[Dave Pell reacting to the new iPhone TouchID system (fingerprint scanner)][1]:
> In order to give us the promise of more security, companies will want to know even more about us. It feels like we’ve passed a point of no return. So much about us is stored in the cloud (our finances, our communication, our social lives) that we can’t turn back. The only way to protect what you’ve shared so far is to share some more. Protect your data with a password. Protect the password with some secret, personal questions. Protect all of that with your fingerprint or your heartbeat. Before long, you’ll have to give a DNA swab to access a collection photos you took yourself. It’s a trend worth watching. The last decade was about sharing. The next decade will be about protecting.
Pell’s thoughts are cogent, and while we know little about the day-to-day operation of Apple’s new Touch ID — there has thankfully been a mostly healthy debate around the workings of the device.
[Rich Mogull over at TidBITS has a very evenly written and well explained take][2] on Touch ID and how it works — I suggest you read it before we go any further.
[Cory Doctorow over at Boing Boing has this to say][3] (in response absurd reports that fingers are now going to get cut off):
> This is the paradox of biometric authentication. The biometric characteristics of your retinas, fingerprints, hand geometry, gait, and DNA are actually pretty easy to come by without your knowledge or consent.
He’s right, not only do we drip this information everywhere we go, we can’t ever change it. But I believe it is a wrong-headed assumption to assume that this is any more problematic than any passcode.
While you could lift my finger print from a pane of glass, who’s to say how time consuming it might be (and expensive) to create a copy of my finger which would allow you into my phone. Add to that: you also need possession of my phone. Then, if you get both of those, you would need your finger replica to work the first time so that I don’t remote wipe the device before you get a chance to read my data.
It would actually be *easier* to just cut off my finger (not that I advocate that). What would also be easier would be to take the zoom lens on a camera, follow me for 30 minutes and snag my four digit passcode — but that’s not inflammatory enough to drive blog post traffic, so…
[Over on Motherboard][4], Patrick McGuire makes the case that we have no reason to trust Apple that there is no NSA backdoor into the encrypted A7 chipset to get our fingerprint. I agree, there is no reason to trust Apple on this, but *yet again* I have to argue that this seems like more work (and risk of exposure) than the reward is.
To assume that the NSA is secretly working with Apple, or hacking iPhones, to get fingerprint data is also to assume that this would be the easiest way to get that information. Logically, thanks to Doctorow, we know that simply is not the case. Do you have a passport? Have you been arrested? Worked with children? Gotten a security clearance? Real Estate broker in Washington State? Then the NSA *has* your fingerprint already.
It’s stupid to assume the NSA would spend that much time to try and get fingerprint data when a good spy could covertly get it (spies they already have trained and paid for), or even just calling the local cops and asking them to pick up the suspect for a random reason.
Just use some logic here people.
***
Now, for something [actually troubling from Marcia Hofmann][5]:
> But if we move toward authentication systems based solely on physical tokens or biometrics — things we have or things we are, rather than things we remember — the government could demand that we produce them without implicating anything we know. Which would make it less likely that a valid privilege against self-incrimination would apply.
Essentially, the government has a harder time to compel you to give up a password, or combination, but it looks as though forcing you to use your finger to unlock something would not violate your rights.
This compels me to once again urge *all* apps to provide an option for passcode locks on the app. If your app contains content created by the user of the device, give us the option to add another layer of protection on that data. Then if compelled to unlock our phones, we can’t necessarily be compelled to turn over the passcodes for each app. All the government gets then is out contacts and call log — both of which they likely already got from the NSA.
[1]: http://nextdraft.com/current/
[2]: http://tidbits.com/article/14089
[3]: http://boingboing.net/2013/09/12/why-fingerprints-make-lousy-au.html
[4]: http://motherboard.vice.com/blog/the-iphones-fingerprint-scanner-is-an-exercise-in-trust
[5]: http://www.wired.com/opinion/2013/09/the-unexpected-result-of-fingerprint-authentication-that-you-cant-take-the-fifth/