iPhriend or iPhoe: Privacy Concerns Raised by Apple’s New Fingerprint Technology
With the craze over Apple’s two new iPhones, the sleek and stylish iPhone 5s and the more colorful 5c, many consumers may be overlooking one characteristic causing great concern. This one worrisome feature is the new fingerprint scanner for the iPhone 5s, which is a radical technological advancement in Apple’s cellular technology. Ironically, this is the likely feature that sent millions flocking to the Apple store during the phone’s debut weekend.
As described by Apple, the new “Touch ID” sensor was designed to more effectively protect personal user information stored on each phone. Because no two individuals have an identical print, “it made perfect sense, to create a simple, seamless way to use it as a password,” said Dan Riccio, Senior Vice President, Hardward Engineering, on the iPhone 5s promotional video. Not only can you can use the fingerprint sensor to unlock your phone, but also to make purchases through Apple stores.The iPhone 5s release date trails on the coat tails of the NSA cellular data collection uproar, which caused many Americans to doubt the privacy of their own phone conversations. And the phone’s fingerprint sensor is raising related privacy concerns. This new technology grabbed the attention of Senator Al Franken (D-Minn.), chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law. Senator Franken wrote to Tim Cook, Apple’s CEO, and demanded answers to significant questions. He asked, “Is it possible to extract and obtain fingerprint data from an iPhone. If so, can this be done remotely, or with physical access to the device?” Senator Franken continued to inquire into the interaction between the Touch ID sensor and applications like iTunes and the App Store during user purchases.
According to Apple, all fingerprint data is encrypted and stored inside a chip located in the hardwire of the phone. This chip, Apple claims, is accessible only by the fingerprint sensor and not stored in a centralized database. Dan Riccio says, “it’s never available to other software, and it’s never stored to Apple servers, or backed up to iCloud.”
While allegedly stored and used “locally, the fear remains that Apple could, at any time, claim the right to use and even profit off of this identification data. Moreover, at the rapid rate iPhone applications are produced, one can only imagine how soon companies will begin to incorporate the sensor into their own software (if possible). Then, they too could get ahold of your precious prints.
In fact, the Touch ID sensor has already been hacked, and it took only took a few days. Chaos Computer Club released a YouTube video depicting the hack, and even released an article detailing each step. The whole process seems somewhat complicated, but the fact is it was done.
Furthermore, what is to stop law enforcement officials from subpoenaing and obtaining this encrypted data, especially if helpful in criminal investigations? Or what if the government has a “strong interest” in obtaining and storing this information for use in connection with domestic and foreign affairs? Our constitutional right to not incriminate ourselves under the Fifth Amendment may protect what we know, but will it protect who we are?
The concerns surrounding such powerful technology beg the most important question: do we, the consumers, really have control over our own privacy? What, perhaps, was created to ensure maximum levels of security could actually turn out to do just the opposite. Only time will tell if and for what purposes this information can be used.
Amanda Russo is a J.D. candidate, ’15, at NYU School of Law.
more »
