(CAVEAT: This is my personal opinion only, and does not necessarily reflect the opinions of my employer or any association with which I am...um...associated.)
The announcement of the fingerprint recognition technology in the forthcoming iPhone 5s, coupled with the revelation that the National Security Agency has cracked just about every secure encryption method known to humankind, has resulted in a panic among some people.
These people are now convinced that the NSA will hack the iPhone 5s, grab your fingerprint, and do Bad Things.
So let's construct the use case.
Assume for the moment that I have an iPhone 5s (doubtful assumption, but humor me for now).
Furthermore, assume that the NSA wants to specifically target me to get the goods on me. (This is different from the other NSA use case, in which the NSA would conceivably grab information from every single iPhone. That's a more complex use case that I'll ignore at the moment.)
Furthermore, assume that the NSA knows that my fingerprints are NOT already on file with the FBI, the DHS, or any state and local agency. (In other words, I haven't already committed a crime, I don't have a concealed carry permit like [REDACTED] does, etc.)
So now the NSA wants to grab my fingerprints. While Apple itself doesn't have my prints, it does have information on the phone that is registered to me, and presumably the NSA can exert its muscle to grab that information. The NSA then targets my phone, eavesdrops on it, and breaks into the super-duper chip that includes the information on my finger. I would assume, incidentally, that my finger image is not stored there, but just a subset of fingerprint features.
So the NSA now has my fingerprint features, but without the image. At this point, some modifications may be required to make the fingerprint features compatible with the FBI's fingerprint system, or with the fingerprint system used by the DHS. This would be mere guesstimates, or perhaps the features are close enough to search as is.
At this point the NSA approaches the FBI and DHS and says that these fingerprint features need to be searched against their systems. Because all bureaucrats always cooperate with each other (and you know how I feel about that assumption), the FBI and DHS drop whatever they're doing and search my features against their databases.
Now what? Well, not much. Despite what the TV shows say, these systems aren't 100% reliable, and don't claim to be. Some person is going to have to review a list of possible candidates that match the fingerprint features that were captured - and that's going to be awful hard to do when you don't have the original fingerprint image.
But let's say that they do this, determine that the print matches the prints of someone who is on the FBI's Most Wanted List. Now let's make the leap to assume that this means that I myself am therefore that person on the Most Wanted List.
Unfortunately, this search result isn't going to stand up in a court of law, so the NSA will have to get the super-secret court to authorize my execution under the super-secret "Let's Execute Possible Terrorists" Act, passed in the wee hours of September 12, 2001 when Congress was drunk.
So, the NSA has gone through all of this trouble - a lot of trouble - to break into my iPhone 5s and do something with the stuff that they extracted from it.
And there are people out there who actually believe that the NSA would do all of this.
If you are one of those people, then I ask you this - when you go out in public, do you wear a veil?
"Of course not!" you respond. "I ain't one of them danged Muslim terrorists!"
So, if you don't go around wearing a veil, then your face is exposed in public for everyone to see. The NSA wouldn't have to hack into your iPhone; an agency could simply take your picture while you're coming out of the Walmart or Whole Foods or whatever.
And you don't need a fancy-dancy biometric system to perform a facial match. People have been doing that for thousands of years by using their eyeballs.
Why are you so concerned about your finger, but not your face?
My unfortunate mashup of the day - Original tweet here. If you missed it, my somewhat more serious post on Ubergate is here.
4 days ago