Apple’s iPhone 5S with biometric identification: Big Brother’s dream?

“The latest series of Apple’s iPhone will not only continue to cultivate numerous apps that track your location through GPS and transmit data directly back to corporations and government, but contain a fingerprint sensor that stores your fingerprint in order to purchase apps and unlock the phone for use,” Anthony Gucciardi writes for Storyleak.

“And that’s really just the beginning. As millions will most likely continue through the Apple food chain and purchase this phone, the NSA and bloated federal government at large will be beyond ecstatic,” Gucciardi writes. “Because after all, it’s a real dream come true for the Big Daddy government spy state. No longer will you actually need to be arrested to gather your fingerprints — we’re talking about millions nationwide willingly submitting their biometrics to a database that most certainly is accessible by Apple and big government.”

Gucciardi writes, “But don’t worry, the same company that has given away all of your chats and personal data through the NSA’s top secret PRISM program says that you’re perfectly safe… Of course Apple claims that the fingerprint scans will be ‘local’ on your hardware, but of course the NSA and FBI would not let such a precious database go to waste.”

Read more in the full article here.

MacDailyNews Note: According to Apple, “All fingerprint information is encrypted and stored within the secure enclave in our new A7 chip. Here it is locked away from everything else, accessible only by the Touch ID sensor. It’s never available to other software and it’s never stored on Apple servers or backed up to iCloud.”

[Thanks to MacDailyNews Reader “CognativeDisonance” for the heads up.]

84 Comments

  1. Well since I’ve travelled to the US as a British citizen lots of times and at immigration I have to have my photo taken and my fingerprint scanned, you’ve already got it. Personally I’m more concerned about the fact that Facebook knows everything about you and who you associate with, and Google reads your emails. My fingerprint is left on everything I touch, not much I can do about that, but I don’t use Facebook or Google and I trust Apple the most.

    1. No one seems to care that businesses collect tons of data on the average person, and analyze, use, sell and share this info with other businesses on a daily basis. I’m not sure how they’ve no problem with this yet panic when they learn that the NSA has access to some of the same data. Disregard the fact that NSA doesn’t actually use ANY of this data unless extremely specific circumstances are met. And hey, what’s national defense compared to corporate profits?

  2. Wow such vitriol against people concerned for their privacy. Short sighted people who willingly and gladly hand over their personal details are the morons.
    But, I have a question for you folks – if there is no problem and being concerned is misguided, conspiracy theory crackpot stuff, why does apple go to such lengths to securely hold the fingerprint (or whatever it is) and publicly reassure customers that it’s never stored on a server or transmitted??? Eh?

    1. They question of NSA/Gov privacy abuses and Apple’s biometric security system are two completely different arguments if Apple’s claims are true. And as mentioned above, it is going to be quickly apparent whether fingerprint data is being sent anywhere. If Apple’s claim that your personal data stays locked and sandboxed in secured area of the A7, then there is NO database for anyone to retrieve the data from. This conflation of the iPhone and the debate over NSA actions is irresponsible journalism. I hope Apple responds quickly and forcefully to lay these insinuations to rest.

      1. As long as the device collecting this data is connected to the net, the assumption should automatically be that the data can be stolen from the phone. The leaked NSA docs already elaborate on what depths they are willing to go to gather data, and it isn’t like Apple is putting up much of a fight either. As soon as the NSA comes aknocking for this data, you can bet your ass Apple will fold like a cheap suit.

        1. I disagree that the NSA would go after this information. As explained by Apple, it’s a unique piece of data attributable to your fingerprint. Given Apple’s acquisition of the company behind the technology, it’s unlikely any other company (*cough* Samsung *cough*) will be able to use the same algorithm, making the data not very useful to the NSA. Your PIN is arguably more valuable because you choose one (generally) that is memorable to you, and therefore gives clues to you, your personality, your history… things which can be triangulated upon and used. Your fingerprint, as known to the A7 processor, will not get someone into a secure facility, nor tie you to a crime scene.

          1. If the sensor can repeatedly “retrieve” the data from my fingerprint, then it is not unfathonable that another sensor from another company could retrieve AND store the data the same way. I wouldn’t be surprised if it actually becomes a government mandate that it is stored in a consistent repeatable standard precisely to make retreiving it by the NSA or law enforcement much easier. For all you know, considering that IOS is a closed platform, the reference code apple produced or authentec created had governmental interference to guide it into alignment with a standard that will make compiling a national database much easier. I also wouldn’t be surprised to see something in the future that could deny legitimate users access to their phones as a result of improper designation of a law abiding citizen as a terrorist. Apples 1984 commercial was so far ahead of its time and very apropos for the new big brothe Apple that exists today.

            1. But what you are describing is actually a bypass of some other fingerprint sensor, wherein you feed into it’s algorithm the data it thinks it would have gotten from the sensor itself. That implies physical access to the guts of the device which is way beyond what anyone is concerned with here. Apple has said they don’t store your fingerprint; rather, they are storing some compilation of information measured and inferred from subdural analysis, only for the purpose of confirming to the security framework that you are the person who presented the same finger to device during the training period. As much as you want to conceive of all manner of offshoots from this, it’s pretty clear that Apple is not storing enough data to recreate your fingerprint. So again, it’s useless information to any other system out there. Consider the data stored in the chip to be your public key and your finger is the private key. The presence of the public key does not allow you to recreate the private key.

            2. Apple was very vague about how they are securing this data. To say they are keeping it in the A7 chip says little about how exploitable the data can be by a determined entity like the NSA that wants the data. To say this is even remotely like public key encryption is sort of silly. I think in the age of all these data breaches and again considering they are storing this data on a network enabled device, it is naive to believe any of this data is secure on the phone. The only true security is a phone that can’t capture the data in the first place.

            3. the same reason the NSA is collecting any data at all. It is all about power and control. How much more naive do you have to be, to not see the implications of this kind of data getting into the wrong hands?

            4. Btw. It was never about collecting a single individuals data. That data by itself is worthless. It is the patterns that are seen when the data is matched up and seen from a global collective that causes it to be dangerous. These new sensors are going to make it not only possible to collect the data, but physically link it to a specific person.

        2. Yeah, just waiting for the day NSA comes ‘aknocking’. That’s what they do, after all, spy against Americans. Surely there are no greater threats to America than all these pesky Americans.

      2. I suspect Apple feels the lengths it went to are sufficient. The fact that some people will seek personal gain by trying to show how much smarter they are then Apple can be allowed to influence their communication strategy only so far. If you look at how “mac hack” has twisted the argument around you can see the beginnings of too much denial signaling guilt in the minds of some.

    2. The vitriol is unfortunate. There are a lot of people who don’t understand technology even sufficiently to operate their TV/DVD/Blueray, etc. I think Apple goes to the lengths to explain it for two reasons: One, in the face of all this Snowden stuff, to reassure buyers that there is no more personal detail in what they need from your fingerprint than there is in your choice of PIN; and, two, to set a bar for other manufacturers so implementations don’t get progressively weaker and hurt the reputation of the technology. Some people, like Tim Cook, will fight battles based on principals rather than economics.

      Remember earlier this summer when New York was going on about cell phone manufacturers not doing enough to make cell phone theft unattractive? I think the iPhone 5S with iOS 7 has pretty much nailed that issue. That’s Apple producing a forward-thinking product.

    3. Not vitriol, just astonishment at what people expect to be ‘private’. Phone calls? Online chat sessions? Emails? Facebook posts? Browsing history? The stupidity of thinking these activities are in any way private seems to be pervasive.

  3. I pity the fool that thinks the fingerprint data is not accessible to software. The same fool that thinks AES256 encryption doesn’t have a back door exploitable by the NSA.

    Apple can release the design for public scrutiny if they want to prove otherwise.

    1. Gary, what would software do with the fingerprint data? It’s not used anywhere else for anything. If you are a nefarious software developer you’re not interested in the fingerprint data, you’re interested in the boolean that is returned by the system: “Yes, this is Gary” or “No, this isn’t Gary.”

  4. I don’t know why people make such a hullabaloo about
    the NSA when you go to their Facebook pages and see
    that they have already given lock stock and barrel to
    Mark Zuckerberg.
    I doubt that their is enough electrical power being
    generated in the US alone to even begin the task
    of “monitoring the web”, let alone recording web
    traffic? Manufacturers would not be able to build
    storage systems quickly enough to keep up with
    such a ludicrous endeavor. Probably it would be
    easier to keep track of an accurate count of the
    grains of sand on every beach.

    1. And yet, everyone is jumping up and down with joy to put yet another private identifier of themselves into a phone that will be easily exploited and had the data retrieved from. Now that is a genius idea there. NOT

      1. Could you share the link you must have discovered between your first post on this article and this last one? The article that explains how you went from questioning the technology to having determined conclusively that it will be easily exploited?

        And then you really need to go back and review what Apple said. When you type in your 4 digit pin to unlock your phone the Springboard has asked the system to present the lock screen challenge and awaits a callback that says it’s okay to proceed. This new ID system integrates into that. Nothing more. Have you read what all the other posters have noted about their fingerprints having long been in the databases, all for legitimate reasons?

        Again, the “exploit” isn’t to share the fingerprint “data” to other phones, because that would just allow *you* to use them if you presented your finger to them, which is the opposite of what you’re worried about. When you set up a bank account, and they record your answers to secret questions, those answers are what identify you to the person at the bank. But if you steal my answers and go to other banks and present my answers to them they’re going to have escorted out of the building for being weird.

        Whatever result Apple stores based upon the unique attributes of my fingertip is *worthless* anywhere else! That’s really all there is to this.

        1. There used to be a time when the thought of collecting massive amounts of data in general would have been thought to be impractical and inconceivable, but yet. Here we are. The NSA is mining massive amounts of data. Wrt legitimate databases of fingerprints, that may be true but may not be digital and even then is no where near as extensive as the one the NSA could build from people voluntarily storing them on insecure network connected phones. Again, the only real security for this data would have been and still is to buy a phone that can’t collect the data in the first place and digitize it. Even in a case where apple could have put the sensor off to the side, they insidiously put it on the one function everyone needs to use to use the phone. The same sneaky approach will be on iPads and soon macs. As I said before, apple can take their touch id and shove it. Anyone dumb enough to submit their data to this crap, deserves the inevitable consequences that aren’t just probable, but at this point based on how aggressive he NSA is being, 100 % guaranteed.

  5. I think Apple’s trying to do the right thing here, and the fact is is supposed to be embedded in hardware-only sounds impressive (although if it’s in hardware only, why does it say it is not available to OTHER software?). But the troublesome thing is whether the NSA will take a shot at getting this stuff. Probably they won’t be doing it this year or next, but it would hardly be surprising if in 5 years or 10, some nut at the NSA decides to apply the right pressure to get it all.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.