WASHINGTON — Analysts expect Apple to sell up to 6 million new iPhones this weekend, but Sen. Al Franken is raising privacy concerns about the phones even as consumers gobble them up.
One of the two new iPhones, the 5S, includes what Apple calls “Touch ID,” which allows a user to unlock the phone or purchase music, apps or books from Apple by scanning a fingerprint on the phone’s home button. It’s a change from past Apple products, which users could lock using a passcode. Apple promotional material proclaims: “Your fingerprint is the perfect password.”
But Franken, the chairman of the Senate Privacy, Technology and the Law subcommittee, said he’s not so sure. In a Thursday letter to Apple CEO Tim Cook, he said the new hardware “may improve certain aspects of mobile security” by encouraging users to more easily lock their phones, but “it also raises substantial privacy questions for Apple and for anyone who may use your products.”
“Important questions remain about how this technology works, Apple’s future plans for this technology, and the legal protections that Apple will afford it,” Franken wrote, before listing a series of questions about how iPhones store users’ fingerprint data and who might have access to that information. “I should add that regardless of how carefully Apple implements fingerprint technology, this decision will surely pave the way for its peers and smaller competitors to adopt biometric technology, with varying protections for privacy.”
Franken (who was quick to note he’s an iPhone owner himself) spelled out his concerns thusly:
Passwords are secret and dynamic; fingerprints are public and permanent. If you don’t tell anyone your password, no one will know what it is. If someone hacks your password, you can change it — as many times as you want. You can’t change your fingerprints. You have only ten of them. And you leave them on everything you touch; they are definitely not a secret. What’s more, a password doesn’t uniquely identify its owner — a fingerprint does. Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life.
Apple looked to ease potential privacy concerns last week when it said the iPhone 5S doesn’t store actual imagines of users’ fingerprints, and that third-party applications don’t have access to the data. It has a explainer on the technology on its website. An Apple spokeswoman did not immediately respond to an email asking for comment on Franken’s letter.
Thanks to his subcommittee chairmanship, Franken has tussled with Apple before. In 2011, he asked the company to explain how it stores users’ location data and he’s called Apple and Google executives to testify before Congress on their mobile technology.
The iPhone is Franken’s second high-profile tech target in as many weeks: He wrote to Facebook on Sept. 12 asking it to reconsider its expansion of facial recognition software.
Devin Henry can be reached at email@example.com. Follow him on Twitter: @dhenry