While many proud owners of the new iPhone 5 were searching for sleek iphone cases this weekend, Senator Al Franken (D-Minn.) was busy drafting a letter to Tim Cook, the chief executive at Apple. Franken’s letter expressed concern over the technical possibilities of iTouch ID which is available on the latest iPhone.
The iPhone 5s is the first among Apple devices to boast a fingerprint scanner which is built into the device. Rather than entering the traditional four-digit pass code, iPhone owners can now simply set their finger on the home button and allow the phone to recognize them and unlock.
Although Apple says it will only store the fingerprint data on the individual’s device in an encrypted format rather than sending it back to its servers, Senator Franken asks for more information on how Apple plans to use iTouch information and how the fingerprint recognizing capabilities will work under the Stored Communications Act.
The senator, a democrat from Minnesota explained, “Passwords are secret and dynamic; fingerprints are public and permanent. If you don’t tell anyone your password, no one will know what it is. If someone hacks your password, you can change it—as many times as you want. […] Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life.”
The Store Communications Act
Franken hopes to ensure that Apple will never share fingerprint data with commercial third parties. He also wonders whether this information is classified as the contents of communication or a subscriber identity in regards to the Stored Communications Act.
Also known as the SCA, this law passed in 1986, deals with voluntary and compelled disclosure communications and other information recorded and stored by third-party Internet service providers. This act works with the Fourth Amendment which protects peoples’ rights “against unreasonable searches and seizures.”
When the Fourth Amendment is applied to online security, privacy terms become a little bit shakier. In many cases, something called the Third-Party Doctrine holds that when Internet users knowingly relinquish any expectation of privacy, thereby surrendering their protection under the Fourth Amendment regarding online information.
As the washing post comments, “This is particularly important because content data require a warrant to be released to law enforcement, but a subscriber ID or number needs only a subpoena.” Thus, Franken hopes to define whether or not “Apple considers fingerprint data subscriber information that the company could be compelled to share by the order of a national security letter.”
The iPhone fingerprint sensor question seems just another item in a growing list of situations in which technological possibilities are far ahead of laws and ethics.