The iPhone 5S Fingerprint Reader

Yesterday Apple announced their new iPhones. The iPhone 5c was, in my opinion, wasn’t at all newsworthy. Apple’s new flagship phone, the iPhone 5s, wouldn’t be newsworthy except for its fingerprint reader:

Apple’s brand-new iPhone 5s isn’t dramatically different from last year’s model, but it has at least one major addition: a “Touch ID” sensor. Us human beings are calling it a fingerprint sensor, and it’s built into the phone’s main Home button below the screen. Apple’s Phil Schiller says, “It reads your fingerprint at an entirely new level” — it’s 170 microns in thickness with 500 ppi resolution. According to Cupertino, it “scans sub-epidermal skin layers,” and can read 360 degrees. As expected, the sensor is actually part of the Home button, making it less of a button and more of a…well, sensor. Using Touch ID, users can authorize purchases in iTunes, the App Store, or in iBooks by simply using their thumbprint (starting in iOS 7, of course). Pretty neat / scary!

Honestly, I have mixed feelings about this. It’s certainly a neat piece of technology and I don’t want to decry Apple for trying something new in the smartphone field. Today you can lock your phone with a four-digit passcode or a full password. If I were betting money I would bet that a majority of users use neither option. Of the people who put a passcode on their phone a vast majority likely opt for the four-digit option. Phones are devices that are accessed frequently. Having to enter a long password every time you want to check your Twitter feed get annoying quickly. Therefore few people are willing to use a complex password to security their phones. That leaves most people not enabling any security and those who enable security most likely opt for a relatively insecure four-digit passcode.

Apple has been fairly good about including security features that are relatively easily to use and this fingerprint reader looks to be another one. Time will tell if the sensor is easily fooled by other fingerprints but if it convinces more people to put some kind of security on their phone I’m happy. If the technology is properly implemented it could easily be more secure than the four-digit passcode (admittedly not a high barrier to climb over).

Then there’s the other side of the coin. My first thought after seeing the announcement of a fingerprint reader was that the police are going to love it. As it currently stands, a police officer wanting immediate access to your phone must obtain a search warrant and gain your cooperation, have a mechanism of exploiting a security hole in the phone on site, or bring force into things either as a threat or as physical harm. With the inclusion of a fingerprint reader a police officer need only force your finger onto the sensor to unlock it. That seems to be far less hassle than the other three mentioned options.

In light of Edward Snowden’s leaks there is also the concern that your fingerprint will be send off to the National Security Agency (NSA). While Apple promised that your fingerprint data will only be stored locally there is no way to verify that fact. Furthermore, if Apple was compelled with a national security letter to include a mechanism to allow the NSA to obtain fingerprint data they wouldn’t be legally allowed to tell us. That thought should scare everybody.

Finally, on a more practical side, biometrics have a fatal flaw: the technology is based on sensor data obtained from your body as a point in time. What happens if you cut your finger? Will the sensor detect your altered fingerprint as somebody else? What happens if your finger is cut off? Our bodies can change over time and those changes are often difficult, if not impossible, for biometric technology to detect.

As with most security technology there are ups and downs to this fingerprint reader. If it convinces more people to enable security on their phones then I will be content. However, one must realize that there are real downsides to using your fingerprint as a security token.