The Apple Wallet is a great and convenient app, however it is unprepared for the very future that Apple is a principal agent in ushering in. There is no doubt that, as the technology continues to progress, and more private companies and public institutions embrace it—systems of payment, identification, registration or other civic engagement (e.g. voting)—the digital wallet will become more prominent for many, if not most of us. Apple’s Wallet is as convenient and accessible as our nearest device, which is more than many of us can say at any moment for our physical wallets. However, for a digital wallet, or any digital device, to successfully supplant its analog precursor, it can be no less functional than that physical device. Here’s what I think it needs to reach that goal.
Safety and Security – Two Words and Features to Live By
There is one core capability that the digital wallet requires before it can replace your physical wallet; it has to be able to display essential, if not life saving, information on demand to authorities or when necessary in order to save your life. And it must do so safely and securely. In other words, it must be able to display relevant information when necessary for law enforcement and other first responders without giving access to other important information that is not relevant to the occasion. Apple’s digital wallet must do this with even greater safety and security than your physical wallet. This would provide the Apple Wallet with access parity with the physical wallet, whilst retaining superior information safety and security.
Our Current Status
Our portable and wearable devices (e.g. iPhone and Apple Watch) facilitate the digitization of our identification, credit cards, and other essential personal information we used to carry in our physical wallets in paper/plastic form. Your iPhone can store even more such essential information in an easily accessible space, and keep it more reliably current than any physical record in your wallet or medical jewelry. In the USA, many states are now discussing digitizing driving licenses and state identification cards. Private industry is having similar discussions.
Today, with a physical wallet, if law enforcement request your identification, one can produce just that document from a wallet without sharing access to other personal items, like credit cards or family photos. Similarly, if one is incapacitated, emergency responders can check your physical wallet and person (e.g. medical bracelets) for any potentially life-saving information, like underlying medical conditions, current medications and allergies. One might also carry contact information for one’s primary care physician, who can be of enormous assistance to emergency personnel.
We currently have no in-built gate keeping mechanism whereby to produce similar information, voluntarily or involuntarily, whilst denying unauthorized access to other information in our digital wallets.
Just as today, when we still have physical locks on our luggage for travel, TSA has a ‘universal key’ that it can use to unlock and inspect your luggage, there should be a way to provide law enforcement and other first responders with a digital ‘universal key’ to get essential information from your iPhone, including under conditions where you are unable to assist. And, just as the TSA agents will leave a note informing you that they opened your luggage, there must be a way to record such essential, and potentially non-consented, access to your device that would provide you with an official record of such access.
A Possible Future
There are two parts to this; one for Apple, the other for emergency personnel.
Regarding Apple, consider your health information, and what information might be considered ‘essential.’ HealthKit enables you to input your medical information. This could be more robust and tailored to common syndromes of high prevalence and importance, where specific types of intervention might be required. For example, as you are inputting your information, Siri could determine, using currently available algorithms relying on key words that we currently use in research, that your information fits into a possible category, for example ‘cardiac,’ ‘diabetes,’ or ‘asthma.’ There can/should be others.
Siri could then suggest a line inquiry for further information relevant to your current management of that condition. This can even be in the form of a supplemental app tailored to that syndrome available on the App Store to supplement HealthKit, which Siri can recommend; or it could be automatically downloaded on the backend. These non-essential details can be worked out. In response to your answers, Siri might identify more health conditions and suggest additional packages as needed. Once all of that information is completed, like all of your other personal data, it remains securely stored on your device until you opt to share it.
Next, as with other security features, Apple would require that the user opt-in to share that stored health information under emergency conditions and/or other information such as drivers license and car registration. In effect, the user would ‘pre-consent’ to share this information in the event that you are unable to respond during a crisis. Once you opt-in, this feature is enabled. Otherwise, the user would be an active participant in sharing their information.
Emergency Health Personnel
The second part is for emergency health personnel. First responder and emergency physician IDs, for example, can be fitted or paired with a transponder and a unique code that, when brought near the iPhone, will wake it up, and request access to your relevant information. For health personnel, this request would be health information – specific, and would prompt HealthKit only to respond, and using a range of frequencies only authorized to emergency personnel. This is, in some ways, analogous to having a security badge that authorizes access to certain buildings and/or restricts which floors and rooms the user can access. Based on the digital code of the user, they would have access to only certain data, and not any other.
The same could be applied to a policeman whose transponder frequencies would access the digital drivers license and car registration, but not your credit cards or medical records. Apple could effectively create a ‘health box’ or ‘police box’ in the wallet, that alone would be accessed by the appropriate frequency. Indeed, with drivers licenses, Apple might consider something even more secure, as it has with credit cards, where the actual number is not shared but simply confirmed as being ‘valid’ and ‘current’, however these details would need to be worked out with state authorities and law enforcement.
Importantly, this information could simply be displayed on the first responder’s device rather than the user’s, thereby permitting the user to retain physical possession of their device.
Trust But Verify
Once Siri displays your information, it should then record the unique signature associated with the transponder and badge/identification number of the personnel who accessed your data, and record that securely on your iPhone, along with a date/time/geolocation stamp. This is analogous to having the time you enter and leave a building electronically recorded when using a security badge. That information should also be displayed on your Home Screen until such time that, having been verified through Secure Enclave either with Face ID or Touch ID that the owner has acknowledged receipt and dismisses it. This should be a permanent record on the device itself, and not app-specific and subject to potential erasure if the app is deleted.
While yours truly lacks the technical skill to speak to Apple’s actual execution of such features, given the technology that already exists, and the likelihood that we are moving inexorably towards digitizing all forms of identification and authorization, all of the above seems feasible and necessary. However, before we can get there, the engineers at Apple, in collaboration with key stakeholders, should find a way to enable essential and authorized access to essential user information, whilst simultaneously pre-consenting it on Apple’s devices as an opt-in feature, and ensuring and verifying that such access is appropriately limited and documented for the protection of both the individual and the professional.
Conclusion
As we transition to using the Apple Wallet, and features like HealthKit, we have the opportunity to reimagine how these data are shared, to make these more accessible, yet even more safe and secure than ever before.
A good bit of what you’re talking about is already possible with the Apple Health app. You can list your medical conditions, medications, allergies, and include emergency contact info, all of which can be viewed by emergency responders.
It is not perfect; there’s always room for improvement. Right now, anyone can view that info if they know how to get at it, and there is no record kept of it being accessed. Those were two points you raised. But the overall main idea of your article, that health info should be accessible in an emergency without allowing access to everything else, is already here.
@JJR512
You are right about the capacity of HealthKit. My comments might have been unfair to the app and service, not in the interest of denigration but of brevity.
Rather, my point was that, despite the utility of HealthKit in its present form, and granted it’s been awhile since I last played with HealthKit, it can be better. Much of the information we record on HealthKit relies on the user to volunteer information they believe to be important. In the medical world, we have learnt that this is inadequate, which is why physicians spend years training on how to ‘take a patient history’, and guide that interview for important information.
There is an analytic referred to as Transition Theory that argues, with now years of supportive evidence, that as society progresses, whether in metrics like health, life expectancy, income etc, expectations rise commensurately, and our tolerances for discomforts and inconveniences associated with life before that change diminish. We expect more and better.
Apple do not, and may never, position HealthKit as professional grade or a ‘medical’ app. Nonetheless, as people come to rely on it more, particularly under adverse conditions, they will come to expect high performance. It’s just human nature.
Current research and applications in machine learning are mimicking, with amazing facility, the skill of trained physicians in querying patient histories. Even though this skill takes an individual years of training and practice to perfect, algorithms currently exist that leverage our collective experience in conducting a highly skilled patient history.
The AI on your iPhone resides in situ on that SOC, and may be more limited in capacity – that lies beyond my expertise to comment. That said, if that set up is too limited, Apple could supplement this with backend server support for a better quality health history. Assuming we continue to use it, it’s only a matter of time before HealthKit’s current limitations run up against user expectation.
As for the rest, all professional interactions with your user data, particularly for a company that prides itself on privacy, should be consented where appropriate, and documented without exception.
A number places where I shop are cash only, others don’t take contactless payment. As to ID on a phone, well that could be isolated from other items in your iPhone. And of course your iPhone could have dead battery.
@Lee:
Good points.
Regarding running out of power, not only might ‘over the air’ or touchless charging on your iOS and similar devices, like the Apple Watch https://www.cnet.com/tech/mobile/over-the-air-wireless-charging-will-come-to-smartphones/ might well be in place by the time digital wallets become mainstream.
If not, it’s fairly certain that your friendly neighbourhood traffic cop would be only too happy to spot you for a quick battery charge (perhaps by simply touching your device with theirs) in order to serve you with that ticket.