Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

U.S Sen. Franken seeks data on privacy controls in iPhone 5s fingerprint tech

Jaikumar Vijayan | Sept. 23, 2013
Lawmaker seeks answers to a list of 'substantial privacy questions' sent to Apple CEO Cook

A U.S. lawmaker wants to know whether the Touch ID fingerprint reader in Apple's iPhone 5S has adequate controls to protect the personal data of users.

In a letter to Apple CEO Tim Cook, Sen. Al Franken (D-Minn.) sought answers to a set of detailed questions on whether the technology includes controls for securing fingerprint data and whether the company has any undisclosed plans to share the data.

While Touch ID could improve certain aspects of mobile security, it also raises "substantial privacy questions" said Franken, chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law.

In the letter, Franken told Cook that he is "seeking to establish a public record of how Apple has addressed these issues internally and in its rollout of this technology."

Apple didn't respond to Computerworld's request for comment on Franken's concerns.

Apple's Touch ID is a fingerprint-based authentication system for the iPhone 5S, that allows up to five users register fingerprints on a single device. Apple says the technology is designed to make the iPhone a less attractive target for thieves.

Industry analysts have so far generally hailed the technology as a step forward in mobile security. Some analysts predict that it won't be long before the Touch ID feature is included on all Apple products.

In the letter, Franken acknowledged that Apple has taken measures like ensuring that fingerprint data is encrypted and only stored locally, and to block third-party access to Touch ID. "Yet important questions remain about how this technology works, Apple's future plans for this technology, and the legal protections that Apple will afford it," Franken said.

Unlike passwords that can be changed at will, fingerprints are permanent, Franken wrote. "You can't change your fingerprints. You have only 10 of them. And you leave them on everything you touch; they are definitely not a secret. If hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life."

Franken asked Cook to explain how Apple will convert locally stored fingerprints into a digital or visual format that could be extracted and later used by Apple or third parties. "Is it possible to extract and obtain fingerprint data from an iPhone? If so, can this be done remotely, or with physical access to the device?" he said.

He also asked whether the iPhone 5S is designed to transmit diagnostic information about the Touch ID back to Apple or other third parties, and whether fingerprint data would be backed up on a user's computer.

He also sought information on how Touch ID interacts with iTunes, iBooks and Apple's App Store. "Can Apple assure its users that it will never share their fingerprint data, along with tools or other information necessary to extract or manipulate the iPhone fingerprint data, with any commercial third party?" Franked asked.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.