Franken asking right questions about smartphone biometrics
Good legislators should provide insight and argue for greater oversight concerning technologies which have the capacity to be intrusive and erode our sense of privacy. This is why Al Franken should be commended.
Recently, the U.S. Senator from Minnesota raised privacy concerns about the inclusion of fingerprint reader technology into Apple’s newest iPhones. Apple now uses biometrics to lock and unlock its newest generation of mobile phones and has developed patents that will allow its customers to complete e-commerce transactions by way of biometric authentication.
As extensively reported in BiometricUpdate.com, Apple also acquired a broad intellectual property portfolio last year that consists of 200 filed and issued patents, which include many of the foundational technologies which are the basis for fingerprint biometrics.
Though Franken appreciates that Apple’s technology was developed and implemented to secure its latest iPhone 5S smartphone, he wants a wider societal conversation started about the technology’s potential implications.
In a letter written to Apple CEO Tim Cook in September, Franken noted: “Passwords are secret and dynamic; fingerprints are public and permanent. If you don’t tell anyone your password, no one will know what it is. If someone hacks your password, you can change it—as many times as you want. You can’t change your fingerprints. You have only ten of them. And you leave them on everything you touch; they are definitely not a secret. What’s more, a password doesn’t uniquely identify its owner—a fingerprint does. Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life.”
Though Franken acknowledged that Apple has taken security measures that ensure fingerprint data is locally stored, encrypted and blocked from third-party access, he maintains that “important questions remain about how this technologies works, Apple’s future plans for this technology, and the legal protections that Apple will afford it.”
Franken asks whether it is “possible to extract and obtain fingerprint data from an iPhone” and if so, whether it can be done remotely or with physical access to the device. The senator also asked the company if the new iPhone 5S has the capacity to backup biometric data to a user’s computer or transmit diagnostics about the biometric data to Apple or third parties: “Can Apple assure its users that it will never share their fingerprint data, along with tools or other information necessary to extract or manipulate the iPhone fingerprint data, with any commercial third party?”
Franken’s questions are important since it is predicted that Apple will eventually use its Touch ID fingerprint technology to facilitate e-commerce transactions. Biometrics Research Group, Inc., the independent research vendor and parent company that publishes BiometricUpdate.com, has estimated that U.S. consumers will use smartphones and tablet computers to make retail purchases of approximately US$35 billion this year, compared with US$20 billion in 2012.
In order to secure and streamline online transactions, Biometrics Research Group expects that Apple will eventually integrate fingerprint authentication into “Apple ID” profiles to supplement the written pass codes that provide access to all cloud-based services, including iTunes purchases. If this occurs, then consumers will rightly need to be concerned about how biometric data is stored, protected and how it will be used to authenticate purchases. Franken’s inquiries of Apple will help U.S. consumers understand how their personal data will be handled.