Apple on privacy, security and identity

One of the things I noted in my post on Apple Pay was that Apple tends to deploy key building blocks for new strategic moves as smaller, stand-alone products in preceding years. Hence Touch ID (and Passbook) was already there before Apple did payment. They served their own use case first, and worked properly, and then Apple added Pay a year later. This, of course, prompts the question as to what other building blocks have been deployed today that will turn into something else in a year or two. 

I was reminded of this recently when looking at the way Apple has started to talk about privacy. This isn’t just show – it deliberately avoids collecting user data even in some cases where it would be a tool to create a better product. But as a piece of marketing, it’s not clear to me how useful privacy really is. Yes, it’s easy to say ‘if you’re not paying, you’re the product’, but people clearly understand that about Google and Facebook and keep using them (though they may change how they use them, especially for Facebook). There’s a small group of people who care deeply about this, and it varies a fair bit by country, but Microsoft tried the ‘scroogled’ campaign and got nowhere. Why would it work better for Apple? Tim Cook has suggested that there may be a catalytic event that will change attitudes. Perhaps. 

However, it may also be that as our phones go from sharing pictures to unlocking our front doors, privacy becomes a much more valuable selling point. This might be one reason why Nest is being kept semi-detached at Google. Worrying that Google knows what you search for has always seemed to me rather like worrying that your bank knows how much money you have, but Google knowing when you get out of bed or unlock your front door might be different (though of course it gets a fair bit of this through Android). So, perhaps Apple is talking about privacy not because of its current products, but because it thinks privacy will be a real competitive advantage for future ones. Not the iPhones, but the Watch, or other wearables, or the connected home. There’s an interesting question here – is the big data dividend worth the privacy implications? Is it better to let Google know when you flush the loo for what it can tell you about your bowels, or would people really rather not? 

The other piece of string to pull on here, I think, is identity. It does seem clear that the 1970s model of a unix system user ID and password doesn’t scale that well to billions of normal people, all using 12345 as their passwords and saving them in a file called ‘passwords’, it’s not clear what a better model might be. Facebook Connect is one path and Twitter and Google have others, but those don’t seem to have solved the problem in any universal way just yet. It seems like every cool new app on iOS still presents you with a screen demanding a login, password, your inside leg measurement and your mother’s maiden name (anecdotally, I hear that some users balk at Facebook connect because they don’t trust Facebook, and others because they don’t trust the app). I suspect Apple has noticed. 

And yet here is Apple with an identity platform of its own, or the building blocks of one. You can already use an iCloud account for anonymous login to an app, and use the fingerprint scanner to secure your app. Within an app, Apple Pay can provide not just the tokenised payment information but also your shipping address. Passing identity to an app, securely, validated with a fingerprint scanner, is not something that needs to be restricted to payment or shipping. (There’s a tradeoff, obviously – you get better conversion but hand Apple your users, and need an opt-in to get them back. This is the dilemma the publishing industry struggled with around in-app subscriptions.) 

How far, exactly, would Apple take this? Will it even extend the current Apple Pay product to web sites? To MacOS? Building a cloud identify platform is not something that sits within most people’s idea of Apple’s core competency. But if Apple did connect the dots to create an identity product, and could remove enough friction and pain to make it compelling, then talking about privacy would make much more sense, because at that point privacy, security and identity become part of the same product conversation.