. The app already lets university students do this with student ID cards. But the game changer here is that you can use ID in Apple Wallet in official situations. For example, Apple says that they’re working with the Transportation Security Administration (TSA) to allow travelers to use ID in Apple Wallet at airport security checkpoints.
In terms of the actual functionality, it appears to be pretty straightforward. When you use ID in Apple Wallet, the app tells you what ID details it’s going to transmit, and you then tap your device to provide the required information.
ID in Apple Wallet privacy concerns
Using an iPhone to tap your way through security checkpoints sounds nice — and definitely convenient. But privacy advocates worry that Apple’s new feature may have some unintended consequences.
In a recent NPR report , Stanford University fellow Elizabeth Renieris argues that widespread adoption of digital ID could create problems. If features like ID in Apple Wallet become commonplace, organizations may start asking for ID where they never did before. As she puts it:
We’re running a risk where we’ll be in a situation where we always have to identify ourselves.
Other privacy experts worry that digital ID could be a privacy threat in the event of a data breach. They say that this is especially problematic in the United States, where there is no overarching data privacy regulation such as the European Union’s GDPR. American University’s Aram Sinnreich asks:
What happens when Apple messes up? What happens when there is a large security breach and 100 million people’s information gets leaked? We are stuck with this partner who has violated our trust and we have no legal apparatus to hold them accountable or separate ourselves from them.
The issue of data breaches
When considering any new feature, it’s important to consider the privacy implications. Let’s start by taking a look at the possibility of data breaches. If people are uploading their IDs to their iPhones, can this information be lost in a data breach?
Again, we don’t know exactly how Apple is going to implement every aspect of ID in Apple Wallet. But we do have some details — and so we can make a few educated guesses.
Apple has said that all ID data will be “encrypted” and “stored in the Secure Element”. In the context of the iPhone and Apple Wallet, this has a very specific meaning.
The Secure Element is a special chip inside your iPhone. It’s designed to store Apple Pay information securely. Any data stored there is encrypted, and it’s also isolated from the rest of iOS. This precludes other apps in iOS from reading data in the Secure Element. It also means that whenever this data has to be processed through one of Apple’s servers, it will be sent in an encrypted format. Importantly, when you make a payment using Apple Pay, the Secure Element chip sends the payment data via NFC. That’s why you “tap” your iPhone to pay. This means that during a point-of-sale transaction, no data is actually sent through Apple’s servers.
Coming back to ID in Apple Wallet, then, we can say a few things. First of all, your ID is going to be stored in the Secure Element, so it’s going to be protected with strong encryption. Secondly, it won’t be accessible to anything else on your iPhone. And lastly, it will be transmitted directly to TSA (or whoever else) via NFC. It’s not going to be routed through Apple’s servers each and every time you use it.
What about data stored on Apple’s servers?
It remains to be seen how (if at all) ID in Apple Wallet will interact with Apple’s servers.
The big question is how the ID upload and verification process will work. It might be similar to the way that you add credit cards to Apple Pay. If so, your ID information may be sent to Apple’s servers for verification. It would be encrypted during that process, and the purpose would simply be for the government agency or state to verify your ID. However, it’s very unlikely that Apple would keep that data hanging around on their own servers for no good reason. They certainly don’t do that with credit card information. In fact, they take plenty of steps to make sure that they don’t have direct access to your card data.
As for whether or not ID data will be a part of your iCloud backups, that’s also not certain. But we know, for example, that Apple doesn’t include Apple Pay information and settings in iCloud backups. This is done out of an abundance of caution. Some types of Wallet data are backed up in iCloud, but this is done using very strong encryption.
So … is it secure?
Bottom line: If you use ID for Apple Wallet, you can be reasonably sure that your ID information will be secure.
Apple is using the same technology that they use for extremely sensitive data such as credit cards and financial information in Apple Pay. They’ve very good about data retention … and about not retaining user data without a very good reason. And anything that is stored on their servers is going to be locked down very tight.
In short, it’s highly probable that Apple will handle ID data in such a way that a.) there simply won’t be a lot of data on their servers to leak and b.) any data that they do process will be very strongly protected.
What about the other issues?
Apple does things like encryption, key management, and data privacy very well. But what about worries that this new feature will have unintended social consequences — like having to show your ID everywhere you go?
To be frank, these kinds of ID in Apple Wallet privacy concerns can’t really be answered on a technical level. But what we can do is think things through a bit. And while the critics’ long-term concerns are valid, we’d say that Apple Wallet probably won’t be a catalyst for massive social change any time soon.
For one thing, it’s not even going to be accepted in all states to begin with (not to mention in regions outside of the US). In other words, there isn’t going to be a widespread sense that “everyone” is carrying digital ID on them at all times. For the time being, it’s only going to be a small group of people in a handful of US states.
In addition, ID in Apple Wallet will only work with compatible iOS devices … and most people don’t own compatible iOS devices. Some observers have flagged this as an accessibility concern: What happens to people who don’t have top-of-the-line smartphones if this becomes the norm? In the long term, that’s definitely a valid concern — but it’s also a good reason to think that digital ID won’t become ubiquitous overnight. If most people don’t have devices that can use Apple’s Wallet-based ID, then organizations and authorities can’t really demand that people identify themselves in this way. At best, they’d be setting themselves up for an endless stream of customer complaints; at worst, lawsuits.
From the standpoint of the individual user, ID in Apple Wallet privacy appears to be pretty much on par with Apple’s other offerings. If you trust Apple to secure your passwords, health and payment data, and other sensitive information, then you probably will have no problem trusting them with your driver’s license.
That said, the critics quoted in the NPR article make some good points — especially about the wider social implications of this feature. And organizations such as the American Civil Liberties Union (ACLU) have pointed out that digital ID could become a physical security risk in certain situations. After all, if you can be asked to use your phone to show identification, then you can essentially be forced to unlock your device for the authorities under the pretext of checking your ID.
In short, this is a story worth watching. We need to learn more about the implementation of ID in Apple Wallet … and about the organizations that intend to partner with Apple to make digital ID a part of our everyday life. We’ll continue to update you on the security and privacy ramifications — and bring you advice on how to protect your privacy in a rapidly changing technological landscape.