What Apple’s encryption fight means for payments
Apple testified at an encryption hearing earlier this week, following a February court order requiring the tech giant to provide “reasonable technical assistance to assist law enforcement agents in obtaining access to the data” on an iPhone used by one of the terrorists responsible for the December attack in San Bernardino, Calif. Apple’s CEO Tim Cook has said that Apple will not comply with the order, which he says could create a dangerous precedent and “backdoor” to unlock any iPhone. The FBI previously had suggested that the scope of its request was limited to this specific case, but FBI Director James B. Comey told a Congressional panel last week that the outcome of the case would be “instructive to other courts.”
We asked payments experts about the implications of the encryption battle, as m-wallet providers like Apple seek to push mobile payments mainstream.
What’s at stake in Apple’s fight over encryption with the FBI, particularly for payments and mobile wallets?
The biggest risk if Apple complies with the FBI’s request is that their security bypass may fall into criminal hands. Without the passcode entry cool down times and automatic device wiping, bypassing the iPhone’s screen lock is trivial—exactly what the FBI hopes to accomplish. At this point, it’s not clear how easily the software update that the FBI wants could be generalized to impact other iPhones, i.e., whether its use could be restricted to only the shooter’s phone or whether it could be modified for use on other devices. Clearly, the more widely usable the bypass is, the more risky it is for other iPhone users. As a wider array of payment capabilities are integrated into smartphones, their value increases for both the owner and for any criminal who can get their hands on the device, which makes strong device protections paramount for securing all mobile devices.
—Kyle Marchini, Fraud Research Specialist, Javelin
It’s probably too early to tell but it seems like the consumer surveys I am seeing suggest there is a 50/50 split between those folks who want to maintain the security of the phone and those who are less concerned. I suppose for those consumers who express a desire for the status quo (that is, Apple’s push for security), there might be some issue but it seems a bit of a way off. For them, I’m not sure what the alternative is going to be. You would assume the government would apply pressure toward Android devices to gain the same type of compliance it’s seeking from Apple, so I am not sure where the iPhone owner would go.
—Hugh Gallagher, Principal, First Annapolis Consulting
From the launch of Apple Pay, one key differentiator that they have presented is the security angle of the payment system—using biometric authentication, tokenization and secure element-based storage of credentials. If anything, the inability for even the FBI to open up an iPhone is marketing gold in terms of reinforcing this message. Should Apple be forced to capitulate and allow backdoor code to be applied to iOS, this competitive advantage could be negated. However, at this point I think there are more significant issues that are restricting Apple Pay adoption—awareness, accepting locations and a value proposition that is measurably better than cards and cash.
—Nick Holland, Independent Digital Payments Consultant
The conflict between the Federal Bureau of Investigation and Apple has all the trappings of a pulp fiction thriller—good versus evil, private versus public sector interests, citizens’ right to know versus their right to privacy, and lots more. These attributes makes it virtually impossible to remain neutral on the matter of the FBI’s request for help and Apple’s demurrage. As someone raised less than 90 miles from the site of the San Bernardino carnage, it’s hard to resist the “let’s get the bastards” emotional tilt. And, perhaps by cracking the assailants’ phone, we would all sleep better knowing more about, or even preventing, future attacks by similar terrorists. Yet, those of us who have witnessed repeated disasters whose cause has been laid at the doorstep of “unintended consequences,” can foresee the day when, should Apple cave into the FBI’s request, we will be worse off. Software system backdoors have been abused for decades in both benign and malicious ways—school grades have been changed, accounts payable ledgers have been wiped out, and history has been rewritten. There are no assurances that an Apple re-write enabling the Feds to continuously hack an iPhone without fear of it becoming an expensive brick will be a one-off event. After all, we split the first atom in 1932 and things mushroomed from there. Apple’s original premise, that privacy trumps all, is the correct one. True, the FBI’s rationale is compelling, far more so than our kids’ pleas to recover their lost photos of the family pet or the family’s 200-year genealogy. And, yes, the pundits that point to the daily loss of our privacy through Internet dealings or supermarket shopping are right; the digital age comes at a price. But potentially enabling anyone with the will and way to crack device protection code truly is a step over the line.
—John MacAllister, Principal, Dorado Industries
