Senator Sends Letter to Tim Cook Over Touch ID Privacy Concerns

SeaFox · Sep 21, 2013

calaverasgrande said:
I think it is pretty irresponsible behavior to belitte a senator (or any politician) for doing what is in their job description; Looking out for their constituents welfare.

To the average congressman, their "constituents" are whoever gives them their big campaign contributions (corporations). They haven't cared about the citizens who vote for them (outside of election time) for decades.

Edit: In fact, to suggest this has anything to do with looking out for citizens' best interests is funniest thing I've heard all night. Thanks for the laugh.

Tech198 · Sep 22, 2013

The Senator got his answer :-

"....It isn't possible for your actual fingerprint image to be reverse-engineered from this mathematical representation. "

end of story...

Me thinks its like everything else in the world... we'll just keep asking till we get the right answer we're looking for.

I hate to say this, but good job Apple.... I would have done the same thing by NOT making this public........ Ok, so it would hurt third party developers, but it will also be in the someones hands too,, Which would ou rather prefer from a security standpoint ??, Apple may not think they may be able to reverse engineer, but better safe then sorry i always say.

Besides, Apple says allot of things, And they don't even tell us what crypto they use. And regardless, the outcome will be the same..

If they want it, they'll get it

kdarling · Sep 22, 2013

Tech198 said:
The Senator got his answer :-

"....It isn't possible for your actual fingerprint image to be reverse-engineered from this mathematical representation. "

end of story...

Rule #1: one of Jobs' legacies is that Apple constantly handwaves and manipulates words so that a casual reader thinks they said one thing, when they actually said another.

Apple only said that the ACTUAL FINGERPRINT IMAGE could not be reconstructed. However, the original image isn't important.

All that matters is the feature data that is extracted. That is the information which is used to uniquely identify you.

Here is a visual aid I put together. The lower half shows the data that is stored and used to look for matches.

That feature data, along with the feature extraction algorithm, could be used to match your fingerprint against any photographic government fingerprint database in the world.

Note that I am not claiming that Apple does or will send such info externally. I'm only saying, always read Apple's comments closely. What they said is not what people think. Also, the important takeaway is that reconstructing the image is not important. Having the feature data, is the important part.

subsonix · Sep 22, 2013

kdarling said:
That feature data, along with the feature extraction algorithm, could be used to match your fingerprint against any photographic government fingerprint database in the world.

But a different image taken from different reader may not produce the same representation, because of that, comparing only the data outside of Apple's implementation may not be useful.

kdarling · Sep 22, 2013

subsonix said:
But a different image taken from different reader may not produce the same representation, because of that, comparing only the data outside of Apple's implementation may not be useful.

True, but I think in this case the source data would be similar enough to match. My reasoning is this:

The standard storage resolution (e.g. NIST, FBI) for fingerprint images is 500 DPI, which is the same DPI as the AuthenTec sensor.
The (for example) FBI photographic database is of the skin surface ridges, whereas the Apple source image will be of the same ridges' subdermal foundations, but from what I can tell from RF patents, that means the Apple source image will simply be cleaner, without surface cuts. (*)

Thus my conjecture that running the same feature extraction / match algorithm across a photographic database, would likely match up with the results that Apple stores.

In other words, I think there's a good reason why Apple only said that the data cannot be used to recreate the original image. Doing that is not necessary for a photo DB match.

Regards.

Edit: again, this is just a technical discussion. I don't think Apple will send anything anywhere. However, I do think they're understandably glossing over some things in order to calm people's worries.

(*) Which brings up all the talk about "only detecting live skin". Yes, the sensor goes down to where live skin usually is, but because of all the variations in real humans, the base RF sensor itself cannot detect whether it's reading live skin or not. According to AuthenTec patents, other methods must be used for that purpose.

calaverasgrande · Sep 22, 2013

SeaFox said:
To the average congressman, their "constituents" are whoever gives them their big campaign contributions (corporations). They haven't cared about the citizens who vote for them (outside of election time) for decades.

Edit: In fact, to suggest this has anything to do with looking out for citizens' best interests is funniest thing I've heard all night. Thanks for the laugh.

thanks for reinforcing my point.
I'm sure Franken was given a brand new Xbox by Ballmer for calling Apple on the carpet. That is what you are trying to say right? That Franken has some arch ulterior motive which benefits some shadowy corporate lobby?
Personally I would like it if more senators were being nosy jerks to the large corporations. Instead the Feinsteins of congress are more than willing to bend over backwards for corporate interests, and act like they did us a favor.

If you have actual proof of ulterior motive, please do tell.

linuxcooldude · Sep 22, 2013

kdarling said:
True, but I think in this case the source data would be similar enough to match. My reasoning is this:

The standard storage resolution (e.g. NIST, FBI) for fingerprint images is 500 DPI, which is the same DPI as the AuthenTec sensor.

The (for example) FBI photographic database is of the skin surface ridges, whereas the Apple source image will be of the same ridges' subdermal foundations, but from what I can tell from RF patents, that means the Apple source image will simply be cleaner, without surface cuts. (*)

Thus my conjecture that running the same feature extraction / match algorithm across a photographic database, would likely match up with the results that Apple stores.

In other words, I think there's a good reason why Apple only said that the data cannot be used to recreate the original image. Doing that is not necessary for a photo DB match.

Regards.

Edit: again, this is just a technical discussion. I don't think Apple will send anything anywhere. However, I do think they're understandably glossing over some things in order to calm people's worries.

(*) Which brings up all the talk about "only detecting live skin". Yes, the sensor goes down to where live skin usually is, but because of all the variations in real humans, the base RF sensor itself cannot detect whether it's reading live skin or not. According to AuthenTec patents, other methods must be used for that purpose.

As you said its all conjecture. A lot of software that is used to scan in and search a finger print database still relies on the original finger print. To say the data from deconstructed finger prints is searchable in anyway to any other other proprietary software output. For all we know that data could be also encrypted.

Apple was quite clear on the meaning and your basing on its trying to deceive the public based on nothing proven beyond conjecture.Then on somehow the data, even if it can be extracted is somehow searchable with the deconstructed fingerprints of other proprietary software.

Thats a lot of assumptions.

unplugme71 · Sep 23, 2013

scaredpoet said:
Even if it's your wife's, or husband's, or significant other's?

A match to... what? That would imply they already have your fingerprints.

The same can be said about Touch ID. Don't worry if the NSA has your fingerprints, because you've done nothing wrong.... right?

(Of course, that's not really a valid argument, anyway.)

you do have 10 fingers, right?

----------

see below

leaving fingerprints is not an issue in public places. There's thousands of layers of fingerprints, and they'd have to know exactly where mine was and see me do it to be able to capture and label the print as mine.

shenan1982 said:
You do realize the government(s) has your fingerprint if you've ever:

- enrolled in kindergarden in most states - nope- had a drivers license or ID card issued in any state - nope
- had any professional license, certification, or accreditation in your name - nope- cashed a check at a bank you don't hold an account at - never done this- worked in almost any government job, or contractor - nope- left the country and traveled to any one of the hundred countries who take fingerprint scan on entry - nope
Not to mention, you leave fingerprints everywhere, clearly you're not carrying alcohol wipes and wiping off door handles, ATM keys, or anything after you touch it.

Not sure why people are so afraid of EVERYTHING ... people give every detail of their lives to their mortgage companies and grocery store club card applications, yet something that you leave everywhere, your fingerprint, is suddenly scary?

Personally I'd be more worried about the government and Apple having a back door deal to let them look at my iSight camera at will on my iMac, Macbook Air, iPad, and iPhone... but hey, it's flattering myself to think my life has anything interesting enough for them to want to observe.... but then again I'm not a criminal.

iHEARTcartoons · Sep 23, 2013

Dear Senator,

Your concerns are very important to Apple and we take security very serious. We have enabled numerous protocols that ensure that random Senators, would-be hackers, nor (our) competition can obtain any trade secrets just by asking.

Sincerely,
Tim Cook
CEO, Apple

Ps. Are you even an Apple customer Senator?

kdarling · Sep 23, 2013

linuxcooldude said:
As you said its all conjecture. A lot of software that is used to scan in and search a finger print database still relies on the original finger print. To say the data from deconstructed finger prints is searchable in anyway to any other other proprietary software output. For all we know that data could be also encrypted.

Doesn't sound like you read my post.

My parameter was that the same proprietary image->feature algorithm was used.

Apple was quite clear on the meaning and your basing on its trying to deceive the public based on nothing proven beyond conjecture.Then on somehow the data, even if it can be extracted is somehow searchable with the deconstructed fingerprints of other proprietary software.

Thats a lot of assumptions.

See above.

As I said, Apple's just trying to reassure people that their original fingerprints are not accessible to anyone.

My point is that it doesn't matter if they are or not. If Apple were to send just the final data to the NSA, along with the algorithm used to produce it from the original image, then the original image is not needed.

Mac32 · Sep 23, 2013

The senator is NOT an idiot. It's simply sad and tragic to see people here claim otherwise. We need more senators like this, not crony capitalist politicians that's in the pockets of big corporations.

Btw. the senator should also have asked the following question:

"Is it possible to make a backdoor (or have a backdoor already been made) into the iPhone fingerprint system, such that it might be possible for the NSA or other third party to obtain the fingerprint at a later point?"

I'd like to think Apple constructed this technology specifically so that it couldn't be taken advantage of by the NSA at a later point, but we'll see. I'm not buying one of these phones either way simply based on principle. Google, Microsoft and Apple have lied to me and violated my rights enough at this point.
Btw., if you don't use a Facebook blocker, Facebook will continue to log your web activities even when you're logged out from Facebook. (Facebook might have changed their policy recently, but that really makes you think. Doesn't it?)

mspman · Sep 23, 2013

One thing I don't get is how people are saying "It's ok if Apple/Google have the info, but not the NSA." Are you guys actually assuming that if the NSA wants something that Apple or anyone else has that they just won't take it if denied access? As if your information is safer in corporate hands rather than government's? I fail to see that distinction at all. Once it's out there, it's out there and you can't take it back. That's why I'm not moving to a 5s. I implore everyone to think about the ramifications of your fingerprint data being out in the ether. Apple can make all the claims it wants, it's not convincing me that at some point in the near future this data and "format" won't get hacked and fingerprints reconstructed.

If you want to believe Apple, fine. Hackers love your "Nomophobia".

thill · Sep 23, 2013

Sigh.. I live in MN.. We have so many other issues to deal with right now, it really pisses me off that Senator Franken spends his time and energy ON THIS.

How about addressing employment, and education issues. Welfare reform. Bringing businesses to our state for job promotion. Healthcare issues. Crime issues.

This is nothing more than a play to get his name in the news. This guy needs to go!

linuxcooldude · Sep 23, 2013

kdarling said:
Doesn't sound like you read my post.

My parameter was that the same proprietary image->feature algorithm was used.

See above.

As I said, Apple's just trying to reassure people that their original fingerprints are not accessible to anyone.

My point is that it doesn't matter if they are or not. If Apple were to send just the final data to the NSA, along with the algorithm used to produce it from the original image, then the original image is not needed.

I read what you said, you just moved the goal post. You said nothing about if Apple were to give the NSA that information to begin with which is not what you mentioned.

kdarling · Sep 24, 2013

linuxcooldude said:
I read what you said, you just moved the goal post. You said nothing about if Apple were to give the NSA that information to begin with which is not what you mentioned.

It was just an example, as when I also said "The (for example) FBI photographic database".

belltree · Sep 24, 2013

Windlasher said:
Make sure you get the ex-tra heavy duty tin foil!

What color are the clouds in your dream land. Must be nice to be so naive.

Search

Search

Senator Sends Letter to Tim Cook Over Touch ID Privacy Concerns

SeaFox

macrumors 68030

Tech198

Cancelled

kdarling

macrumors P6

subsonix

macrumors 68040

kdarling

macrumors P6

calaverasgrande

macrumors 65816

linuxcooldude

macrumors 68020

unplugme71

macrumors 68030

iHEARTcartoons

macrumors regular

kdarling

macrumors P6

Mac32

Suspended

mspman

macrumors regular

thill

macrumors newbie

linuxcooldude

macrumors 68020

kdarling

macrumors P6

belltree

macrumors 6502

Our Staff