Apple's Touch ID Technology under Scrutiny by US Government
In 2011, Senator Al Franken called on Apple and Google to participate in a hearing with the Judiciary Subcommittee on Privacy, Technology and the Law. Franken at the time had stated that technology had given us smartphones, tablets, and cell phones and yet allowed these devices to gather extremely sensitive information about users, including detailed records of citizens daily movements and location. The hearings were a first step in protecting consumers' privacy. Franken's statement also noted that "Recent advances in mobile technology have allowed Americans to stay connected like never before and put an astonishing number of resources at our fingertips." Little did he know that three and half years later his statement would be literally true? Franken is now asking Apple for clarity on privacy concerns with the use of their new iPhone 5S fingerprint scanner.
According to reports, Franken is on record stating that the fingerprint system could be potentially disastrous for users if someone does eventually hack it. While a password can be kept a secret and changed if it's hacked, he said, fingerprints are permanent and are left on everything a person touches, making them far from a secret.
In a letter to Apple's CEO Tim Cook he wrote: "Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life.'' Apple says it's not possible to convert a fingerprint from a police file into something the phone will recognize, as the sensor reads a sub-epidermal layer of the finger.
In light of the recent Prism controversy, Apple sent out a press release titled "Apple's Commitment to Customer Privacy," back on June 16, 2013. One part of their statement reads: "Apple has always placed a priority on protecting our customers' personal data, and we don't collect or maintain a mountain of personal details about our customers in the first place."
While Apple's statement may be true, a new report reveals that an extended ruling by a secret court backs the collection of phone data. The New York Times article is an interesting read about privacy and how the Patriot Act holds particular powers on accessing citizens phone records. It's because of these legal twists between intergovernmental bodies that Al Franken wants clarity from Apple about their use of fingerprint technology.
To what extent Apple's legal team visited the legal ramifications of their new technology isn't known at this time but we do know that Apple went out of their way in their new iPhone 5S video to clarify that no developer has access to your fingerprints; that Apple's own servers don't store your fingerprints and that your fingerprints are never backed up to Apple's iCloud service. We covered the main points of Apple's Touch ID in our September 11 report titled "Apple's Touch ID: An Invisibly Seamless Security Feature."
In the bigger picture, putting Apple's technology under a spotlight could be a good thing. Putting it under the fire of public inquiry could demonstrate to the public that Apple is going to extraordinary lengths in securing a user's sensitive fingerprint information. Learning about the types of questions that Franken will be or has asked Apple is quite intricate. It's almost as if Franken is helping Apple legally frame their technology correctly so as to thwart future attempts by differing intergovernmental agencies to obtain a warrant or subpoena for accessing any fingerprint records in the future. In part, Apple's logic to not hold customer fingerprint data on any of their servers may have been their strategy to work around such legal trappings.
The NY Times report noted that "Another important question is whether Apple considers fingerprint data to be the contents of communication or a subscriber identity under the Stored Communications Act. This is particularly important because content data requires a warrant to be released to law enforcement, but a subscriber ID or number only needs a subpoena. Similarly, Franken asks if Apple considers fingerprint data to be a "tangible thing" as defined in the Patriot Act, or subscriber information that they could be compelled to share by a National Security Letter.
While some of the answers to the system process questions seem to be implied by what we know about Touch ID so far, responding to Franken's letter will put Apple on the record on many of the most pressing questions about the technology. Franken wants a response from Apple within a month of receiving the letter. Hopefully we'll be able to get Apple's public response to these questions shortly thereafter.
About Comments: Patently Apple reserves the right to post, dismiss or edit comments.
Why isn't Google being investigated for knowingly releasing an OS that is very easily hacked?
Posted by: Kevin | September 22, 2013 at 09:24 PM
This is extraordinarily amazing!
Finger print scanning is not new, it has been around for many years and has been provided by other smartphone and computer companies long before Apple joined the field with its own technology.
I do not recall any other company being scrutinized so much about their decisions to include and implement finger print technology in their devices. Yes, the scrutiny is a sign of the times, but I would like to know if the other companies providing finger print scanners in their devices are being scrutinized as Apple is. If not, why? Why give any other company in this field a free pass while holding Apple accountable?
The same goes for the companies attempting to add finger print technology to their upcoming devices. Will they be scrutinized and have to answer the same, similar and even newer questions about their technologies?
Today there are many, many, many questions to be asked and answered by Apple concerning its new Touch ID technology that comes with iPhone 5s. I hope Apple has carefully and thoroughly thought its way through this mine field and is prepared to not only answer the questions, but is also prepared to lead with its new technology.
Posted by: James | September 22, 2013 at 01:26 PM
Why didn't they investigate Google or Motorola when the fingerprint scanner was used on the Motorola Atrix? Apple certainly isn't the first company to put a biometric sensor on a mobile device. I really does seem rather unfair that Apple always gets singled out as a company when there are other companies doing the same thing.
Posted by: Constable Odo | September 22, 2013 at 12:04 PM