On Monday, Apple announced Apple Card, which is a new credit card product from the tech giant. A variety of different attributes of the card were put on display at Apple’s services event, and one of the most talked-about features has to do with privacy.
Recently, Apple has been marketing themselves as the privacy-friendly alternative to many of the other tech giants in Silicon Valley, and the Apple Card is a continuation of that trend.
Having said that, the card has still limitations in the area of privacy that can likely only be solved with something like Bitcoin.
How the Apple Card Helps with Privacy
In terms of the level of privacy usually offered by the legacy financial system, Apple Card is quite an achievement.
As the official Apple website explains, Apple is not provided with any data related to the use of Apple Card. Features such as transaction history and spending summaries are handled directly users’ devices.
Additionally, there is no card number on the physical Apple Card, which is a massive gain in terms of keeping one’s finances private.
At this time, it’s unclear if Apple Card works like Apple Pay in that it generates a different card number for every transaction. If that functionality is available, then this would be a massive improvement in terms of preventing merchants and marketing companies from tracking people’s financial activities by attaching real world identities to static card numbers.
Many of these privacy benefits also tie into the security improvements offered by Apple Card. After all, there is a close relationship between privacy and security (read about why that’s the case here).
So, a key question for Apple is what data *merchants* get—if merchants get a static #, they’ll reidentify & link the user to purchases. This will all happen in the POS terminal. Mastercard (as network) doesn’t get much. Goldman as the issuer is bound to GLBA + repetitional risk. pic.twitter.com/SEwEaVN8Ra
— Chris Hoofnagle (@hoofnagle) March 25, 2019
Still Not Completely Private
While the privacy benefits of Apple Card are quite substantial when compared to traditional credit cards, privacy holes still remain.
Apple partnered with Goldman Sachs on this new venture, and all of the Apple Card’s users’ data will go through the investment banking giant. While Apple’s website states Goldman Sachs will never share user data with third parties for marketing or advertising purposes, this is more of a “won’t be evil” stance than a “can’t be evil” solution.
Additionally, those who have read reports from the likes of Matt Taibbi and others over the years may have reservations about trusting Goldman Sachs.
Even if it is assumed that a new card number will be generated for every transaction, the reality is Apple Card does not provide true privacy because Goldman Sachs still has unencrypted access to all of the data.
And even if users want to trust Goldman Sachs with the data, that doesn’t mean they’ll never be hacked.
True Privacy Requires Decentralization
Of course, it would be technically possible to create a system where Goldman Sachs has no access to Apple Card user data. The technology for centralized forms of anonymous digital cash has existed for decades. However, governments are unlikely to ever let such a system exist.
For example, past gold-backed digital currencies that collected basically no information from their users have been shut down by law enforcement multiple times (see the histories of Liberty Reserver and E-gold). More recently, French National Assembly Finance Committee President Éric Woerth called for the ban of privacy-focused cryptocurrencies like Monero and Zcash.
Of course, Bitcoin developers also have ambitions to improve the level of privacy offered by the peer-to-peer digital cash system, but those developers are currently more worried about preserving the soundness and stability of Bitcoin than testing out experimental privacy features (read mathematician Andrew Poelstra’s reasoning on this here).
The key difference with something like Bitcoin (as compared to traditional, centralized banking) is the system allows for potentially-anonymous entities to process payments (read a longer explanation of this point over a Longhash). This makes the system much more difficult for governments to target with regulations or a complete shutdown.
In other words, it’s effectively impossible to gain true financial privacy on the internet without the use of a system like Bitcoin. There are some other workarounds, such as purchasing a gift card with cash at a local store, but those tends to come with issues such as spending limits and poor usability.
The relatively short history of online payments leads to the conclusion that a centralized system that becomes sufficiently useful for anonymous transactions will be targeted by regulators.
Of course, if a government did decide to allow or even create their own centralized form of anonymous digital cash, it could become one of the biggest competitive threats to Bitcoin (read why here).