Apple Is Calling the Shots for States That Want to Implement Digital ID | #ios | #apple | #iossecurity

There’s little doubt that Apple is one of the most forward-looking companies when it comes to new technology initiatives, but this year’s introduction of Digital IDs in iOS 15 has taken that to a whole new level.

The promise of this feature is that we’ll someday be able to leave our wallets entirely at home, with everything we need stored on our iPhones. Apple Pay has already taken the first big step toward this by replacing credit cards, debit cards, and even store loyalty cards. Now Apple is setting up to tackle the last piece of the equation by letting you store your ID digitally.

It’s still going to be a very long time before you can truly leave your physical ID at home, but the plan has to start somewhere. As the old saying goes, the journey of a thousand miles begins with a single step.

Apple already has eight U.S. states on board for getting the driver’s licenses into the iPhone Wallet app. Although as of now, only the U.S. Transportation Security Administration (TSA) is actually set up to verify these IDs, and it’s going to be starting with only a handful of checkpoints at major airports. Again, this is still about baby steps for now.

Other states like Florida have gone their own way, but that doesn’t mean that they aren’t eager to adopt Apple’s more integrated solution. After all, something that’s built into the iPhone operating system is much simpler than developing and maintaining their own app — not to mention all the security and privacy issues that go along with it. It’s better to let Apple do the heavy lifting.

Even so, however, it appears that Apple is expecting the states to foot most of the bill when it comes to the new Digital ID technology in iOS 15.

State Requirements for Digital ID

According to CNBC, which has gotten its hands on confidential documents exchanged between Apple and four of the participating states, Apple is basically the one calling the shots. State governments that want to support Apple’s Digital ID initiative will have to play by Apple’s rules.

Specifically, states will need to manage the systems, hire the staff, and even promote the feature, all at the taxpayer’s expense:

  1. States must maintain all the systems involved in issuing and verifying credentials.
  2. States are required to hire project managers to respond to Apple inquiries.
  3. States are required to “prominently market the new feature and push for its adoption with other government agencies.”

Despite the onus being placed on the states to manage the infrastructure, Apple still maintains “sole discretion” for key aspects of the program:

  1. The types of devices that will be compatible with the Digital ID.
  2. Setting requirements for each state to report on the performance of the program.
  3. When each state is permitted to launch its program.
  4. Final approval over any marketing that states are required to do.

Ironically, despite Apple’s penchant for secrecy and ironclad non-disclosure agreements with its partners, it appears to have stumbled into a big hole in its veil of secrecy. Government agencies must disclose such agreements through public records and freedom of information requests, which is how CNBC got its hands on the 7-page memorandum of agreement between Apple and four of the states involved.

CNBC reviewed the contracts between Apple and Arizona, Georgia, Kentucky, and Oklahoma, noting that they were “virtually identical” for all four. While CNBC was unable to get its hands on the agreements for the other four states — Connecticut, Iowa, Maryland, and Utah — there’s no reason to believe that they wouldn’t be the same.

Drawing the Lines

To be fair, some of Apple’s contractual requirements aren’t entirely unreasonable. For example, Apple has placed the responsibility for verifying the authenticity of Digital IDs onto the states.

This makes sense since only the state governments are in any position to authenticate the digital IDs that they issue. Basically, Apple expects to be presented with a Digital ID that’s fully vetted by the appropriate state agency.

Along the same lines, although some have expressed concern over Apple requiring taxpayers to foot the bill for the infrastructure in each state, the alternative — one where Apple controls all the identity servers — is considerably more frightening for privacy advocates. Apple doesn’t want to deal with the mess of managing personal information and identities. It just wants the state to provide the user with a valid ID that can be stored in the Wallet app.

Although Apple did play an active role in the development of the ISO 18013-5 mDL (mobile driver’s license) standard that’s being used for Digital IDs, this is by no means a proprietary technology. In fact, it’s been around for some time but has yet to be widely adopted by government agencies.

Apple’s rules naturally require that states comply with the security requirements of this standard, but that’s no different from requiring payment cards to comply with the ISO standards for contactless payment technologies. The only difference is that mobile payment standards were well-established and in place long before Apple Pay came along. The Digital ID standard is breaking new ground.

While some opponents of Apple’s plan have expressed concern that Apple may restrict access to the technology from its competitor’s products, this seems unlikely. Since the ISO 18013-5 mDL standard being used is an open standard, there’s no reason to assume that the digital IDs being issued by state governments would not be universally compatible, in the same way, that the SMART Health Card standard works for COVID-19 vaccination cards.

That said, some of Apple’s other requirements are justifiably more controversial. For instance, Apple requires state agencies to actively market their Digital ID initiatives, requiring that they “prominently feature the Program in all public-facing communications relating to Digital Identity Credentials.” However, at the same time, Apple has the final say in what the marketing materials actually look like, and can presumably veto anything it doesn’t like.

Apple is also requiring that states “allocate reasonably sufficient personnel and resources (e.g., staff, project management, and funding) to support the launch of the Program on a timeline to be determined by Apple.” This also includes adhering to a quality testing program and schedule established by Apple.

To be clear, there is no actual money being exchanged here in either direction. The contract makes it clear that “except as otherwise agreed upon between the Parties, neither Party shall owe the other Party any fees under this Agreement.” Further, a communications officer for the Arizona Department of Transportation told CNBC that “no payment or economic considerations exist.”

However, the concern raised by some industry watchers is that Apple indirectly requires state taxpayers to fund systems and programs that may ultimately benefit Apple and its shareholders by increasing the value of the iPhone.

Apple’s interest is clear – sell more iPhones. The state’s interest is to serve its citizens, but I’m not sure why they think a partnership with one specific technology company that owns a closed ecosystem is the best way to do it. For the state to spend taxpayer’s money on a product that serves only half its citizens is questionable.

Phillip Phan, professor, Johns Hopkins Carey Business School

While this is a somewhat cynical take, it’s also understandable considering Apple’s traditional walled garden approach to many of its products and platforms. However, in this case, it seems less likely that Apple is looking to shut out the competition so much as it’s merely trying to get ahead of the pack and drive early adoption.

We suspect even Apple doesn’t have the hubris to think it can create a closed and exclusive ecosystem for something like digital identification technology, and it’s encouraging that it’s leading with an open standard.

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + three =