Privacy concerns cropped up Friday after Apple released the new iPhone 5S with fingerprint recognition technology, but my first instinct was: What would I even do with someone else's fingerprint?
I'm just an everyday schlub, but even a hacker with a complex array of tools at their disposal to ruin your electronic existence can't do much damage. Hackers can't use a fingerprint to get access to a bank or credit card account. Credit scores seem safe. The worst that could happen is your phone, and all the data on it, is compromised, but that's what would happen if a hacker got past your passcode in the first place.
Am I missing something here?
Democratic Senator Al Franken thinks so. He wrote a ticked off letter to Apple on Friday, saying passwords are "secret and dynamic" while fingerprints are "public and permanent."
He has a point. If you don't tell anyone your password, no one will know it. If hackers guess it, you can change it. But you can't ever change your fingerprint.
"You have only ten of them," the Minnesota Democrat points out.
"And you leave them on everything you touch; they are definitely not a secret. What's more, a password doesn't uniquely identify its owner—a fingerprint does. Let me put it this way: If hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life."
The "rest of your life" part is pretty intense, when you think about it.
That's an issue that experts foresee as a problem. You can't change your fingerprint. Twenty years from now, the technology could exist to use those print data points to gain access to your Social Security Number, and by that point it will be too late.
Of course, anything could be the case in 20 years. You could have robotic legs that allow you to jump 100 feet in the air and pick up satellite radio, but it's probably useless to base your current decisions on that distance contingency.
If you're really concerned about hackers following you around, dusting everything that you touch to grab your fingerprints so they can hack into your phone, I suggest two solutions: a) wear gloves all the time (this draws less attention in the Yukon Territory than, say, southern California) or b) just don't add your thumb print to the phone and trust the good old-fashioned four-digit number.
Robert Graham on the Errata Security blog argues that even my glove suggestion is unnecessary:
You use a different part of your finger to touch the iPhone sensor than what you use to touch other things. Hold a glass in one hand, and hold your iPhone in the other with your thumb on your sensor. You'll notice that you are holding the glass with the flat of your thumb, but touching the phone with the tip. The two prints overlap slightly, or not at all.
At any rate, Apple says the technology is intended to give users an extra level of protection, with the added perk that users don't have to remember a four-digit number.
And The Washington Post did a good job of allaying my fears shortly after the 5S was announced.
Because it's only storing a few data points on select fingers, this data is very unlikely to be useful to law enforcement for things like matching a partial print from crime scene to an individual. So unless Apple did something radically different than earlier types of fingerprint scanners, the type data it will collect and store isn't something that would likely be used to build some sort of huge fingerprint database.
This means that the analysis of your fingerprints that the iPhone 5S will perform is different from the way prints are taken and stored by government agencies. Even if mass amounts of fingerprint data gets leaked, there would be no way to match it up to a print stored by a law enforcement agency.
There will be no central database of fingerprints waiting for an NSA request, according to the Post. Your scan will be held specifically on your phone and be used solely for the purpose of allowing you access to your phone. So, again, the worst that can happen if your phone is stolen is that someone will have to hack past your print to get to the data.
My conclusion (and, again, I'm an average schlub): There are certainly reasons to be concerned about our personal digital information being compromised, but the iPhone 5S's fingerprint sensor does not appear to be one of them.
Disagree? Leave a comment and put me in my schlubby place.