by Silvia Lee, Associate Staff
People waited in lines all over the world on Friday, September 20th to purchase Apple’s latest release, the iPhone 5s. Among the mobile device’s new features is a fingerprint scanner built into the home button. After an initial set-up, Apple’s proprietary “Touch ID” technology can scan sub-epidermal layers to allow users to unlock their phones and make iTunes purchases by scanning their fingerprint. Addressing privacy and security issues, Apple has stated that the biometric data is encrypted and stored only on the device and the information will not be sent to Apple’s servers or Cloud service. In addition, third party apps will not have access to the Touch ID system.
The much talked-about feature has at least one lawmaker voicing his concerns. Senator Al Franken, the Chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law, has written a letter to Apple CEO Tim Cook in which he poses several questions regarding the new technology. One of his concerns is whether Apple considers the biometric data to be “contents” of communication or a “subscriber number or identity.”[1] Under the Stored Communication Act, “content” cannot be freely disclosed to law enforcement agencies without a warrant, while “subscriber number or identity” requires only a subpoena.[2]
Senator Franken is also concerned with how secure the fingerprint scanner actually is. He notes that “[p]asswords are secret and dynamic; fingerprints are public and permanent.”[3] If a passcode is compromised, users can change it for a new one, but fingerprints are unique and unchangeable. He fears that someone could lift a user’s fingerprint and use it to hack into the phone and all the information stored within.
The idea of lifting a fingerprint and hacking into an iPhone 5s has been turned into a competition on a website launched by Nick DePetrillo and Robert Graham. The site is crowdfunding a bounty for the first Touch ID hack. The duo claims their motives are to show that it is more difficult than people think. The crowdfunding campaign has raised over $5,000.00 so far and garnered much attention on Twitter with the hashtag #istouchidhackedyet.[4] In order to win the bounty, the hackers must post a video detailing the process of lifting a fingerprint from an everyday object (like a beer mug) and using it to unlock an iPhone 5s.[5] As of 10:00 no official winner of the bounty has been declared, but the Chaos Computer club from Germany is rumored to have accomplished the feat and have published a step-by-step guide.[6]
So far Apple has stayed silent on the matter. However, with a successful Touch ID hack a mere two days after the phone’s release and Senator Franken’s request for answers to his queries within a month, Apple may be pushed to speak sooner than anticipated.
[1] Andrea Peterson & Hayley Tsukayama, Fingerprint Scanner for iPhone 5s Raises Privacy, Security Concerns, Wash. Post, (Sept. 20, 2013), http://www.washingtonpost.com/business/technology/fingerprint-scanner-for-iphone-5s-raises-privacy-security-concerns/2013/09/20/0992cbee-222f-11e3-966c-9c4293c47ebe_story.html.
[2] Sen. Al Franken, Sen. Franken Questions Apple on Privacy Implications of New Fingerprint Technology, Al Franken (Sept. 20, 2013), http://www.franken.senate.gov/?p=press_release&id=2562.
[3] Id.
[4] Adam Vrankulj, Can the iPhone 5s Be Spoofed With a Lifted Print? Hackers Crowdfund Reward to Find Out, Biometric Update (Sept. 20, 2013), http://www.biometricupdate.com/201309/can-the-iphone-5s-be-spoofed-with-a-lifted-print-hackers-crowdfund-reward-to-find-out (Arturus Rosenbacker originally pledged $10,000 toward the bounty but has since been discovered as a scammer, http://www.zdnet.com/charlatan-hijacks-iphone-5s-fingerprint-hack-contest-fools-press-7000020978/).
[5] istouchidhackedyet, www.istouchidhackedyet.com (last visited Sept. 22, 2013 11:30 P.M.).
[6] How to Fake Fingerprints? Chaos Computer Club, (Sept. 22, 2013), http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?language=en