Monday, November 04, 2013

On the folly of fingerprints as cell-phone security

Of all the biometrics for Apple to choose to use as security on its new iPhone 5, fingerprints seem like an ill-considered choice that makes phones less secure. After all, to a computer, fingerprints are nothing but ones and zeroes - data like any other transmitted to unlock the system. And unlike passwords, you can't change your fingerprints once someone else has hold of them.

So, in an era when National Security Agency surveillance seems to constantly make headlines, why choose a biometric where the government possesses databases with millions of Americans' fingerprints on file - of everyone who has ever been to jail, applied for security clearances, undergone background checks for licensing, etc.? Even if the government doesn't misuse it, Edward Snowden's example shows such information can potentially walk out the front door, on a thumb drive or otherwise. Indeed, as far back as 2005 this blog warned that "Biometric passwords risk gravest form of identity theft," and that was before the smart-phone boom.

The Texas Department of Public Safety at one point wanted to gather all ten fingerprints from drivers license applicants, but in the end settled for gathering only thumbprints and facial recognition data - information they promptly shared with the federal government through a state fusion center as soon as they began to gather it.  Even without fingerprints of every driver, though, the government has access to enough people's fingerprints to make their use as a security measure decidedly insecure.


Anonymous said...

Good article!

Did you see where the 1st assistant DA of Mclennan county may have committed a class a misdemeanor by discharging a loaded weapon in the DA's office today? On Wacotrib website.

Gunnlaw said...

You may want to get a realistic security overview from Steve Gibson at: