With payment service & smartwatch Apple faces privacy challenge

No one has considered Apple a serious data company, until now.

For years, Apple has offered internet services like email and online calendars. But Tuesday, with the introduction of health-monitoring technology and a new service that will allow people to buy things wirelessly with some Apple devices, the Cupertino, California, company positioned itself as a caretaker of valuable personal information, like credit card numbers and heart rates.

Talk about unfortunate timing. Just last week, a number of celebrities, including the Oscar-winning actress Jennifer Lawrence, discovered that hackers broke into their Apple accounts, stole nude or provocative photos, and posted those photos on the Internet. Even though Apple found no widespread breach of its online service, the company?s ability to protect its customers? private information, for perhaps the first time, was openly questioned.

Against that background, Apple faces two threats to its new services: one from hackers always looking for clever ways to steal financial information, and another from regulators increasingly interested in ensuring that information gleaned from health monitoring devices stays private.

So Apple executives, in a two-hour presentation and in media interviews Tuesday, were careful to explain what the company planned to do with the information users were sharing through the health-monitoring capabilities of a smartwatch called the Apple Watch, which will be available next year, and its new payment service, Apple Pay.

Timothy D Cook, Apple?s chief executive, said in an interview that in contrast to companies like Amazon and Google that relied on tracking user activity to serve ads or sell things, Apple still primarily made money from selling hardware. With Apple Pay, which will be available next month, Apple does not store any payment information on the devices or on Apple?s servers. It simply acts as a conduit between the merchant and bank.

?We?re not looking at it through the lens that most people do of wanting to know what you?re buying, where you buy it at, how much you?re spending and all these kinds of things,? he said. ?We could care less.?

Jeff Williams, Apple?s head of operations, noted that for the Apple Watch, Apple is forbidding app developers from storing any health information on cloud computing servers. He added that all health information logged by the watch would be encrypted on the device and users would decide which apps had access to the data.

Some security experts are already pleased by what they see of Apple?s payment system. Apple Pay relies on a technology called near-field communication to exchange information wirelessly between devices. The new payment system could also drive faster adoption of a chip-based security feature called EMV, for Europay, MasterCard and Visa, the companies that first backed the technology.

EMV is more secure than the magnetic stripes on credit cards because a new string of numbers is created for each purchase, making it difficult for hackers to use a stolen number for another purchase or to counterfeit credit cards. The technology has been widely adopted in Europe, but American banks have been slow to use it.

Tom Pageler, the chief information security officer at the computer security company DocuSign, said EMV, which Apple Pay uses, could help avoid recent giant breaches at retailers like Target, where the information of 40 million cardholders was stolen.

The Apple Watch will add to a field of health-monitoring devices that is largely unregulated. Personal health sensors, like Fitbit and Jawbone, are not deemed medical devices by the Food and Drug Administration. And personal health data collected by individuals for their own use is outside the federal laws controlling the use of patient information.