September 22, 2013
By James Burchill.
BURLINGTON, ON. Apple’s new iPhone with fingerprint security is raising privacy questions and giving many people reason to balk at buying the latest from the gadget giant. The question isn’t whether or not the idea will work, it’s a question of whether or not trading biometric data as sensitive as fingerprints, and the privacy implications that could have, for some convenience is really a good deal. As usual, it’s all about perception and preference rather than one-size-fits-all reality.
The iPhone 5S will let you use a fingerprint as an ID; what happens to that fingerprint should you lose that phone?
The Touch ID on the iPhone 5S: The idea behind the new iPhone’s fingerprint security system is pretty simple. Fingerprints, known to be unique to the individual, are now easily scanned and stored, and can easily be compared to a known base metric for verification. Other biometric options include retina scans, which are very expensive, facial recognition, which is still largely in its infancy, and DNA, which is difficult to do on-the-fly.
Fingerprints have been the most common go-to for consumer-grade biometric identification, but Apple is the first to add it as an option for a common gadget rather than a device meant to be used in secure situations and businesses.
The Touch ID for the iPhone 5S, which is now on the market, uses a fingerprint scan to replace a personal identification number (PIN) for the phone’s security features and can be accessed (limited to a “is the person verified?” Q&A) by apps on the phone to replace similar security measures they might have.
The iPhone will use the scanned fingerprint, but not the fingerprint itself as verification. If that doesn’t make sense, it’s due to the complex nature of how physical attributes like a fingerprint are digitally converted and stored. The fingerprint itself is not stored, per se, but a digital version of it is. That digital version is not as simplistic as a scan or photo of the physical fingerprint, but is instead a series of plot points (or a metric) that describes the fingerprint’s defining characteristics. Those who work with fingerprinting will understand this. The rest of us need more explanation.
How Digital Fingerprinting Works: Try to remember back to your school days in a Geometry class. Remember how the Fibonacci sequence (Editor’s note: Sure James I remember that.) could be made to make swirls by simply plotting the numbers (1, 2, 3, 5, 8…) in a series of defined points on a chart? Imagine an equation that described a fingerprint using a similar number sequence.
Fingerprint: a unique identifier. Do you want it out there for anyone to grab and use. That would give a whole new dimension to identity theft. Apple’s iPhone5S can use a fingerprint as ID. Is this a smart move? Burchill wonders.
A fingerprint is basically a bunch of swirls with defined beginning and ending points for the individual lines making up the swirl. So to store it digitally, all that is required is to know the beginning, apex, and end point of the swirls that make the print unique and you have a stored version of it. One that takes up very little data space, but that can be easily re-drawn at any time.
This same idea is how most graphics are plotted on a computer screen, in fact, and is also what makes up a lot of the other things we now consider common in digital graphs, photography, and more.
Why It’s a Privacy Concern: For privacy advocates, what Apple has introduced is a device that can scan a fingerprint and store it, even if it has been encrypted, on a device that is known to be easily hacked. Further, the physical storage of the fingerprint information is on the phone itself and therefore accessible by blunt means.
Other devices that use fingerprint data for security, such as laptops from most of the major makers, have been found to have similar security issues. The difference here is that smart phones are more often stolen and compromised than any other device and with HTC reportedly planning a similar fingerprint ID system; this could become a serious problem.
James Burchill creates communities and helps businesses convert conversations into cash. He’s also an author, speaker, trainer and creator of the Social Fusion Network™ an evolutionary free b2b networking group with chapters across southern Ontario. He blogs at JamesBurchill.com and can be found at the SocialFusionNetwork.com or behind the wheel of his recently acquired SMART car.
Rather ironic that so many are now willing to embrace this technology regardless of the risks to privacy.
In the 1990’s when the Province wanted to use biometric technology, to replace conventional card form ID,the uproar was deafening.