Will the NSA get my Fingerprints?
September 10, 2013 5:02 PM   Subscribe

Given that it has been revealed the NSA has access to all smartphones, and given that recent reports have indicated the NSA is capable of breaking all known encryption... should I trust Apple that the NSA will not have access to my fingerprint? If I buy the new iPhone... should I stop short of using the fingerprint identification feature?
posted by banished to Computers & Internet (17 answers total) 7 users marked this as a favorite
According to a Tweet by David Pogue, tech writer for the NYTimes, the answer is No. He wrote, " To be clear: the iPhone’s fingerprint reader is an OPTIONAL security feature. And your fingerprint is not sent or stored online."

I am a privacy freak and try to avoid giving out my information to anyone, but having been finger printed for several jobs as well as for local youth coaching positions, I have no concern with the NSA having a copy of my finger print. The only way I would be concerned would be if I thought the NSA capable of framing me for some crime I did not commit.
posted by JohnnyGunn at 5:13 PM on September 10, 2013

If the NSA wants to know something about you, they can go far further than having your fingerprint.

Buy the iPhone if you like it, use the ID feature if you find it convenient.
posted by matty at 5:14 PM on September 10, 2013 [5 favorites]

If you're truly concerned about this, you should not get the new iPhone. Simply not using the feature is no guarantee that they're not recording your fingerprint every time you press the home button.

That said, this seems less potentially useful or abuseable than almost any other thing that we've heard they've do recently. In the worst case where they do collect one of your fingerprints, and then screw up and leak it and now it's on the front page of the NYT or something, does anything bad happen? So I personally am not going to worry about it.
posted by aubilenon at 5:16 PM on September 10, 2013 [2 favorites]

Where are yo located? Do you have a driver license? Does any other institution have your fingerprint? Then your fingerprint is already available to the NSA.

A better question would be, is using your fingerprint as the only way to lock your phone actually giving access to your phone to other parties that have access to your fingerprints (such as the NSA).
posted by VikingSword at 5:18 PM on September 10, 2013 [4 favorites]

I don't think there are trusted authoritative answers to this, just educated guesses. So here's mine:
Probably not, or not easily.
The NSA presumably would not need your fingerprints to be able to access your phone (whether this can be done remotely - I don't know, but safe to assume it can be) so I doubt they have a lot of interest in fingerprint data, however given their extreme mission creep, who knows.

But if an agency wants your prints enough that they'd go to the NSA, I imagine there are myriad ways for them to get your prints that are less trouble than involving the NSA. Especially if you cross a border. Especially if you are American (as we've seen, the NSA likes to make a fig-leaf pretense at acting within their tortured interpretation of "legal", and while they didn't restrict what their analysts were doing, answering a request from an outside agency with full papertrail at both ends is the kind of situation where they're more likely to reply "Er sorry - we're not allowed to do that".

Question: What do you not want them to have your prints?
If the answer is "I don't want to be framed", then it is possible that your prints can't be recreated from scanner data - the data might simply be a graph of key features for comparisons and matching.
If the answer is "I don't want my prints ending up in a giant police fingerprint database where a false positive could get me mixed up in some investigation", then I suggest a FOIA to find out if your prints are available to police, using the phone fingerprint feature, then doing another FOIA a year later. If your prints have appeared, you just blew the lid on a pretty huge news story.
If the answer is "I don't want people being able to get into my phone", well, your prints probably aren't needed for that.
posted by anonymisc at 5:35 PM on September 10, 2013 [1 favorite]

The other thing is that this doesn't take a picture of your figure print, but relies on the electrical contact points from the surface of your skin. The privacy implications of that are an exercise better left to someone smarter than me.
posted by Nonsteroidal Anti-Inflammatory Drug at 5:36 PM on September 10, 2013

The NSA doesn't have access to all smartphones. They could probably access some arbitrary smart phone if they wanted to (though the report from Der Spiegel, which is the source for your link, didn't actually say that), but they're unlikely to access yours.

Snowden doesn't think the NSA can break all encryption. In a reader Q&A with The Guardian, he said, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” Practically speaking, this is irrelevant to your fingerprint question, though. Apple stated that fingerprints were not uploaded and were kept on the phone. If Apple's lying about that, then there's a pretty good chance they're passing finger prints along to the NSA anyway (because it suggests they were legally compelled to do so).

If the NSA were targeting you specifically, they would already have your fingerprints. Have you ever touched a hard, smooth surface in public? You probably left a fingerprint.

(If the NSA were targeting you specifically, you would have much bigger problems than keeping your fingerprints private.)

Finally, what does it matter if the NSA does have your fingerprints? They can't use that information in a criminal case against you without opening themselves up to judicial review. I'm much less concerned about my fingerprints than my private emails — or, if they really do have access to my phone, any conversation I had within range of my phone's microphone (i.e. all of them).

If you're still worried about it, don't buy the phone. Or, use the phone but only with gloves, since you can't know that the fingerprint sensor is turned off.
posted by Renegade Duck at 5:38 PM on September 10, 2013 [3 favorites]

"should I trust Apple that the NSA will not have access to my fingerprint?"
posted by LonnieK at 5:38 PM on September 10, 2013 [5 favorites]

To be honest, I'd be a lot more worried about the massive amount of location data it can collect: How Apple's M7 Chip Makes the iPhone 5S the Ultimate Tracking Device
The M7's job is to handle data from the iPhone's sensors—the accelerometer, gyroscope and compass—without firing up the A7. This means better battery life, but thanks to the new CoreMotion API, it also means that your iPhone never stops collecting data. For the sporty set, this means the M7 chip turns your iPhone into fitness tracker that can serve up data about your movements that you can access instantaneously.
Having the integrated chip is also more efficient; instead of buying your fitness tracker, remembering, wear it all the time, then uploading the data onto your computers, and constantly keep in charged, all of it is done with your phone. Anytime you have your iPhone in your pocket or purse, the device is constantly recording data about your movement. The iPhone was already doing this to a certain degree, but this upgrade means more of your data is stored. And, potentially, is sent back to Apple's servers.

Which also has the potential to make the M7 more than a little creepy, especially given recent ongoing revelations about NSA privacy violations. Luckily, iOS 7 makes it relatively easy to turn off location services, though it's unclear if you can turn off the M7's motion tracking too.

Where does that leave us? Fitness buffs will have a great—although bulkier—fitness-tracking option available to them. Privacy buffs will have something new to worry about. And everyone in between will go about their day blissfully unaware that their iPhone knows exactly how they spent it.
posted by zombieflanders at 5:59 PM on September 10, 2013 [4 favorites]

And everyone in between will go about their day blissfully unaware that their iPhone knows exactly how they spent it.

The government doesn't need the motion tracker in your phone to know where you are, you get that information from your telco when your phone connects to whatever cell tower is closest. That is how cellphones have always worked.

A better question is: what risk are you exposed to here, if your thumbprints - which you already leave everywhere, seriously - become government knowledge? Specifically, what risks are you exposed to that you weren't exposed to before?
posted by mhoye at 6:32 PM on September 10, 2013 [7 favorites]

I think your question is really the tip of the iceberg. What is a simple fingerprint compared to carrying around a device that is tracking your location at all times (the phone company already sells your location info to companies), can record audio at any time, all your calls are obviously tracked by at least your phone company, and the device has not one but TWO cameras that can be on at any time? How about all your internet traffic as well? Everyone as far as we're concerned in the first world already has an outsized proverbial fingerprint that is recorded and sent to secret parties in minute detail.

If you are worried about a simple fingerprint then I would assume you have larger things to worry about than iphone features. If you don't have larger things to worry about.. well, then I hope that like me you become more concerned with where our society is going and become more interested in changing it.
posted by BurnMage at 7:31 PM on September 10, 2013 [3 favorites]

Yes, if they have an easy way to collect all fingerprints from iPhones, they'll do it. They're not in the business of saying no to data collection. That being said, they already know everything you've posted on this site, have access to your e-mail, web history, phone call data, all purchases not made in cash, medical history. Probably all of your cell phone location data as well. Your fingerprints are just one more thing among many.
posted by cnc at 9:19 PM on September 10, 2013 [2 favorites]

Trust Apple, whatever they say.
You're kidding I hope.
posted by Kilovolt at 10:26 PM on September 10, 2013

I would stop worrying about your fingerprint, as everyone else has said, and start worrying about what "they" - as in, not only the NSA but most definitely the Chinese government to name just one - already know about you.

I have it on good authority that (for example) your credit card details are already in circulation through organized criminal networks, are you still using your credit card? Were you going to pay for the new phone with it?

I suggest you take comfort in the fact that whatever they theoretically know about you, they were still caught on the hop by the actions of one of their own indirect employees, someone they ostensibly had every reason to monitor.
posted by tel3path at 10:43 PM on September 10, 2013 [1 favorite]

If Big Brother gets you in his sights, there is nothing you can do to prevent your whole life from being laid wide open. Having an iPhone 5S or not is meaningless compared to the thousands of others ways they can collect data on you. I have no doubt they can get your finger prints if they really need them.

If you are really that concerned about this - then you need to live off the grid.
posted by Flood at 4:43 AM on September 11, 2013 [2 favorites]

I don't think Apple will ever store your fingerprint centrally, and the reason has nothing to do with scruples on their part and everything to do with business sense. A company as big as Apple generally won't store authentication information like passwords in a readable or decryptable form, since they don't want hackers to be able to access that account data and then use it to make fraudulent purchases. That's terrible for business. I don't think they'd start doing that now, and I also kind of doubt that the NSA gives a shit about your fingerprints anyway. That's not their domain, and I think from their perspective, if they're interested in you, they'll have all the incriminating information they need way before fingerprints ever become a relevant factor in the process of tossing your ass in Gitmo or whatever.
posted by invitapriore at 10:02 AM on September 11, 2013 [1 favorite]

I should add that this article about function creep is in my opinion a far better description of the putative threat posed by fingerprint ID as a phone unlocking mechanism.

It's for the reasons described in the article that I don't intend to use the Touch ID feature. Not because of any immediate fear that three-letter organizations will have more access to my fingerprint than they currently do.
posted by tel3path at 1:07 PM on September 13, 2013

« Older How do I cope with living alone?   |   Perfectionist kid? Newer »
This thread is closed to new comments.