The iPhone’s Fingerprint Scanner Is an Exercise in Trust

On Monday of this week, the German newspaper Spiegel published new information from the Edward Snowden treasure chest, which details the NSA’s interest, and advanced capabilities, when it comes to spying on the world’s smartphones.

Just two days after Spiegel announced that the NSA looks at Apple as Big Brother, Apple announced its brand new iPhones, the 5C and the 5S. The flashier, pricier 5S is being bundled with a new, fingerprint sensor Apple's calling Touch ID.

Perhaps the most alarming detail from the Spiegel article comes from an NSA presentation that was circulated in 2010, titled “Exploring Current Trends, Targets and Techniques.” Within that presentation is a slide featuring a photo of Steve Jobs, accompanied with a caption that reads, “Who knew in 1984 that this would be Big Brother?” Spiegel also described a slide featuring a photo of civilians using iPhones, coupled with a caption that says: “And the zombies would be paying customers?”

This presentation—again, from 2010, so who knows what those crazy spies are up to now—goes over the NSA’s capabilities to spy on 38 different iPhone functions, including location services, Google Maps, and Facebook. It should not come as a surprise to any iPhone user that the sleek glass and metal device they carry around in their pocket is bulging with personal information, but to learn about such an institutionalized effort to covertly collect that data from NSA “targets” is nonetheless concerning.

Touch ID is set to replace the four-digit keypad lock system that current iPhone users have, to protect their precious contact list and text message inbox from creepy exes, creepy coworkers, and creepy spouses. Now, instead of having to go through the tedious, archaic process of remembering a four-digit code, and then typing it into an iPhone, all you need to do with an iPhone 5S is press your finger against your device and it will unlock itself. Magic.

Many people, including myself, were instantly turned off by this new feature—what with the NSA collecting all of the digital information in the world for mysterious and invasive purposes and all—but Apple has already defended itself by stating the fingerprint information would only be “encrypted within the iPhone’s processor.” And therefore, according to Apple, it’s safe from prying eyes.

That may have been comforting to hear about a week ago. But given the massively important and surprising news that the NSA (and the Brits over at GCHQ) have essentially destroyed encryption, and with the US spending $250 million a year on “covertly influencing” American tech products to weaken their security and install backdoors for the NSA, I for one don’t really trust any form of corporate American “encryption.”

These recent revelations about the NSA’s war against encryption, which it appears to have soundly won, has been described by cryptology expert and John Hopkins cryptology professor Matthew Green in a now infamous blog post as being “on a scale I couldn’t even imagine.” His blog post was so popular that John Hopkins originally asked him to take it down, which it quickly apologized for, after outrage spread throughout the media.

Furthermore, news broke last night from Yahoo CEO Marissa Mayer, who said she would have gone to jail if she had revealed the size and scope of the US government’s surveillance programs to the public. Mark Zuckerberg added to that by saying the US government “blew it” and did a “bad job” of making sure their surveillance programs—which should be there to catch evil, bomb loving, murderous human beings—did not impact the privacy of innocent people.

These somewhat ballsy statements from two of the world’s biggest tech CEOs feel a little bit like too-little too-late. (Still, can you imagine what would happen if the government took the CEO of Yahoo to court for whistleblowing?) But it also indicates the amount of control and influence the United States government has over the tech giants within its nation.

Which brings us back to the iPhone fingerprint sensor: Why should we believe it hasn’t already been compromised? Apple surely included the fingerprint sensor for perfectly obvious reasons: It's a new feature to sell, and may make the device easier for users. Yet its inclusion also requires users to trust both Apple's security measures and that the NSA and friends won't try to break that security for their own gain. Based on the past few months of revelations, that's an enormous amount of faith to ask for.

While some journalists have gone as far as to ask whether or not thieves will now be slicing the fingers off of high-profile targets in order to gain access to their iPhones, the more immediate and widespread threat certainly seems to be one where the iPhone’s supposedly encrypted fingerprint data has a backdoor to let the NSA stroll right in and take it, so it can be added to the US government’s massive info collection database.

We are now living in a society where the digital devices we spent hundreds and hundreds of dollars on are being viewed as tools to make us “zombies” in the eyes of the government. The language used in the NSA report acquired by Spiegel is highly concerning. The government, like everyone else, knows we're all highly reliant on our smartphones. It should come as no surprise that it would try to exploit that reliance.

And while the fingerprint sensor in your new iPhone 5S may never betray you personally, you can bet that if the US can get their hands on using that data for prosecution, they will. To potentially add that weapon to the American government’s arsenal, at a time when more people are being charged for leaking and “espionage” than ever before, seems like an unwise move.

@patrickmcguire