I’ve been pondering Apple’s new patent to identify (and subsequently humiliate) so-called “unauthorized” users of their mobile devices like iPhones and iPads. Essentially, Apple is seeking to patent technology that will detect an “unauthorized” user and use that as an OK to wipe data off of the device, activate the camera to expose and publish incriminating information to prevent them from using the device for evil. Ars Technica reports:
If the various analyses detect someone who is not authorized to use the device, it could set off a number of automated features designed to protect the device’s data, suss out the offending party, and alert the device owner. Sensitive data could be backed up to a remote server and the device could be wiped. The device could automatically snap pictures of the unauthorized user and record the GPS coordinates of the device, as well as log keystrokes, phone calls, or other activity. That information could be sent along with an alert to any useful service, such as e-mail, voicemail, Twitter, Facebook, or a “cloud service” like MobileMe.
At first, this sounds pretty good, especially if you get your iPhone swiped by a bicycle thief. The problem, though, is the shady definition of “unauthorized”: are we talking about a physical thief, a hacker who has taken control of your device remotely, or maybe just a regular user who has jailbroken their device (which is legal now by the way)?
Based on Apple’s public stance on jailbreaking, I am tempted to think that the latter will be deemed unauthorized. Coupled with Apple’s bizarre and inconsistent application approval process, in my opinion, iOS is becoming an increasingly uncomfortable platform to use.
mHealth applications designed to run on smartphones are already in a tenuous position because they have to balance the competing demands of cellular carriers, data security and platform divergence (eg iPhone vs Android vs Blackberry). But because the iPhone has been popular among physicians (and everyone else) for some time, the critical mass of users and developers has arrived. For now, the users are happy and there has been an explosion of helpful, informative and intuitive apps for the iOS platform. This is good.
Indeed, it is even argueable that the Apple’s ability to remotely seize a device is an useful security measure, especially for those devices that may have access to sensitive patient or hospital data. However, there are a number of flaws in that argument including:
- Redundancy: Patient data is stored on an external server, not on the mobile device itself. Rare would be the case that an unauthorized user, unless also armed with several username/password combinations, would have access to sensitive data in the first place (especially on an iPhone, which has very little capability for local file storage beyond what is available in iTunes).
- The Wrong Enforcers: If anyone should have the capability to seize and disarm your device it should be your employer or the institution being hacked, not the cell carrier of the device and least of all the manufacturer of the device. Imagine if all the corporate laptops in the world could be shut down by Dell or Lenovo at a moment’s notice.
- Big Brother: This sort of infringement on basic tenets of ownership is more akin to a piece of rented equipment than something you’ve actually purchased. This is partly caused by carrier agreements,but even if you purchase an iPhone outright (for $599!) you gain no extra control. Apple seems to be giving you the $199 plus $70+ privilege to rent out an iPhone for specific, pre-approved tasks. And if you fall outside of them, they have the means to shut you down. Let me put it this way: Will it be the case in the future that I can’t install Linux on my MacBook if I am so inclined? Will they seize my laptop remotely, too, and install a fresh copy of OS X (while taking my picture with the webcam and emailing it to the Better Business Bureau)?
mHealth and its potential for groundbreaking technological applications has enough to worry about with assuaging the privacy concerns of governments and care providers, not to mention patients themselves. Adding the Machiavellian policies of iOS development and, with this patent, “unauthorized” iPhone usage is an unneeded stumbling block. (Speaking pragmatically, if you don’t want to jailbreak your device, then who cares? But open software philosophy is about more than just getting the job done.)
Of course, control and “security” as offered by Apple’s patent may be just what mHealth needs, especially to convince worried stakeholders. But as other competitors become stronger in the space (eg, the Cisco Cius tablet which has some pre-release corporate promise) and Apple’s stranglehold on mobile app development gets weakened by Android, we may be seeing more diversity in the medical smartphone development space soon. However, until med schools stop giving out iPads, and until it stops being more fun and useful than troublesome to use them, it’s going to be an interesting ride.