the new iPhone fingerprint scanner might be a priv
Post# of 63704
The iPhone 5s, released Friday, has a built-in fingerprint scanner, which will function as an alternative to conventional passwords. Some privacy advocates are concerned about how Apple plans to handle this highly sensitive data. Apple says it will only store the data collected via Touch ID on the device in an encrypted format rather than in a centralized server. Apple will also block third-party apps from accessing Touch ID.
But Sen. Al Franken (D-Minn.) wants details about Apple's plan for the data collected by the system. Thursday he sent a letter to Apple CEO Tim Cook asking some tough questions about the fingerprint system, and noting how fundamentally different biometric identifiers are from previous ID methods:
Passwords are secret and dynamic; fingerprints are public and permanent/ If you don’t tell anyone your password, no one will know what it is. If someone hacks your password, you can change it—as many times as you want. You can’t change your fingerprints.
You have only ten of them. And you leave them on everything you touch; they are definitely not a secret. What’s more, a password doesn’t uniquely identify its owner—a fingerprint does. Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life.
Franken wants to know more about the technical possibilities of Touch ID and how Apple plans to use it. For instance, if it's possible to convert or extract locally stored fingerprint data in a format that could be used by third parties, and whether that can be accomplished without physical access to the phone. And what diagnostic information, if any, the iPhone 5s transmits about the Touch ID system to Apple and third parties.
And he wants assurances that Apple will never share the fingerprint data or the tools needed to get them with commercial third parties.
Another important question is whether Apple considers fingerprint data to be the contents of communication or a subscriber identity under the Stored Communications Act. This is particularly important because content data requires a warrant to be released to law enforcement, but a subscriber ID or number only needs a subpoena. Similarly, Franken asks if Apple considers fingerprint data to be a "tangible thing" as defined in the Patriot Act, or subscriber information that they could be compelled to share by a National Security Letter.
While some of the answers to the system process questions seem to be implied by what we know about Touch ID so far, responding to Franken's letter will put Apple on the record on many of the most pressing questions about the technology.
Read full story
Source: WashingtonPost
Browse our directory of newspapers from United States
(0)
(0)