U.S. Senator Al Franken challenges Apple on Touch ID privacy implications

By , Sep 20, 2013

iPhone 5s first look

What are the privacy implications of the iPhone 5s fingerprint sensor? U.S. Senator Al Franken wants Apple CEO Tim Cook to answer that question and more. In a published letter to Cook, Franken writes that “important questions remain about how this technology works.” In addition, the senator wants the Apple chief to explain how the Touch ID sensor may be used in the future.

In response, Apple published online a document explaining that fingerprints obtained by the new iPhone 5s are walled-off from the iOS software and application developers…

While recognizing Apple “has worked hard to secure this technology and implement it responsibly,” Franken writes that the fingerprint technology developed by the iPhone maker “will surely pave the way for its peers and smaller competitors to adopt biometric technology, with varying protections of privacy.”

Among Franken’s concerns is will Apple protect the fingerprint data from government inquiries. Unlike the “contents” of email and other communications which require a warrant, “subscriber number or identity” can be obtained with just a subpoena.

“Does Apple consider fingerprint data to be the ‘contents’ of communications, customer or subscriber records, or a ‘subscriber number or identity’ as defined in the Stored Communications Act?” he asks.

The question gets at the heart of whether Apple sees the fingerprints stored as belonging to the iPhone owner or a record which the company maintains.

Touch ID securtiy breach

Although Apple’s support document isn’t an official response to Franken’s questions, it does provide some insight into the hardware protections afforded fingerprints.

“Touch ID does not store any images of your fingerprint. It stores only a mathematical representation of your fingerprint and compares this to your enrolled fingerprint data to identify a match and unlock your iPhone,” reads Apple’s support document.

It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation.

The iPhone 5s includes something called Secure Enclave within the A7 chip.

Apple A7 chip (Secure Enclave 001)

The encrypted fingerprint data is only available to Secure Enclave, according to the company. That data is then used to verify fingerprints against that stored.

Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data.

The Secure Enclave is walled off from the rest of A7 and iOS.

“Your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else,” according to Apple.

“Only Touch ID uses it and it can’t be used to match against other fingerprint databases,” noted the firm.

This isn’t the first time Apple has had to answer security questions.

Most recently, the company denied its involvement in releasing user data to the NSA. As for Franken, back in 2011 CEO Steve Jobs came in for questions regarding the ability of the iPhone to track users.

  • Share:
  • Follow:
  • Kyle

    Sweet so the NSA may not get all of iPhone 5s buyer’s finger prints!

    • NSA informant

      The NSA will get anything we want as long as we desire it.

    • JoJo

      Would be stupid if it were otherwise.

  • dedegarrido

    who cares if the government or anyone has your fingerprint? they have it already anyway… unless you don’t have an ID, drive’s license or passport…

    • jocastro

      lol and all background checks normally do fingerprinting anyways lol, people who freak out about it are blondes lol

      • Kurt

        RACIST

    • CryptoCoin420

      Well, privacy is a huge deal, whether or not you have anything to hide. That is besides the point. The point is the government does not need any other way to obtain information about people illegally than they already do. As I trust Apple (I think) about the way they described the way the touch ID works, I would like more clarification. As they already have my fingerprints because I was in the Navy for 9 years, the government does not need anymore intrusive ways to obtain our data, I am all for transparency on this issue.

    • Zozory Zozor

      the problem is they will know where y live ,where y go, and who y meet.

      • Bill

        They already do, unless you don’t have a computer, a cell phone… oh wait.

    • n0ahcruz3

      This ^^. If they dont want the government to spy on them they should cut all their connections. Phone internet etc. or they should organize a rally to White house.lol

      • Antzboogie

        Hush up you love being spied on? Then
        your a fool I love my freedom and Forever will they got my info cheers but not really my life is mine and only mine no one going to spy on my sh**. Spy on real threats not the common man.

      • n0ahcruz3

        I dont like to be spy on ofcourse then can u suggest something that will prevent them from spying on us? And the fingerprint thing is invalid cause the government already has our fingerprint.

    • s0me

      Really?? In my country you dont have to give them fingerprints for ID and drivers licence or anything else for that matter, only if you are a criminal. I dont want the American goverment to have my fingerprints for any reason, even if I dont have anything to hide. And yeah… I dont believe a word apple says about privacy.

      • ExRoot

        It is pretty much the same way here. Criminals, classified jobs is what we get printed for in the US. Please understand that most comments here are posted by misinformed younger adults who only care about shiney new tots. These are not adults with homes, families etc. it’s embarrassing.

      • dedegarrido

        actually here in Brazil; where I live, any document you want to have you will need to use your fingerprint…

      • dedegarrido

        and dude… you’re probably going to comment “but then, the NSA is going to have your fingerprint/USA government..” so what? I am just a normal citizen, they are not going to do anything with my fingerprint… LOL

    • Micaiah Martin

      This is a huge threat to people who haven’t yet signed their souls over to the government. Aka: unlicensed people.

  • Gregory Kitchens

    they explained all of this when they revealed the damn thing, why are people still throwing a fit? Don’t want it to check your finger prints? Don’t buy the damn thing, or do buy it and disable the finger print software.

  • Gregory Kitchens

    the dmv and the military have my finger prints and so does every place I’ve ever cashed a check and nothing has ever happened to me. if i kill somebody, they’d probably use my finger prints to prove my identity, that’s about all that would happen. chill, people.

    • Jerry

      exactly.

    • Antzboogie

      Your a contract killer. Think about that one. Before it was different we were fighting for freedom to be free not freedom to find out about everyone’s life because you might be a threat thats paranoia.

  • Marcio Atouguia

    I don’t see the fuss about this. U are not forced to use it.

  • Tom Brady

    I hate Apple. They had me in line for hours to tell me that I can only order it. This stuff whack

    • http://www.instapolitics.com/ Zachari

      That’s your own damn fault. You aren’t guaranteed a phone on launch day.

      • Tom Brady

        Why aren’t I guaranteed a phone on launch day? They said the phones go on SALE not they are available for ORDER. Its their own damn fault. They are crooks

      • iHamzaDev

        You aren’t guaranteed a phone on launch day because there is LIMITED supply. It’s a FIRST COME FIRST SERVE basis. Do you understand what those words mean? FIRST COME FIRST SERVE. If they ran out before you can get it, too bad. Order it or shut up and wait for next shipment.

      • Tom Brady

        Lol you sissies are hilarious. Apple is stupid for hyping up the phones and then putting out a limited supply to create more demand. And they didn’t SELL ANY PHONES! THE PEOPLE IN FRONT OF ME HAD TO ORDER THE PHONES AS WELL.

      • Rowan09

        A crook promises you something and let you pay for it without giving you what you pay for, so they are not crooks. You should order it online or just wait a little while it will be available.

      • Bill

        Wow, inflated ego much?

      • http://www.instapolitics.com/ Zachari

        Get your lazy ass out of bed and make an effort to be first in line then you might have a chance at the phone. Knowing the kind of person you are you already have one by now. Stop bitching.

    • 4p0c4lyps3

      Oh, boo hoo. Cry us a river. Very limited supply = you shld have gotten there earlier. Idiot.

      • Tom Brady

        I’m an idiot because the line was long and some of us have things to do in life so I can’t wait indefinitely like those fools. U sound like a girl

      • DarKii

        Two pretty cool quotes:

        “I hate Apple. They had me in line for hours to tell me that I can only order it.”
        “U sound like a girl”

    • ExRoot

      Perfect example of the mentality of these folks commenting. This string is about privacy, rights, etc. and all this person cares about is they didn’t get their toy. This article is too deep for this crowd.

  • JulianZHuang

    I have a green card, should I panic??

  • Tom Brady

    Crooks

  • iydomngz

    in this picture you can see what I showed my iPhone 5S
    ,Somehow Apple recognizes our Footprints, This happened to me today while I leave work me the Apple Store and while Siri

  • ExRoot

    These are all valid questions. If you don’t think do you are immature and ill informed. All you guys care about is a stupid phone. If this were anything else you’d all be complaining. But an iPhone nope. You people are ridiculous.

  • bw00ds

    Looks like Franken is trying to do something so that people will take him “seriously.”

    • Bill

      Versus the other current Senator from Minnesota?

  • iUser2012

    It is valid that people approach such features suspiciously. At the end neither Apple nor Google values customer privacy when they are asked by US Gov. agencies. If you use iCloud or Google Backup then you voluntarily agree that they would have access your phone data. Don’t think as your data is encrypted one way or so. Encryption is only for internet traffic between backup server and your phone. everything has to be kept in plain format, unencrypted, so restore remains possible.

    In brief, if you use any cloud service especially backup then you are voluntarily providing your data to companies that can share it to anyone they want without notifying you and you might only learn it if a wikileaks type info comes out years after. Decision is yours.

    • Bill

      The data can actually be stored in an encrypted format, since Apple, Google, Microsoft, and pretty much any company on the internet can (and does) generate keys at the site level for storage. However, they do this to give the typical user a false sense of security, and even if a hacker finds user data but not key data, the typical encryption of that user data can be hacked by a modern computer with a GPGPU installed (AMD FirePro, NVIDIA Tesla) within a few hours.

  • ExRoot

    This article is too deep for the mentality of this board. All commenter’s care about is not getting a phone on launch day. This is why this country is so far behind most others. PLEASE DON’T START ANY OBAMA BASSHING NONSENSE. Has nothing to do with him. I’m talking about you and me and our values!

    • Tom Brady

      damn that. u white folks r crazy

  • Manu Bulteau

    Senators and politics worry about privacy because most of them are thieves and/or criminals. Honest people have nothing to fear about all that shit. Now if you really have problems with that, don’t use internet, never say your name, pay with cash and wear gloves at all times.

  • Bill

    Hey Mr. Franken, maybe Apple will set you up with Chairman Al Gore to talk about this tech and how it works. I respect you as a Senator, but you’re a Senator and Comedian, much like Al, and not a tech person, so the technical description probably will go right over your head.

    Of course, he’ll make you sign some NDAs first…