A new feature was added in recent updates to Apple’s iOS and watchOS operating systems, allowing schools to integrate their student identification systems with the Wallet app. The implications for convenience are clear, but I worry that convenience often sacrifices security.
In this case, there are ways that this feature can benefit student safety, but there are also some unanswered questions.
Student ID cards, like those in use at Plattsburgh State, often serve important security functions. Students at select universities will be able to use their Apple devices to gain entry to fitness facilities and dorm halls, as well as to pay at dining halls or check books out of the library.
The first institutions to sign on to this system are the University of Alabama, the University of Oklahoma and Duke University. Additionally, Johns Hopkins University, Temple University and Santa Clara University intend to implement the system by the end of 2018.
This may be the beginning of a new era in identification systems. Patrick Rascoe, chief of University Police, believes that the IDs of the future, both on and off campus, will be smartphones.
“For certain, the world is going in that direction,” Rascoe said. “It’s something we would progress to.”
While being able to use an Apple Watch instead of an ID card is convenient, questions about security need to be answered when third-party devices become involved.
“There is definitely a tradeoff between security and convenience,” said Delbert Hart, Ph.D., Chair of the Department of Computer Science. “What the right spot is often difficult to find.”
Blackboard Transact, the company that provides the proximity card technology at all of the listed institutions, said the system will provide both “heightened security and extraordinary convenience” in a statement to CR80News. A publication focusing on student ID technology, the CR80News website lists Blackboard Transact as a “featured partner.”
There are two types of security affected by the new system: information security and physical security. While my initial concern was about physical safety, a real point of concern in the digital age is the collection and use of data.
“My first concern is that students’ confidential information stays confidential,” Rascoe said. “But in general, technology is responsible, and Apple is a reputable company.”
In terms of information security, it is unclear what data will be provided to Apple in this new arrangement or how it will be used.
“Ideally, I would like to know who Apple would share that information with,” Hart said. “A lot of our information is routinely sold without us knowing about it.”
Hart noted a recent example in which Google purchased data regarding MasterCard transactions to correlate online advertising with actual sales.
The option to “opt-out” of this data collection and sharing is becoming less available over time. However, this may not be a significant change from the status quo.
“I’m not sure if it changes privacy too much,” Hart said. “In this case, our smartphones know so much about us already. Apple, and all your smartphones in general, already track your locations.”
Allowing Apple to see what specific building you access on campus and what you purchase in the dining hall may be just another layer of the ways in which we are forced to trust companies like Apple and Google with our sensitive data.
“Giving away that privacy is a hidden price,” Hart said. “But it’s still a price that’s being paid.”
In addition to information, this new system affects the physical security of campuses, especially in dorm halls. While this was my original concern about Apple’s new feature, the new system may in fact provide additional protection, in the form of two-factor authentication.
“In general, there are three main factors,” Hart said. “There’s something you have, like a credit card or a USB dongle. There’s something you know, like a PIN or a password. And there’s something you are, like your fingerprint or face ID. Two-factor authentication describes a system that uses more than one of those.”
Current users of Apple Pay will be familiar with needing to enter a PIN or scan a fingerprint in order to use the device to pay for a transaction. This requirement is a major improvement on the current system such as that here at PSUC.
“Right now, if you lose your card, anybody can use it,” Rascoe said. “That is my biggest concern.”
While it remains to be seen how successful this new iOS integration will be, two-factor authentication would be a welcome addition to security at PSUC. In the meantime, it is important that students take some responsibility for their part in campus safety.
Rascoe advised students who lose their student ID to act immediately by reporting the loss, to protect themselves and others members of the campus community.
“We ask that if you lose your card, tell us immediately,” Rascoe said. “We can kill it remotely.”
Email Nathanael LePage at cp@cardinalpointsonline.com