But I do have a concern, brought to my attention by people in law enforcement. A passcode is something you know, and an argument can be made that law enforcement can't compel you to reveal that. But consider a situation where officers have a warrant to search your home. If a room is locked, they can conceivably compel you to provide the key, which is something that you have. Well, a fingerprint is really something that you are. Can you be compelled to present your finger to unlock your phone? It's possible, and I'm sure the question will be heading to a court sometime not too far down the road.
The best thing to do if you are worried about anything like that happening is to use both a fingerprint and a passcode, and I hope Apple will enable that. Not everyone is going to want to do that, since it pretty much kills the simplicity of using a fingerprint. It should be an option, nonetheless.
Another complaint about Touch ID is that Apple hasn't opened up a general purpose API for external software developers to use in their own apps. That's a valid criticism, but these are early days. I hope that this is just the first step toward great things to come, and I would not be surprised to see Apple make a Touch ID API available in future releases.
But just because Touch ID has shortcomings does not lessen its importance. I believe that this first fingerprint scanner for a smartphone could herald a big leap forward in data security for mobile devices. I'd like to think that Touch ID will be the catalyst for highly trustworthy data storage on mobile devices, making them safer for things like mobile banking, payments and medical records.
I will be doing more evaluation of Touch ID, but at this point, it looks as if I may be able for the first time to recommend Apple's data protection mechanisms to my business clients. Until now, serious business applications have needed more security than Apple could provide. Here's hoping that we're about to see that change.
With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University's CERT/CC, the U.S. Deptartment of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.
Sign up for CIO Asia eNewsletters.