POSTED BY Benjamin Feilich

Apple released its latest models in the iPhone family, the iPhone 6 and iPhone 6 Plus, on September 19, 2014, featuring near-field communications (“NFC”) hardware for the first time in Apple devices. NFC technology permits consumers to make wireless payments and transactions using mobile devices by waving their device over a NFC terminal. The new iPhones will include an accompanying app, Apple Pay, which works with Passbook allowing users to store credit card and debit card information effectively making payments “wallet-less.”

Storing or saving credit card and debit card information presents privacy and security questions. Considering the nationwide impression of the iPhone 6 and its larger-screened counterpart, Apple has taken some preventative measures to protect its users’ information privacy. Built into the iPhone 6 and iPhone 6 Plus is a dedicated secure element chip that can store and encrypt sensitive information. This way, financial information linked to a credit or debit cards would not be as easily exploitable. Another security measure incorporated into Apple Pay is Touch ID. To make an Apple Pay transaction, an iPhone 6 user holds their phone over a NFC terminal while pressing their thumb on the home button which, like the previous generation iPhone 5S, has thumbprint detection technology.

Apple executives have stated that the NFC technology in iPhones will not be available to 3^rd party developers and it will only be used for Apple Pay. Limiting the scope of its access and development may give Apple more time to expand security and information protection. Apple has also promised not to store or share transaction information made through mobile purchases.

According to the American Civil Liberties Union, “[The United States’] privacy laws . . . have not kept up with rapidly advancing technologies.” I find it hard to disagree with this statement. However, in Congress’ defense, there is an inherent difficulty in codifying law for an integrated facet of society that changes with the seasons. Generally, development in the law is a slow, gradual process. There is some guidance from Congress regarding Internet privacy and security, though what we have done has been heavily criticized. The Computer Fraud and Abuse Act (“CFAA”), enacted in 1986, was last amended in 2008 and according to The Atlantic’s Orin Kerr and Lawrence Lessig, “has become a sprawling mess.” The CFAA has been noted by prosecutors as being overly broad, so much so that ordinary behavior by today’s computer and mobile device users may be found in violation of the criminal statute.

With approximately 4 million iPhone 6 and iPhone 6 Plus pre-orders made within the first 24 hours of its availability, these privacy and security issues are sure to directly impact the rapidly expanding population of iPhone users in light of the disconnect between technology on the consumer market today and the law seeking to regulate how we use it.

 

 

BIO: Ben is a Staff Member of the Journal of High Technology Law. He is currently a 3L at Suffolk Law with a concentration in Intellectual Property. He holds a B.A. in Literature from Florida State University and was born in Hollywood, FL. Ben currently resides in Allston, MA with two cats named after Major League Baseball Hall of Fame inductees.