Can the FBI get iPhone 5S fingerprint data via the Patriot Act?
Al Franken, chairman for the Senate Judiciary Subcommittee on Privacy, Technology and the Law writes to Tim Cook (CEO of Apple Inc.):
I am writing regarding Apple's recent inclusion of a fingerprint reader on the new iPhone 5S. Apple has long been a leading innovator of mobile technology; I myself own an iPhone. At the same time, while Apple's new fingerprint reader, Touch ID, may improve certain aspects of mobile security, it also raises substantial privacy questions for Apple and for anyone who may use your products. In writing you on this subject, I am seeking to establish a public record of how Apple has addressed these issues internally and in its rollout of this technology to millions of my constituents and other Americans.
Too many people don't protect their smartphones with a password or PIN. I anticipate that Apple's fingerprint reader will in fact make iPhone 5S owners more likely to secure their smartphones. But there are reasons to think that an individual's fingerprint is not "one of the best passwords in the world," as an Apple promotional video suggests.
Passwords are secret and dynamic; fingerprints are public and permanent. If you don't tell anyone your password, no one will know what it is. If someone hacks your password, you can change itas many times as you want. You can't change your fingerprints. You have only ten of them. And you leave them on everything you touch; they are definitely not a secret. What's more, a password doesn't uniquely identify its ownera fingerprint does. Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life.