Apple’s New Digital Student IDs Raise Questions About Security

Higher Education

Apple’s New Digital Student IDs Raise Questions About Security

By Tina Nazerian     Jun 6, 2018

Apple’s New Digital Student IDs Raise Questions About Security

Apple is rolling out digital student IDs.

The company is working with two other companies, Blackboard and Assa Abloy, to bring the technology to Duke University, the University of Alabama and the University of Oklahoma, which will deploy it this fall in time for their incoming classes, and to Johns Hopkins University, Santa Clara University and Temple University, which will deploy it by the end of the 2018 calendar year.

EdSurge attempted to reach all six of the universities involved. The three that responded (Oklahoma, Temple and Duke) did not give specifics, but all mentioned ease of use in some form. Temple University referenced a “higher level of convenience for everything from securely entering buildings to paying for a meal.”

Rather than using physical ID badges, students will receive student ID cards on their iPhones (6 or above) and Apple Watches. The cards will be stored on the same secure chip currently used for Apple Pay.

According to CR80News, an outlet that covers campus card technology, the new ID card service makes use of so-called “near-field communication,” or NFC, the same technology that undergirds Apple Pay. The outlet states that this is the first time NFC is being opened up to enable campus ID cards.

Phil Hill, an edtech consultant and blogger for e-Literate, tells EdSurge in an email Apple’s move is part of a major shift toward wearable devices, and digital student IDs are just one part. Apple, he writes, made its WatchOS a “big part of strategic focus” at its recent keynote at WWDC, a developer conference, speaking on the theme of “shifting from smart phone to wearable.”

“The bigger play here for Apple is about the watch, with the iPhone thrown in as backwards compatibility and ensuring a usable program for students who have far more iPhones than watches,” Hill writes. “It's a long-term play.” In other words, the company is betting that students see the value in mobile student IDs from their iPhones and upgrade to an Apple Watch for even more convenience.

Hill thinks the schools will benefit by being able to better serve their students, but believes they, along with the vendors, must address privacy and data usage concerns.

“The downside is the law of unintended consequences,” he continues. Among his concerns: whether Apple has considered safeguards to protect student data so it’s only used for intended purposes and preventing digital hacking that could compromise the physical security of buildings, such as dorms, which are sometimes accessed through student IDs. “Fixing breaches that lead to fraudulent charges is easy, given Apple's money. Dealing with physical security issues is a much bigger issue.”

Avi Chesla, the founder and CEO of cybersecurity company empow, writes that near-field communication has “inherent security risks.” For instance, he notes, a third party can hijack the signal as it goes back and forth between the device and the reader. In that case, the third party would be able to access the information in the student ID.

“But to steal that signal would require that hacker be in close proximity to the user because NFC does not travel very far,” he continues.

Chesla thinks universities should encourage students to make sure their phones are always password protected, and educate students about “who is on the other side of a peer-to-peer transaction.”

The new technology from Apple, however, won’t benefit students who don’t have the necessary Apple devices. Chesla points out that the initiative could be seen as “discriminatory, because many less affluent and foreign students have Android phones.” And what’s more, he thinks it could “violate some of the democratic principles that universities stand for.”

Smartphones controlling access to physical locations is “inevitable,” he believes, and digital IDs in particular could be convenient not only for students, but for the institutions themselves. They could get data about the movements and facility usage of students. Digital student IDs, he explains, are “essentially movement and behavior trackers that can raise privacy concerns,” and universities will need to create guidelines on data collection and accessibility. For instance, he suggests schools promise not to keep records of student behavior past 24 hours.

“This fits into [the] overall trend of ‘Trojan Horse’ technology that is designed for one purpose, but has data collection as part of its platform,” he writes. “Universities are becoming more and more data-driven, using data to track behaviors and derive insights in the same way that hotels, airports and other institutions are.”

More from EdSurge

Get our email newsletterSign me up
Keep up to date with our email newsletterSign me up