“The iPhone 5s, released Friday, has a built-in fingerprint scanner, which will function as an alternative to conventional passwords,” Andrea Peterson reports for The Washington Post. “Some privacy advocates are concerned about how Apple plans to handle this highly sensitive data. Apple says it will only store the data collected via Touch ID on the device in an encrypted format rather than in a centralized server. Apple will also block third-party apps from accessing Touch ID.”
“But Sen. Al Franken (D-Minn.) wants details about Apple’s plan for the data collected by the system,” Peterson reports. “Thursday he sent a letter to Apple CEO Tim Cook asking some tough questions about the fingerprint system, and noting how fundamentally different biometric identifiers are from previous ID methods.”
“Franken wants to know more about the technical possibilities of Touch ID and how Apple plans to use it,” Peterson reports. “For instance, if it’s possible to convert or extract locally stored fingerprint data in a format that could be used by third parties, and whether that can be accomplished without physical access to the phone. And what diagnostic information, if any, the iPhone 5s transmits about the Touch ID system to Apple and third parties. And he wants assurances that Apple will never share the fingerprint data or the tools needed to get them with commercial third parties.”
Read more in the full article here.
Franken’s letter to Apple CEO Tim Cook is here.
MacDailyNews Note:
[Thanks to MacDailyNews readers too numerous to mention individually for the heads up.]
Related articles:
Motorola, T-Mobile respond to U.S. Senator Al Franken over Carrier IQ use – December 21, 2011
AT&T, HTC, Samsung, Sprint respond to U.S. Senator Al Franken on Carrier IQ – December 16, 2011
U.S. Senator Al Franken presses wireless companies and hardware makers for Carrier IQ answers – December 5, 2011
Apple, AT&T, Sprint, T-Mobile USA sued over alleged Carrier IQ use – December 5, 2011
Phone ‘rootkit’ maker Carrier IQ may have violated U.S. federal wiretap law in millions of cases – December 4, 2011
Carrier IQ is misunderstood, not evil – December 3, 2011
U.S. Congress Democrat Markey calls for FTC investigation of Carrier IQ software – December 3, 2011
Apple will remove Carrier IQ; how to block it on your iPhone now – December 2, 2011
U.S. Senator Al Franken wants answers from companies who install Carrier IQ software on smartphones – December 1, 2011
Senator Al Franken! Paging Senator Al Franken! – December 1, 2011
Video shows secret software on millions of Android, BlackBerry, and Nokia phones logging everything you do – November 30, 2011
U.S. Senate Democrats Franken, Blumenthal introduce mobile privacy bill – June 15, 2011
Recap of Apple and Google’s testimony before Senator Al Franken’s mobile privacy hearing – May 10, 2011
Apple, Google to face U.S. Senator Al Franken’s subcommittee in mobile privacy hearing – May 9, 2011
Apple’s Bud Tribble to testify in U.S. Senator Al Franken’s Judiciary Subcommittee hearings on mobile privacy – May 6, 2011
Steve Jobs: Apple isn’t tracking anyone; looks forward to testifying before Congress – April 27, 2011
Apple releases Q&A on Location Data: ‘Apple is not tracking the location of your iPhone’ – April 27, 2011
U.S. Senate Democrat Franken to hold mobile privacy hearing; Apple, Google summoned – April 26, 2011
Steve Jobs on iOS location tracking: We don’t track anyone, but Droid does – April 25, 2011
Android phones regularly transmit location data to Google ‘at least several times an hour’ – April 22, 2011
U.S. Senator Al Franken demands answers from Apple’s Steve Jobs over iPhone tracking – April 21, 2011
Yes, but, more importantly, what did U.S. Senator Daffy Duck demand?
More accomplish than you’ll ever be. Anyone else thing 2014 and Steve Jack are one and the same?
we demand the Senators to fix our economy… and stop giving in to the lobby-money crowd…
oh well. i tried.
First’s mind is like a Stradivarius. Unfortunately, his every utterance sounds like King Kong is playing the one string left attached to the rotten old body.
He knows not how to to use objective apolitical analysis, and he never posts any content relating in any way to the Mac.
One might suspect he’s Rove’s butler. No, that would require at least some real-world competence. First lives in La-La land. Must be Limbaugh’s ass-wiper.
Y’all wipe mine, POS
Happy trails
What language are you using?
When y’all become accomplished in English,
c’mon back. Til then, FOAH
Happy Trails
You call this being accomplished?
So run for the Senate, see how far you get
I’ve accomplished a lot more than winning a senate race.
Is English your first language, Artie? Or perhaps you just don’t know what “proofreading” is.
You should come with subtitles.
“He’s demanding enough. He’s dangerously smart enough. And doggone it, people can’t stand him.”
He demands Apple release all the info so Android can try to catch up with apple.. he works for google just like senator Owen Brewster used to work for Juan Tripp from PanAm.
Next he will summon Tim Cook to the Senate for hearings about the fingerprint scanner itself. Cant I get someone finger prints off of a glass they just drank from. Perhaps rom their home and anything else they touched. It seems to me the governments going after Apple on a new issue when the gov are the ones with the microscope up everyone backdoor.
Hopefully Apple will make available butt print recognition for assholes like Franken.
So when a member of the government actually asks the tough questions of a corporation in the interests of its citizens, that makes him an “asshole”.
This why USAnians can’t have nice things.
The tough questions are why our fascist government is illegally collecting information from our phone calls, emails, social media and health without warrants.
First, I agree with you on the fascist government part – TOTALLY.
Did it ever occur to you that maybe Al Franken wants to put Apple in the position of being able to refuse the NSA when it comes knocking, asking how to circumvent TouchID security?
In other words, if part of the government has forced them to never even BUILD a way to extract the data, then it should be a lot harder for another shadowy part of the government to force them to hand over that method.
I hope Franken is on the side of privacy. What’s his history on this issue? Is he one of the bipartisan violate-our-rights crowd that consists of WAY too many politicians from both parties, or does he still believe in civil rights?
If Franken had been intelligent and thoughtful in his inquiry while proving that he actually did ANY, an IOTA, of research on the subject, I’d tend to agree and have the same high hopes.
But no. He totally screwed up his enquiries of Apple and has NOT been outspoken about the blatant and treasonous abuse of the US 4th Amendment to the US Constitution by the Bush and Obama administrations. He’s just another little Demo-dummy fit for the political zoo.
No, it’s because Franken is a buffoon. There’s nothing like electing a comedian as one of your Senators. Congrats, Minnesota.
Yeah, a fourth rate comedian. The moron sure never made me laugh. Until now.
Umm and a governor that was a hack ex pro-wrestler and Hubert h Humphrey a real gem,.. Minnesota know how to get the trailer park crowd to get the vote out,..
@ Reech,
And Barack Obama certainly knows how to get out the vote when it comes to low IQ people (blacks and mestizos).
Do you really think anyone in gov. does anything in the interests of it’s citizens? The whole M/O of the government is ‘of the government, by the government and for the government’. Wanking jack asses like Al Scanken could give damn about it’s citizens, especially the legal tax paying ones. So yes he’s a ‘asshole’.
I think it’s the hysterical language and the need to be a media whore in so doing that makes one question the motives
Politicians do things to further their own political interest. They do not do things “in the interests of citizens.”
Tim Cook should tell Al Franken that he’ll be happy to voluntarily answer Franken’s intrusive questions as soon as the gubmint starts protecting Apple’s IP, and also stops picking winners and losers in the ebooks market.
@ His Shadow,
Americans have all sorts of nice things. Most of the nice things in this world for well over the past century are of American origin.
One step beyond Okie. And brilliantly done. I am not so brave.
I hope Apple CEO Tim Cook tells him to FOAD. WTF? Why doesn’t Al do some of his own investigation instead of writing letters to a man who must be among the busiest in the world today?
Of course he can find answers to his questions on Anandtech or various other sites, but there is certainly value in having an executive at Apple clearly answer these questions. They can still lie to you, but at least their lies are on the record. They can’t say “Oh, that was just a mistake in our PR copy” I know in the world we live in today, people feel like they are forced to choose sides, and once they have done so, they can’t like anything the other side does.. but if you are honest with yourself, I can’t see how you would be against a senator asking tough questions about something that could potentially have serious security and privacy issues.
Did any of you knee jerk idiots read the letter he wrote? Or are you just reacting out of base instinct…
Look, the bottom line is this. Apple has done an amazing. Job with touch ID, been using mine since early this morning and it’s awesome. But, if there is a way to extract this data I think we need to know about it.
I believe that Apple, above all other tech companies, took this all into consideration and has done it the right way. But there is no harm in asking them to look for a flaw in the system, and see if there actually is one. Frankens letter is actually reasonable, for once, and I have no problem asking this question
Sounded rather sensationalist to me, an approach that rarely seems to happen when companies other than Apple are involved. And surprise surprise it is being presented around the World as if Apple is actually already guilty of accessing our private information. Voices of reason are few and far between when comments are clearly phrased as if of a critical nature rather than an exploratory one.
Actually, if you read the reporting, I get the feeling that the Senator is trying to build a case that the print is content and would require extra work for law enforcement to force you to give it up.
@ McDruid,
Actually, you shouldn’t arrogantly assert that someone hasn’t read something just because their conclusions on not your own.
The likes of Al (I stole my political office) Franken needs to worry less about the flaws in free enterprise entities and concern himself with the flaws in his big gubmint ideology.
All Franken the doofus would have to do is watch the keynote for the 5s’s introduction and all of the idiots questions would have been answered.
The only thing that Franken wants from this is publicity to further his own political career.
Franken is such a penis. Who voted for this clown?
Minnesotans. I think they wanted to balance out the Jesse Ventuea years.
He’s not as much of a dick as Anthony Weiner.
Your childish crudeness makes me an instant Frankenstein supporter.
Frankenstein original movies had no voice. The reason Bela declined the role.
Oh, sorry, we are talking about the Senate’s biggest joke!
Calling Franken a penis is an insult… to penises everywhere.
Vote for Pedro.
Wow, the government wants to make sure people can’t get into your phone and personal information? Really? Since when do they care…NSA seems perfectly ok with getting the data- why stop now?
Maybe Al just needs more info on how to let the NSA get in our new phones.
NSA type of snoopers stuff are there quite longer then any sort of patriot act all over the countries… since centuries, in fact.
Nowadays, there’s only more fuzz around it. But still thinking that the governments would ever be respecting privacy is a real joke anyway.
Truly an embarrassment to Minnesotans.
He decided now to ask the tough questions.
No, that would be Bachman.
No, it’s Franken.
If Franken is so concerned about protecting citizen’s privacy, shouldn’t he be knocking on the door of the NSA? Or is that too close for comfort?
Idiot. Those questions are all answered in a video at apple.com. Besides, Apple has no responsibility to tell the government their technology secrets. Besides, pay attention to your own house, Senator.
Really Al? Struggle for attention much? What an embarrassment he turned out to be
What about all the HP computers and other brands that do the same fingerprint recognition/entry? Guess we better ask the what they have been doing with them for YEARS!
Maybe that’s what he’s doing: making sure that the fingerprint data never gets into he hands of malicious third parties, like the federal government and the NSA.
Or he’s fishing for knowledge so it can get to the NSA, not that the NSA needs it.
Why must it sound so dramatic? Could the Senator simply interact with Apple to get it the information? Really, seems more Hollywood and I know the questions are very important ones. However, since we touch our phones, the prints can be easily lifted of the glass of the devices. So, this form of theft requires only the most basic skills. Just seems overly dramatic.
Except that the iPhone’s fingerprint sensor replies on scanning sub-dermal layers as well, or weren’t you paying attention. A simple fingerprint lift will just not work the way you imply.
=:~)
Yes I am aware of the sub dermal scan, scar tissue, and algorithm. However, this is a very technical trade of theft. My concern is the action of demanding instead of quietly interacting with the company. Seems the Senator is less concerned on the repercussions of how people can spin this into a point where a greater harm is done. A persons indentiy can easily be done by lower tech methods. It is done daily and can pop up again in the future. This could be a new vector, but my point is this- Why demand publicly on something he has few answers for. Should they not compile, understand, and if Apple stonewalls or is not cooperative, then demand publicly? Seems a little self serving.
Except this way, it puts Cook under oath that the prints are not stored on Apple servers. I can’t see how that is a bad thing.
It’s a bad thing because the gubmint is already very intrusive. The gubmint should leave us all alone and allow us to run our own affairs. We do not need the most reprehensible people in our country looking over our shoulder. We have a Constitution to protect against such things, but it only works if you follow it.
He should back to being a part-timer on SNL…we knew he was trying to be funny then.
Franken was actually a head writer over at NBC’s SNL for many years. Acting was only a hobby on the show. What incredible IRONY that he tries to be serious as a Senator and ends up making us, cynically, LAUGH.
Ummm shouldn’t he be doing something more important right now?
Shouldn’t you?
Yeah, I’m taking a dump right now with your name on it!
Hahaha!
Because competitors and hackers want to know.
So do inquiring minds. 😉
He’s just picking on Apple, like a hit whore.
These questions should have been asked from day one, when finger print sensors first became available.
I went on a trip recently, almost all immigration desks have finger print scanners, across Europe and America. However, maybe because of my passport origin, they never asked me to use it.
Actually, you would be surprised at the “mental” abuse some foreign citizens get, across the world, unless they are from the “special” countries. Also learned that Austrian officers, don’t tolerate stupid. 🙂
My guess is Al just got a new iPhone and can’t figure out how to set it up.
Tim to Al – Touch ID is an alternative to typing in a passcode. It also validates iTunes purchases instead of typing in your passcode. We don’t discuss future plans for technology.
It’s doesn’t scan or store a ‘fingerprint’ per-say but rather creates a conductivity map of your finger. At the level of detail this sensor is that will provide a unique enough signature it’s very unlikely to be unlocked by another random person. But I haven’t seen what the likelihood is.
OMG what a TechTard is Al Franken. Apparently, he’s illiterate. Apple most carefully and explicitly say EXACTLY what happens to the Touch ID data. Here’s where, Mr. TechTard illiterate Al Franken, directly from Apple at their site on YouTube:
OR, you can watch it at Apple’s website here:
http://www.apple.com/iphone-5s/videos/
OR, I found it copied over 20 times on YouTube. Do a search for “Apple – iPhone 5s – The new Touch ID fingerprint identity sensor”.
All fingerprint information is encrypted and stored inside the secure onclave in our new A7 chip. Here it is locked away from everything else, accessible only by the Touch ID sensor. It’s never available to other software and it’s never stored on Apple’s servers or backed up to iCloud.
*rant*
While this Demo-dummy is proving his incompetence, the Neo-Con-Job / Tard Party SCUM in the US House of Representatives are threatening to bankrupt the USA over The Affordable Care Act, which they snidely call “Obamacare”. Treasonous.
To hell with BOTH worthless political parties ruining the USA. Die.
May actual REPRESENTATIVE, MODERN, constitutionally LITERATE political parties rise out of your fetid ashes. /rant
Since you seem to know so much about it, maybe you can answer the questions I have and can’t find elsewhere:
What type of encryption algorithym does it use?
How secure is it – how many bits?
Is the encryption one-way or two-way: does the stored fingerprint have to be unencrypted to compare it to the unlocking print, or is the encrypted form of the unlocking print compared to the encrypted form of the stored print?
If the latter, is there an unencryption key? Does Apple know what the key is? Does the NSA?
Thanks, I appreciate the answers.
EXCELLENT QUESTIONS! And I have zero data so far about any of it! It’s clear that Apple is holding these cards close to their chest.
I can chatter on about the best currently available encryption system Apple SHOULD be using. But I don’t know what they actually are using.
If, as they say, only the Touch ID process can access the encrypted data, theoretically this is hack-proof and it wouldn’t matter if they told the world about their specific encryption system. But the hacker community is wise, curious and persistent. It would bash away to find out how to simulate the Touch ID process and attempt to grab the encrypted data. Whether it could then UNencrypt the data is another matter. I very much doubt they could, IF Apple has used the basic encryption it has had built into the Disk Utility application for years now. It’s 256-bit encryption that would, theoretically, take more than a human lifetime to crack with any computer system imaginable today.
BUT, we know there is a lot more to encryption than simply the encryption system used. Is the Touch ID using a password to access the encryption and decryption of the data? Is it something obvious like the word ‘admin’, which is used on quite a few WiFI routers, allowing them to be easily cracked by any script kiddie level hacker? We shall see.
In the meantime, I fully believe Apple’s lock down of the Touch ID system such that there is zero chance of data leakage. We know hackers are bashing away at this security system as I type. We also know Apple allowed a ludicrously easy security hole into iOS 7 whereby finessing the Home button will let any hacker into a significant swath of the phone’s data. Blunder deluxe. Humbleness in computer security is required at all times. Anyone bragging about having perfect security is only setting themselves up to be first in line to be hacked, and typically they will be. Such as the remarkably primitive level of computer security we have today, despite ambitious standard best practices.
It is precisely this bug in ios 7 that people should be VERY suspicious of how secure this data will be. Al Franken is totally correct to be concerned of this technology and apple’s answers are vague at best. In this age of data espionage, the burden of proof that this is a secure system is on apple. I sure as bell won’t be touching it with a ten foot pole.
I disagree that Apple was vague. Franken really did pull a boner of deliberate ignorance. Finding out exactly what he wanted to know was DIRT easy and he fracked it up. Shame on him and politicians like him.
But yes, expecting whopping security holes in even something that sounds as locked down as Touch ID is typically a GREAT idea. It is also a concept that flies WAY over the head of the likes of Al Franken. Such hacking concerns were NOT what he was ranting on about.
Somewhere around here I went into a more detailed diatribe about how to hack Touch ID and how it is currently top-of-the-list on hacker’s radar this week. It’s going to be interesting what they shake out about the Touch ID system. Meanwhile, Apple is wisely keeping their cards close to their vest, not wanting to give hackers any help.
Except, as I pointed out, none of the important questions have been asked, much less answered.
In any event, there is a dead easy way to access your data: it involves a hammer and a machine that scans flash memory. It does kind of ruin the resale value of the iPhone though.
I agree that important details, from a techy’s POV, have not been answered. They’re not going to be answered either, as I explained.
As for the hammer, cathode and anode method: From what Apple said, the data doesn’t go into flash memory. It has to work something like PRAM, which is not the same as Flash. I suspect the data is wiped if the iPhone is factory reset. Picking up the data transmission would still be possible. But if it is kept encrypted, what’s the point?
However, if the data is transmitted in and out of the A7 chip in the clear, ooo wouldn’t that be naughty?!
Damn, that would be bad. Get to it hackers!
IOW: Wait and see what shakes out as the hackers bash at Touch ID.
Very few people want your fingerprints. If they do, they can lift it from anything you touch. Many more people would want your email, contact list, personal information that is stored in the clear on your memory. Hence the hammer and the reader.
Well, it would be VERY difficult to merely use a lifted fingerprint and get it to work as a fake that would work with Touch ID, if it does what Apple says it does. It is NOT merely a pattern recognition system.
Apple are saying Touch ID requires a living finger in order to log in the user. I joked somewhere around here about consulting with ‘Herbert West, Reanimator’ for ideas on how to make a dead finger appear to be alive enough to trigger the Touch ID system. To my chagrin, simply keeping the severed finger in an isotonic solution at 98.6ºF is insufficient for login functionality. Darn.
Well, either they
a) want your phone
b) want the data off your phone, or
c) want your fingerprint.
B is where the hammer comes in. C they can get off anything you touch. A is a hella lotta trouble for $500 (probably the max it would fetch fenced).
” Is the Touch ID using a password to access the encryption and decryption of the data?”
Derek, I think this is the key unanswered questions. More specifically, Is there a decryption key? I don’t see any reason to even allow the data to be decrypted. I also don’t see many of the other commentators understanding anything about security, ne?
It’s interesting that you said the data need not be decrypted. Imagine that! A system based on encrypted data, no keys required, entirely locked in, no access from outside. It could happen! 😉
Apple has already started off on a bad note with 7 betas of ios 7 that allowed this security hole to slip into the public release. This in itself should be enough evidence that apple shouldn’t be trusted when they say this data is secure.
Actually, after my experience studying modern software security, I question ALL software systems. The coding languages we are currently stuck with are GUARANTEED to screw up memory management. Sometimes I think it is humanly impossible to write modern code that doesn’t have some kind of buffer overrun catastrophe built in. Then I realize that if humanity ever does write an AI system (artificial intelligence) it is GUARANTEED to be utterly insane. I don’t means Skynet insane. I mean incoherent, can’t tie its own shoes without blowing a circuit insane.
Therefore, the Apple Home button security blunder in iOS 7 is merely an inevitability. And yes, no software system should EVER be trusted as truly secure. I don’t care WHO wrote it.
The stored print does not have to ever be decrypted, if they went that way. The unlocking print is encrypted and compared to the stored print data. The end result is that it would be nearly impossible to recover the stored fingerprint, even if you accessed the data.
If what you are saying was truly true, it wouldn’t need a secure enclave in the first place. Obviously apple is worried that the data COULD be reverse engineered.
Excellent concept! Good insights dude. Thank you.
What an utter dickhead.
Why is he worried about the most secure security of biometrics, and not all the insecure Androids marketed by the company (Google) most unconcerned about our privacy? Leave Apple alone, Al, and fix this country’s economy & foreign policy which you were elected to do! Do your job! Idiom!
It’s almost impossible to access a device with a biometric reader on it.
The finger print profiles are stored on the phone and can be deleted very easily if you go into settings.
Imagine having this and Siri voice recognition too unlock your phone and you have a system that is rock solid.
It’s gonna take years for the photocopiers of shitstung and gargle lamedroid to copy this.
Fuck Al Frankin!!!
The question here is why does he did not ask “tough” question when the Motorola including fingerprint sensor on the Atrix or when PC makers included the fingerprint scanner on some of their laptop? Why now? Oh yeah, because it is Apple and publicity goes a long way for a politician (of any political party). They have better and more important things to do than this, like reducing the deficit/debt, war, etc.
I don’t see my comment. Does this sensor the F word? I’ll try again.
F U C K Al Frankin!!!!