German Data Protection Expert Warns Against Using iPhone5S Fingerprint Function 303
dryriver writes "Translated from Der Spiegel: Hamburg Data-Protection Specialist Johannes Caspar warns against using iPhone 5S's new Fingerprint ID function. 'The biometric features of your body, like your fingerprints, cannot be erased or deleted. They stay with you until the end of your life and stay constant — they cannot be changed. One should thus avoid using biometric ID technologies for non-vital or casual everyday uses like turning on a smartphone. This is especially true if a biometric ID, like your fingerprint, is stored in a data file on the electronic device you are using.' Caspar finds Apple's argument that 'your fingerprint is only stored on the iPhone, never transmitted over the network' weak and misleading. 'The average iPhone user is not capable of checking, on a technical level, what happens to his or her fingerprint once it is on the iPhone. He or she cannot tell with any certainty or ease what kind of private data applications downloaded onto the iPhone can or cannot access. The recent disclosure of spying programs like Prism makes it riskier than ever before to share important personal data with electronic devices.' Caspar adds: 'As a matter of principle, one should never hand over any biometric data when it isn't strictly needed. Handing over a non-changeable biometric feature like a fingerprint for no better reason than that it provides 'some convenience' in everyday use, is ill advised and foolish. One must always be extremely cautious where and for what reasons one hands over biometric features.'"
He is not an expert... (Score:5, Insightful)
Basically, he is the guy legally overseeing German Privacy Laws in the State of Hamburg. He is not a privacy expert. The only two guys in Germany I would listen to (maybe three guys) is the Privacy Commissioner of the State of Schleswig-Holstein, the Federal Privacy Commissioner and someone from Chaos Computer Club.
That being said, the question rather should be how the fingerprint scanner is implemented. If it generates a hash that is stored on the device and never stores the finger-print itself outside of RAM, I wouldn't have a problem with that.
The devil usually is in the detail - and in this case in the details of implementation. I would assume that Apple generates a hash code, stores it on the device and compares only hashes and never has a finger-print picture stored on the device (which would be better in any case). One might even consider storing up to 3, 5 or 10 hashes in order to have some heuristics.
Also, one wouldn't generate a has of the picture but rather the relationship of certain finger-print lines in order to not rely on a picture that might be different every time. But the line-relation is not so much different. I'm not an expert in biometrics, but I believe this is the same approach for face-recognition (certain specific face-points and their relationship to each other is analyzed, a hash generated and stored and next time compared against a new hash).
Being myself a German, I sometimes worry about German "alarmism". As Sigmund Freud said: "some times, a cigar is only really a cigar..."
Paranoia (Score:5, Insightful)
While there are good reasons for paranoia when it comes to the NSA, I think this paranoia is over the top. Firstly, if Apple is lying, and the fingerprint information is not stuck inside the chip like they say, hackers WILL discover it. Then Apple will have bad publicity from here to eternity. So I don't think Apple would lie. Secondly the government has lots of better and easier ways to harvest fingerprints if they really want to. Thirdly, I don't think fingerprints will really do the government much good, except in crime investigations. If you're worried about that, then you've probably got bigger problems.
Re:Also it stands to reason (Score:5, Insightful)
But because of that the privacy concerns raised are pointless. Casual use is exactly where biometrics are useful, they are very convenient but don't provide any real security.
Re:Your Fingerprint isn't ever stored in flash (Score:5, Insightful)
Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to
So the data exists on the phone. The phone is connected to a network. But it is physically impossible for that data to be sent over the network? Not sure how that would work.
Re:Also it stands to reason (Score:5, Insightful)
Re:Also it stands to reason (Score:2, Insightful)
'Under the skin' is the magic dust the Apple marketing people came up with this time.
It's the Altivec Unit of 2013.
Re:Who will be first (Score:2, Insightful)
Appropriate : http://xkcd.com/538/
However : there is a vital difference : a Merc S class costs 100k and there is no reset button. An iPhone 700 bucks. :-)
Chopping of a finger for 700 bucks isn't worth it. Just restore it with iTunes. Much easier.
In other words : no. It won't happen. It's just FUD. Fear mongering.
subdermal imaging (Score:5, Insightful)
I don't have special knowledge about how the Apple print scanner works but what I've read makes me believe it uses infrared sub dermal imaging. That is it seems below the surface. If so it's seeing more than just your finger surface print. That should make it harder to forge from lifted surface prints. It also will mean that it will work for people who have worn their finger prints off (apparently some types of labor do this--they grow back)
Moreover I would say this so called "expert" has it backwards. If you fingerprints really are a one-shot biometric that can't be unspoiled then we want to use them for casual things not critical things.
This finger print scanner is not eliminating passwords, it's just a second factor. I'ts a great idea used well.
Re:Also it stands to reason (Score:5, Insightful)
But because of that the privacy concerns raised are pointless. Casual use is exactly where biometrics are useful, they are very convenient but don't provide any real security.
Yeah, because having your fingerprint physically on something is exactly the same as having it digitally stored where it can be transmitted in seconds to any anywhere in the world. It's just as easy follow someone around until you can physically steal their phone and pull the fingerprints off as it is to plant some malware on it and have it transmit the info.
Re:Also it stands to reason (Score:5, Insightful)
Except that they've already confirmed that they're not storing your actual fingerprint. They're storing hashes of the fingerprints that they use to verify your fingerprint when you attempt to login, just the same as how a well-designed, traditional login system stores password hashes instead of the passwords themselves.
So, for all intents and purposes, a malicious individual actually would have an easier time getting your fingerprint by lifting it from the smooth, glass surface on the front of the device than by hacking your phone and extracting it, given that it doesn't actually exist in the phone.