There's a Troubling Dark Side to Apple's New Fingerprint ID That No One is Talking About


Just as autumn's withered leaves portend a looming winter, lines of Apple fetishists snaking down city blocks ready to bear the elements signal one thing: the new iPhone has arrived.

But one feature of the powerful and sexy iPhone 5s is leaving civil libertarians and consumer advocates raising questions: the fingerprint scanner, known by Apple as "Touch ID." Is it reliable? Is it safe? What are the potential legal implications?

Luckily Apple has sought to address some of these issues upfront, still reeling from news reports of its complicity with the National Security Agency's (NSA) dragnet surveillance programs. Understandably so, given concerns from civil libertarians will only grow in prominence as biometric sensors, like Touch ID, become staples of consumer technology.

Desire for simultaneous ease and security from thieves by iPhone users, as well as the increased efficacy of biometric technology, are driving the implementation of features like Touch ID. But waves of IT innovation have always crashed over consumers, their privacy hazards cloaked in the glitz and glamour of stylish convenience only to be unearthed later. In this sense, Touch ID is nothing new.

Take the device on which it's being implemented: the smartphone.

Beyond making calls and surfing the web, a smartphone also serves another purpose as a tracking device. Some have argued that to be its "principal function". In 2011, it was revealed that mobile phone carriers responded to 1.3 million requests for call data by law enforcement — ranging from Barney Fife to the FBI, not including bulk surveillance by the NSA. In many cases, police agencies don't even need to obtain a search warrant for the records, and thus don't have to prove to a judge that their target is reasonably suspected of criminal involvement.

Just by knowing your location, police can then comprehend a whole lot about who you are. A federal appeals court ruling about the use of GPS trackers discussed how GPS data can reveal if a person "is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups — and not just one such fact about a person, but all such facts."

Research out of the UK even suggests that by factoring in your location patterns with those of your friends (mutual smartphone contacts), watchers can deduce your future movements. According to the MIT Technology Review, "In a study on 200 people willing to be tracked, the [predictive modeling] system was, on average, less than 20 meters off when it predicted where any given person would be 24 hours later."

Furthermore, as with all devices connected to the Internet, smartphones can be penetrated by outside malware, spyware, and browser-tracking devices that seek to obtain as much personal information as possible. These range from typical web browsing "cookies" from marketers to sophisticated programs used by intelligence agencies like FinFisher. Such malware can remotely operate your phone's microphone or video recorder to tape your conversations, even if the phone is turned off. This is the price of having a computer in your pocket that can access the Internet. If you can access it, they can access you.

But police and intelligence agencies are only seeking to track bad guys, you might say. Not quite.

In an obscure lecture from the Hackers On Planet Earth (HOPE) 9 conference in 2012, private investigator Steven Rambam disclosed that "everybody that attended an Occupy Wall Street protest, and didn't turn their cell phone off … and sometimes even if they did … has [had their identity] logged, and everybody who was at that demonstration, whether they were arrested, not arrested, whether their photos were ID'd, whether an informant pointed them out, it's known they were there anyway. This is routine."

So long as the potential for civil liberties abridgments are kept from customers by technology manufacturers, a unique danger will continue to be posed by the devices on which modern man runs. In this sense, Apple's decision to compartmentalize the biometric data it collects is a step in the right direction. Consumers must demand that others in the future heed its example.