Fingerprinting your way to security

The NSA Raccoon is mostly right in this one:

For two reasons.

Reason 1: You (probably) don't own your phone

If you haven't rooted your phone, you don't really own it. While Apple says the fingerprint images are not uploaded to the borg collective, it's just one network hop away should the collective decide that it really needs them. A phone is a data-network connected device, after all, and the wireless carrier's customizations makes it a lot easier to get local access to the device if they want to.

Reason 2: Rooting won't help much either

Among the many disclosures since Snowden started his leaks is that law enforcement has a dirty-tricks bag deep enough to get into practically anything once they decide they need in. If it's got a data connection, and you haven't taken specific steps to keep others out, they'll still get in.

That said, if there is one thing we've learned from all of this is that there are massive databases at work here, and databases are only as good as the collected data and its indexes. Since fingerprint image collection isn't in the borg collective, it's not going to go into the secret national identity databases. They'll still need to take active effort to collect that information.

Fingerprint readers are nothing new:


My work laptop has one, and they've been on business laptops for years. What's new is that they're now on a data-connected device the habitual users don't own or manage, and is tightly integrated into the OS (unlike my laptop, which runs Linux; the reader has never worked for me).

What I'd like to know is where was the hue and cry over Android's face-lock ability?

That's another extremely useful biometric, and one that's arguably even more damaging than fingerprints: facial recognition in all of it's crappy implementations has been used by law-enforcement for a decade now. A good face-capture allows facial-recognition to work against random video feeds of public places to track individuals, something the ever expanding CCTV network enables.

Fingerprint readers tied to the borg collective will tie individuals to specific high value locations where fingerprint collection is deemed worth it.

Face-capture readers tied to the borg collective will tie individuals to low value public locations.

One of these is more likely to be deemed a serious invasion of privacy than the other, and it isn't the technology Apple just added.