49 comments

[ 0.15 ms ] story [ 105 ms ] thread
We sat in our office and joked about this very thing when we watched the announcement. Sad, really.
It should be worth noting, taking someone's fingerprint and duplicating it is surprisingly easy. In fact, a duplicate print has been used to open door locks and even computer locks as the Mythbusters have shown :

https://www.youtube.com/watch?v=3Hji3kp_i9k

This seems specific to image-based fingerprint sensors? Apple's version does not appear to work this way...
CCC in Germany did the same thing, lifted a gov minister's fingerprint from a glass and made a duplicate to defeat a door lock
Interesting, but obviously being able to lift fingerprints remotely is worse than having to physically access the target's handled objects.
That's very true. IMO Apple has already thought of this and I think they're not storing the fingerprint or even a direct hash or other signature of it on the device. They may be using some sort of unique key (a salt perhaps?) that is used in conjunction with the fingerprint to generate the final password.

It's also possible that it may not be a "password" in the conventional sense. Maybe the fingerprint only serves as part of the private key of a public/private key pair where only the public key is stored on the device itself and the private key must be generated each time with a scan of the finger.

This is all speculation, of course.

> This is all speculation, of course.

I suppose that is why we have people asking the questions.

This seems like it would be a more powerful argument if the fingerprint sensor on the iPhone was used for more things than unlocking your phone and making App Store and iTunes purchases. As it is now, Touch ID doesn't need to be technically more secure, dynamic, or anonymous than a passcode or password, it just needs to be faster and more convenient. And what does a perpetrator do once they've lifted your fingerprint and made a copy? They still have to steal your phone or gain access to it for some amount of time, which requires very personal targeting.
It should be worth noting that the fingerprint sensor on the iPhone5S is far more advanced than that door.

Read up on more details and critique about TouchID: http://arstechnica.com/security/2013/09/fingerprints-as-pass...

The door scanner may be easily fooled, but the computer login scanner they worked on is a bit more sophisticated. The "sub-epidermal" scan is actually what a gelatin synthetic fingerprint with a latex skin would duplicate fairly well.

It's important to note the scanner isn't an imaging sensor (I.E. camera) so touch and skin conductivity are still fair game.

And this illustrates my problem with Franken and all the far left -- government agencies are trampling over Americans' privacy, and his issue is whether a private company is taking sufficient safeguards to avoid making it easier for the government to trample that privacy.

As opposed to, you know, getting government to stop abusing its power.

Half of his questions are "what's Apple's legal interpretation of our abusive laws?" It doesn't really matter what Apple's interpretation is. What matters is the secret court's secret decisions about what those laws mean. It's good that Franken voted against renewing the Patriot act, but he should be sending this letter to his colleagues that voted for it, not Apple.

So true. The patriot act is the real issue here, not Apple and it's tech.
Or, you know, you could do both. If it's politically achievable to safeguard people's private data from private companies, then why not do that? This is the old "why bother with solving x when people are starving in y?" argument, which has never been too convincing.

And, for the record, I'm very interested to know what Apple's interpretation of the law is, because that could be what informs the design of their products.

No this isn't "how can you worry about iphones while children are starving in Africa". If he had written a letter that only addressed the issues of whether Apple was exposing customers to security problems or future impersonation, then your criticism would be valid. Half his questions are about domestic spying and how the fingerprint reader impacts it. You can read the actual letter here: http://www.franken.senate.gov/files/documents/130919AppleTou...
"Half his questions are about domestic spying..."

Only 3 of the 12 questions mention domestic spying laws. 1 question refers to "any government". Every single question seems legitimate to me. I can't understand why anyone concerned with privacy would be against asking Apple to answer these questions.

Your concern appears to be fixated on the "far left" and government spying. I can understand that concern, but I think the role of private corporations handling personal data should not be ignored.

Lastly, I'd like to point out that the far left and Al Franken likely did not author the laws referenced. Neither do the far left and Al Franken have the power to change these laws without support of moderates, Republicans, and the American public. Franken is pointing out, in a very open and public way, how these laws could be used to abuse TouchId. If nothing else it shines a much needed light on the relationship of spying laws to private corporations.

> If it's politically achievable to safeguard people's private data from private companies, then why not do that?

Because a government with the power to do that can and most likely will use that power to do things that aren't good for anyone but themselves and their stakeholders.

But the government already does set rules on how businesses can use their customers' personal data. In the absence of such rules isn't it fair to say that corporations will use their customers' personal data in a way that only serves themselves and their shareholders?

Not trusting the government with regards to privacy is understandable; trusting corporations to do the right thing for anyone but their shareholders is not.

You're assuming that the government has a net positive effect for consumers (versus corporations), which I doubt.
I too wondered why he would ask Apple rather than the DOJ. If he did the latter, the answer would be that they don't know the details of the implementation, and can't say. Apple is the party which knows right now.

So what I would like, is that after Apple comes out with the details, the question gets asked to the government. That would ensure that the government does behave according to the intent of Congress.

First, government agencies aren't the only ones we should be worried about, even if government abuses are on the front page of HN every day. There are other concerns, and these are questions that Apple should answer.

Second, how do you know Franken isn't sending letters to his colleagues? Just because you're losing on one front doesn't mean you shouldn't try to fight on another.

I'd imagine some of the far left thinks its far easier to make it impossible for the government to do these things then to make it illegal (since the government seems to have little problem twisting laws to justify what they do). Moreover, you can and should take both paths at the same time.

Plus, even if you curtail what the FBI can get, there will be circumstances when they legally should and will be allowed to get data from a business on an individual(e.g. with a subpoena/warrant). As such it makes since to make verify Apple's assertion that they can't hand over anything.

Finally, he's not just asking about the government, he is asking about any third party.

We can't stop the powerful from lying about what they're doing. We can only potentially detect the lies after the fact.

We can decide that since we can't stop the powerful from lying, we won't hand them the tools to further incentivize that lying.

It's perfectly reasonable for a polity to decide that no member should build land-mines, even if the most blame lies with the users of land-mines. This is not a public / private, left / right issue.

Franken is one of the good guys... he's probably the strongest proponent of net neutrality in the senate.

The letter to Apple came from his role as the Chairman of the Judiciary Subcommittee on Privacy, Technology and the Law. That committee was created to advocate for consumer privacy, which is probably as important as privacy from the government. How many lives could Google ruin with all of the personal information they have on hand? How many companies have your credit card and social security number on some poorly secured server?

As for broader government abuse, Franken introduced a bill to mandate the NSA to reveal the extent of their surveillance, which is supported by just about every privacy-focused organization in the country (ACLU, EFF, HRW, etc.). While he's not as strong of a critic as Merkley or others, pushing things in the right direction is worth supporting.

Franken was a big supporter of SOPA/PIPA when all that was going on. He may be good in some aspects, but I'd hardly call him "one of the good guys".
One of the {relatively} good guys?
In what world is Al Franken "far left"?
(comment deleted)
In the current US political climate, where implementing a Republican health care plan gets you branded a "socialist", obviously.
to add to this, where's the NRA and supporters of the 2nd amendment regarding NSA/the government recording "everything"? wouldn't they be very vocal if the feds implemented a massive gun registry? (I'm not American so I may be off-base here)
The answer to this problem is to create a technology which allows for easy replication of fingerprints once you have a digital copy. Once that technology exists it will completely remove the use and value of fingerprints since the existence of a finger print won't prove anything.

3D printers could provide that system as long as they are precise enough to print fingerprints at scale.

That's an interesting solution.

re-create some super VIP's prints and plant them in undesirable places they obviously did not go to; then publicize it. Render the whole 'fingerprint as an identifier' thing with uncertainty and doubt.

I believe Objet/Stratsys still have the highest resolution printers at 16 micron layers and 30 micron-width droplets.

A quick google search says the papillary ridges of a fingerprint could be safely assumed at between .020 and 2.0mm in height[1]; that might be printable now.

Fun thought, anyway.

[1]-http://answers.google.com/answers/threadview?id=216913

It's not like a scanner that's taking a picture of a finger and storing the image on a chip. From what I can tell, the biometric markers of individual fingerprints are used as a hash to generate a strong password -- much stronger than a user generated password. The fact is, the standard 4 digit pins that most users use are not very secure. (From what I can recall of a recent security seminar I attended.)

Given the privacy concerns that have been news lately, it's understandable that this would raise some eyebrows, but when combined with something like the iCloud keychain for generating strong online passwords, this could actually be a great benefit to individual privacy.

It's possible the device is storing a second key of some sort as well as regenerate each time a fingerprint is set. It may even regenerate it each time a scan is done and reset the password.

I.E. hash( hash(fingerprint) + stored key ) = actual password.

IIRC I think I saw someone else saying that each fingerprint hash was hashed with a key specific to each phone so that if you were able to extract the fingerprint hash it would be unusable on the target's other devices. I cannot find the source for this so please take this with a large grain of salt.
lol "Passwords are secret and dynamic"

Passwords are often static, shared, and relatively easy to crack.

That's not the point. The point is that the fingerprint uniquely identifies you, and it's difficult to change.

It's like using your SIN as a secret.

Well, it's currently pretty easy to change. I use my fingerprint in exactly one place right now: as the unlock code for my new iPhone. (Yep, I stood in line and everything.) If somehow my fingerprint got stolen, I could trivially change the unlock code by switching back to a regular passcode and disabling the fingerprint unlock.

I don't understand the big concern over this fingerprint sensor. I get the idea of some concern on a theoretical level, but compared to the rest of any smartphone's ready-made spying functions, like the ability to see where you are at any point in the day, the ability to record or even transmit live every conversation you have, the ability to steal every password you enter into the device, etc. etc., fingerprint theft seems completely unimportant. So far, I've yet to get a satisfactory answer to just what bad things would happen if the NSA was, in fact stealing everyone's iPhone fingerprint data. I'd rather they not, but it's minor compared to everything else that's going on.

Furthermore, if Apple did it right, they'd store a hashed reading of the fingerprint, and probably salt that with the device's ID or some private key unique to the device (quite straightforward).

So that would mean that even if someone stole your print (say the stored hash), it wouldn't work without the iPhone. At that point, in order to attack someone's AppStore account with a fingerprint, it becomes 2-factor security... and that "something to have" token can be revoked by remote wipe.

how do you verify fingerprint if you only store a hashed reference?
(comment deleted)
"You have only ten of them."

Did anybody think of using toes yet?

Yes. http://reviews.cnet.com/iphone-5s/

"The Touch ID-enabled home button feels invisible; it works with a tap, can recognize your finger from many angles, and feels like it has less of a fail rate than fingerprint sensors I've used on laptops. It's impressive tech. It worked on all my fingers, and even my toe (I was curious)."

Looks like the anti-spying-stories brigade is out in full force today flagging this and the two stories about GCHQ hacking the Belgian telecom companies
why isn't this on the first page? 42 points in an hour? I see something with 42 points in 2 hours on the first page.
I still don't understand all this uproar over fingerprinting.

Fingerprints are obviously incredibly insecure. They're obviously identifiable. How is this news?

Fingerprint readers on phones are like locks on doors -- they deter casual people, but are totally worthless against anyone determined. But still pretty useful for their convenience in most situations.

Fingerprint readers on phones are for preventing your mother or your girlfriend or your son or your coworker from getting into your phone. And nothing more. It does zilch against police/government/espionage/etc. But it was never supposed to, any more than your front lock is supposed to keep a SWAT team out.