U.S. Senator Al Franken has written a letter to Apple CEO Tim Cook, in the letter he asks some tough questions about Touch ID, the 170 microns thin fingerprint sensor that resides underneath the home button of the iPhone 5S. Franken says that which the sensor might improve certain aspects of mobile security, it raises important privacy questions for the company. He cites an Apple promotional video in which the company says that a fingerprint is “one of the best passwords in the world,” and disagrees. A conventional password can easily be changed if an unwanted person finds it out, passwords are secret, they are dynamic. Fingerprints are not. A person can’t change their fingerprints, and since they leave them on every surface they touch, “they are definitely not a secret,” writes Franken. He says that hackers were to get access to a fingerprint, they’ll be able to identify and impersonate a person for the rest of their lives.
Apple has already given answers for some privacy related queries that people may have. For example, it has detailed the storage process of fingerprint data. An image of the fingerprint isn’t saved, data is never uploaded to Apple’s servers rather its kept in a “secure enclave” inside the iPhone’s A7 chip. Furthermore, third party apps are not allowed to access the sensor. Franken raises some tough questions, despite all of these assurances. He asks if its possible to convert locally stored fingerprint data into a digital or visual format, if its possible to extract the data from the chip either remotely or with physical access and if data will be backed up to a user’s computer. He also asks if Apple can confirm that it will never share fingerprint data with “any government, absent appropriate legal authority and process?”
Its likely that questions such as these will come up in the future as well. Only recently it was reported that there is now a crowdfunded bounty that will be awarded to the first person who is capable of cracking Touch ID. Hackers might even have a go at the aforementioned secure enclave. Questions like these will definitely arise in the future. Franken requests Apple that it reply within one month.