Skip to main content

Give Apple your fingerprint? It's your call

By Jim Killock, special for CNN
September 15, 2013 -- Updated 1603 GMT (0003 HKT)
STORY HIGHLIGHTS
  • Apple's new iPhone 5S features fingerprint recognition technology
  • Jim Killock: Apple must persuade public to trust them after Snowden's revelations
  • Apple's fingerprint system does create a risk of "normalizing" biometrics - Killock

Editor's note: Jim Killock is executive director of Open Rights Group, which campaigns in Britain to defend freedom of expression, privacy and consumer rights on the Internet.

London (CNN) -- Using your fingerprint to identify yourself seems beguilingly simple: it belongs only to you, and you aren't going to lose it. Apple's use of fingerprint technology -- although not the first in the industry -- seems very in tune with its ethos of making devices easy to use.

However, how safe fingerprint technologies really are does depend on how they are implemented. You might ask, is my fingerprint stored, who else can access it? Can the government demand that Apple hand my fingerprints to them, or use Apple to identify criminals from their database?

Jim Killock
Jim Killock

Apple have stated on record that they do not store fingerprints, and nor does the device. Instead, the iPhone stores the result of a check -- a "hash," which may be unique, but can't reveal your fingerprint.

But after the revelations by Edward Snowden that Apple was one of four Internet companies to have handed over data to the NSA, Apple has a much harder job to persuade the public to trust them. We need to know that backdoors won't be built into iPhones to allow security services' to retrieve your fingerprint data. The NSA has been shown to have a program of demanding means of entry to the software and hardware of all cell phones, through introducing security flaws. These flaws -- software bugs -- are also available to criminals and competing security agencies to exploit. Are we going to trust Apple's security won't be compromised? They are participants in the PRISM scheme -- whatever precisely that involves. How else are they co-operating with secret NSA demands?

The long-term answer to these security trust issues is to reveal the whole of these systems, including the underlying "source code" so that computer programmers can check how they work, and ensure that systems are not compromised. That's not really the kind of approach that Apple has been famous for, often being very closed about their software development and asking us to trust them to know best. Citizens and businesses should not have to trust their security to systems they cannot examine.

iPhone 5S has fingerprint technology
Will people buy new iPhones?

Apple's fingerprint system does create a risk of "normalizing" biometrics. Because of the iPhone's widespread use, people may increasingly expect to use similar "easy" and "safe" biometric systems, without considering that they create highly personal identification, with risks of being tracked and surveilled, and yet do not necessarily deliver the security that they imply. Other low level fingerprint ID systems suffer the same problems, yet are being employed in schools, even to replace library cards.

Biometrics can create a false sense of security. It is easy to assume that the tools really are a hard identification of an individual, and therefore, the technology cannot be fooled, or go wrong. However, systems can be fooled. Fingerprints and even your iris can be replicated.

Apple's fingerprint system may encounter a simple problem, in that the key to unlocking your phone -- your fingerprint -- could well be liberally scattered across the phone you are trying to protect. While the phone may also look for body heat, or skin irregularities, there is at least a distinct path which could be used to try to break into a phone. We'll have to see if anyone can use it successfully.

Some of these risks are manageable, through transparency and audit. The wider social risks are far harder to manage; arguably they aren't Apple's problem. Perhaps society needs to start having a much more intense debate about security and privacy, starting off with asking: whose security are we worrying about: my own, or the state's? How do I know what risks I am taking, and why should I trust any of the claims that are made?

People understand what a wallet or a doorlock is. The risks with personal and financial information are less tangible, and the risks of state abuse of power sometimes less tangible still. But these come with the digital technology; we will truly be citizens of the digital age when we can successfully debate and deal with these problems.

The opinions expressed in this commentary are solely those of Jim Killock.

ADVERTISEMENT
Part of complete coverage on
November 27, 2014 -- Updated 1521 GMT (2321 HKT)
The first human trial of an experimental Ebola vaccine has produced promising results, U.S. scientists said.
November 27, 2014 -- Updated 1415 GMT (2215 HKT)
Darren Wilson, the police officer who fatally shot unarmed black teen in August abandoned home after address made public.
November 25, 2014 -- Updated 2236 GMT (0636 HKT)
HBO -- backing a documentary based on "Going Clear," a book about Scientology and Hollywood -- isn't taking any chances with legal side.
November 26, 2014 -- Updated 1935 GMT (0335 HKT)
Grandmaster Nguyen Van Chieu has devoted his adult life to spreading the word about Vietnames martial art, Vovinam.
November 27, 2014 -- Updated 1136 GMT (1936 HKT)
England cricketer Nick Compton shares insight into "drive and courage" it takes to face fears as top batsman.
November 27, 2014 -- Updated 0059 GMT (0859 HKT)
Ferguson police officer Darren Wilson says he was just doing his "job right" when he shot and killed black teenager Michael Brown.
November 24, 2014 -- Updated 0118 GMT (0918 HKT)
The interior of the Formosa Boulevard Mass Rapid Transit Station in Kaohsiung, in southern Taiwan.
Stunning stations where your first priority won't be finding the nearest exit.
November 25, 2014 -- Updated 2318 GMT (0718 HKT)
Turkish President Recep Tayyip Erdogan says women's "nature is different," sparking fury.
November 24, 2014 -- Updated 1043 GMT (1843 HKT)
A 30-year-old woman has been charged with attempting to kill a baby police say spent five days down a drain before being discovered by cyclists.
November 21, 2014 -- Updated 0121 GMT (0921 HKT)
If it wasn't for a comic's skit, Bill Cosby would still be America's favorite father, says expert.
November 24, 2014 -- Updated 0051 GMT (0851 HKT)
Where do hip young things hang out in Taiwan?
November 21, 2014 -- Updated 1550 GMT (2350 HKT)
Obama orders the most sweeping overhaul of U.S. immigration in decades, prioritizing the deportation of "felons, not families."
November 18, 2014 -- Updated 2106 GMT (0506 HKT)
Fighters loyal to ISIS are now in control of Derna, a city on Libya's Mediterranean coast.
November 21, 2014 -- Updated 2319 GMT (0719 HKT)
China and likely other countries have the capacity to shut down the U.S. power grid, says the NSA.
November 19, 2014 -- Updated 1945 GMT (0345 HKT)
The founder of a U.S. nonprofit that works with returning soldiers is named CNN's Hero of the Year.
November 27, 2014 -- Updated 1703 GMT (0103 HKT)
Each day, CNN brings you an image capturing a moment to remember, defining the present in our changing world.
Browse through images from CNN teams around the world that you don't always see on news reports.
ADVERTISEMENT