The iPhone 5S Could Have Your Biometric Data. Don't Panic

Apple's new device, expected to make its debut on Tuesday, is presumed to include a biometric thumbprint sensor. Is this cause for concern? A hell of a business opportunity? Or both?

The worst kept secret about the upcoming iPhone 5S (alongside the pretty new colors) is the phone's reputed fingerprint-scanning home button. The button, if it's real, is creepy and slightly strange seeming, yes. It would also likely change the way we use passwords. But what we're less clear on is what Apple wants to do with your fingerprints should it get hold of them.

First, it's important to know that, aside from being used as a pass code, fingerprints are used almost exclusively to check someone's criminal background or to determine if he is breaking a law based solely on who he is--they can call up criminal records or help alert an immigration agent if someone has a passport or visa issued under an assumed name. It's hard to imaging Apple getting into this business, but if you're inclined to look way off into a dystopian future, then perhaps you'll make out cause for concern.

There's little risk of having servers hacked and fingerprints spoofed. But what we still don't know is how Apple would deploy these new fingerprint scanners, and what it would use them for.

Apple could take users' thumbprints and put them all in a central repository, which might make that dystopian concern slightly less fuzzy. Or each iPhone could retain only a local copy, which brings up far fewer privacy issues. But questions do remain if Apple would actually share fingerprint information with law enforcement, even if only on an extraordinary basis. More important for foreign users is the significant question of whether a central repository of thumbprints could lead to the NSA gaining access to them. Recent events have unfortunately made that more than a hypothetical question.

As security expert Bruce Schneier said in Wired, it's a question of storing fingerprints locally versus storing fingerprints remotely. There's little security risk from unlocking a phone via a biometric thumb swipe stored on the device, but there's somewhat more of a risk involved with having hundreds of thousands of thumbprints stored on a remote server, especially when those are used to access iCloud, Dropbox, Google Drive, or all kinds of other cloud services. For Apple, this will surely be part of the challenge in pushing biometrics onto tens of millions of ordinary consumers.

What's likely behind the presumed move is Tim Cook and his company's disenchantment with the traditional password system. We know they've sought a successor technology. Despite all the talk of replacements ranging from brain-wave reading to pattern recognition to USB keys, biometrics (unique biological features such as fingerprints or retinal scans) are both reasonably secure and--important for Apple--easy to use. Simply put, there's no learning curve to unlocking your phone via thumbprint.

The fingerprint scanner would put Apple on the cutting edge of an emerging new technology. If Apple is the first tech giant to successfully monetize and popularize thumbprints in lieu of passwords, it will be a whole new ball game. It also would create a new selling point for iPhones, iPads, and (later) the inevitable integration of USB and Bluetooth fingerprint scanners with existing computers.

There's lots of interest in the right solution for all kinds of industries, and rumor has it Apple has quietly been experimenting with thumbprints for doctors and medical professionals in order to ensure patient privacy for medical records shared by the iPhone and iPad. There's also a rich market in making cloud services easier to use. Instead of remembering a clunky, difficult-to-use password that will repel hackers, large companies can simply set up Dropbox access via fingerprint recognition. No muss, no fuss, and it saves plenty of valuable manpower hours.

That's what fingerprint identification comes down to for Apple: enterprise user retainment. With the decline of the BlackBerry, Apple and Android are in a to-the-death battle to attract corporate users. Biometric identification is a huge boon for corporate consumers, and Apple wants to make sure it can be offered to them. Because the company is likely banking on biometric identification, it also has a vested interest in making sure that it is, indeed, secure.

[Thumbprint: Kletr via Shutterstock]

Add New Comment

6 Comments

  • dalethorn

    That's fine until they're all required, then what? And what of the users who have invested thousands of hours into these devices and all of the apps etc. that are specific to Apple, not to mention some of the $700 DACs that are specific to Apple that Apple charges whopping licensing fees for? What do you say to them? Tough luck - thanks for buying Apple, now take a hike? Your non-solution stinks.

  • Jasomm

    how long until 3D printers can duplicate thumbprints to hack into phones? or better yet, frame you for murder!....muhahaha !

  • dalethorn

    I learned something on cypherpunks, John Gilmore's forum in the late 90's. There is no secure crypto, period. You use it, you lose it.

  • mb

    That's why the Dell PCs with fingerprint readers 4 years ago were so successful.