An aura of spooky futurism has clung to biometric identification systems, which convert human bodies into combinations of measurements and patterns that a machine can read and store. Questions remain about how accurately our putatively unique biological traits can be translated into data. The United States, despite its technological dominance, has been particularly slow to adopt biometric technologies.
But the American company Apple is giving biometrics a huge bump as a result of its latest iPhone, the 5S, which goes on sale September 20. The model employs fingerprint identification as the way users unlock their devices.
For at least a decade, various other laptop and phone manufacturers have tentatively offered fingerprint recognition features before withdrawing them. But Apple is the first to make biometric identification standard, and enabled by default. The company also has a storied history of nudging technologies — including the smartphone itself — into user-friendliness and watching their popularity explode.
To coax users into using their anatomy as a password, Apple has embedded the so-called “Touch ID” hardware in the phone’s home button. Currently, users unlock the phone by first pressing the button and then entering a passcode — if they have one set up. With Touch ID, users simply hold their finger over the home button for an additional moment to wake up and unlock the phone.
The system will get a lot of users, in other words. If they like it, they may be more open to other biometric identification systems. But the reverse is also true, making the feature an important trial balloon.
Privacy and security are issues that dog any use of biometric user verification, and Apple’s announcement has proven no different.
The company has shown it’s aware of those concerns. By opting for a capacitance scanner, which measures how much electricity is conducted through different points on the user’s finger to map its ridges, Apple has reduced the chance that a detached finger or, more likely, a photocopy could trick the system.
But what if the user’s fingerprint, due to aging or injury or a damaged scanner, is rejected? In recent years, efforts to use fingerprints for national identity papers in Europe have been put on ice because they weren’t accurate enough. Apple appears to betting that Touch ID’s role protecting a single electronic device will spare it from such high-stakes arguments. But if the system doesn’t work reliably, it will give Apple a black eye it doesn’t need, and may prove a major setback for other biometric identification systems to boot.
As for privacy, the iPhone will not save an image of the fingerprint, but will instead keep data points which are encrypted and stored locally on the phone. The biometric passcode won’t be backed up to Apple servers or iCloud, according to Apple senior vice president Philip Schiller. Apple is not giving app developers access to Touch ID, at least until the system has had its very public beta test.
Because Apple’s system is closed, users will not be able to verify its privacy and security for themselves. Security experts insist that manual verification is the single best way to ensure privacy. The Free Software Foundation has cried foul.
“Is the hardware only capable of reading a pattern, or is it that the software Apple ships only uses the pattern functionality? This matters, because if the hardware is capable of both, then other software could enable those functions,” FSF executive director John Sullivan told Singularity Hub.
Encrypting information as sensitive as biometric data is only as secure as the particular method of encryption, Sullivan noted.
“The devil is in the details,” he said.
But Jules Polonetsky, the director of the Future of Privacy Forum, saw more benefits than privacy risks in the biometric system.
“The fingerprint reader provides far better security and is easier to use than simple passcodes. By not storing the actual print, and by keeping the data on the phone and ensuring apps can’t access it, Apple has minimized the most likely privacy concerns,” Polonetsky told Singularity Hub.
Only half of U.S. users use passcodes, and most of their codes are not very secure. So it seems Apple has cleverly set the bar low for Touch ID: If it’s reliable enough to prompt more users to lock down their phones, it will mark an improvement in mobile security.
Other mobile companies are taking note. According to a Wall Street Journal report, at least one Android phone-maker is already planning a fingerprint login.
Photos: Fazen via Flickr; iPhone 5S photos courtesy Apple