Apple's Touch ID: Add "something you buy" to something you are, something you know, something you do, and something you have
Apple's biggest contribution to the technology world has been its ability to bring order to chaos. The iTunes music service is the best example of this: before iTunes, the world of music downloads was the Wild West. There were outlaws, like Napster and its rivals, who ran clunky attempts to commercialize the rogue industry out of town. Apple changed all that by making the music download experience uniform and simple.
The most promising element of Apple's new fingerprint scanner, announced as part of a new iPhone model on Wednesday, is the potential to bring order to the chaotic world of personal gadget security. The Touch ID system will let users wake up their phones with a simple finger touch. It's a big step forward, but it shouldn't be confused as a big step forward in security; it's more of a big step forward in convenience and a small step forward in security.
Let's get this out of the way first -- Apple will have to provide some alternative mechanism to unlock phones, and that means hackers and criminals will be able to circumvent Touch ID. Fingerprints suffer damage (kitchen cuts!) and fingerprint readers break. Apple will have to offer the equivalent of a password reset option to those folks, and just like all other "Lost password" retrieval systems, that will almost certainly be the weakest link in the chain. By definition, it can't be any stronger than current systems. Touch ID will be easier to use than PIN codes, resulting in happier (if not much more secure) users, and that's why Apple is adopting it.
That said, you've already heard a tremendous amount of catcalls from geeks since the announcement of Apple's Touch ID, describing all the various horrible things that can happen to users. Fingers can be cut off and used to unlock stolen phones, certainly. It's possible that prints can be lifted off martini glasses in bars and molds made, also, though there's hope that Apple's capacitive sensor system will make that harder to do.
While all this is true, it's this kind of hand-wringing which has crippled the security industry for years, prevented implementation of all sorts of creative security technologies, and left most users with a 50-year old user/password system protecting most of their digital lives. While a strong password stored only in a user's brain is the most secure system we have, in reality most users pick horrible passwords. Many iPhone users don't even bother setting a 4-digit PIN, those who do pick common codes like “1234,” and countless others wouldn't bother if their e-mail server didn't insist on it.
In the real world, making security more convenient also makes it more secure, because behavior is more important that technology. A strong password is no good when it ends up on a post-it note tacked to the monitor.
For years, researchers have been talking about the "death of the password." In the past, I've predicted that passwords wouldn't die until there was a truly horrendous security breach, such a million people losing money via online banking. Last year, millions of passwords were compromised at brand-name sites liked LinkedIn, but people barely reacted.
Part of the reason: There are far too many alternatives in the security world, each one with theoretical (and real flaws). Voiceprint systems can be hacked via recordings, Hollywood has shown. As with fingerprints, retina scans are subject to, ahem, physical attacks. Facial recognition, used by some smartphones now, is so clunky that it hasn't caught on. Token counter keyfobs, popular with high-security firms, are subject to theft of the counter creation formula.
All those flaws have been enough to make tech companies shy away from adding security tech to all but the most security-conscious employees, ending any possibility of agreement around a standard. Apple is one of the few firms to create such a standard, and it's possible Touch ID will accomplish that. Users will get used to flashing their fingerprint to unlock a gadget, and it's easy to see how the standard could spread to other devices.
Sure, fingerprint readers can be tricked, but the biggest security problem Apple faces at the moment is theft. Law enforcement officials say show Apple gadgets have actually caused an increase in crime. Will street thugs who rip iPhones out of subway riders' hands be able to create fake fingerprints on a mass scale? Perhaps a supply chain might develop, but I think that's far-fetched, and it will be expensive, making theft less lucrative.
Should fingerprints become a standard? Let's review the conceptual options at play for security firms who want to move beyond the password. Security techs fall into four categories:
1) Something you know (passwords)
2) Something you are (fingerprint, retina)
3) Something you have (debit card, keyfob)
4) Something you do (how you type, how you walk)
So-called two-factor authentication combines two of these concepts together. The classic two-factor model, used with great success for many years, is the debt card. Getting money from an ATM requires having something (a card) and knowing something (a PIN code). Apple can easily add two-factor to the new iPhone -- you might need a fingerprint and a code to unlock -- and it appears individual companies will be enabled to do so. That's much more secure than a PIN code alone. Could arguments be made for other technologies? Yes. Should that stop someone from trying something that might help? No. Could TouchID be the iTunes of security? Maybe.
Apple's adoption of fingerprint technology can't be understood without the context of repeated calls from law enforcement for addition of a "kill switch" or some other technology that would mitigate the street crime problem. Fingerprints do not solve that problem -- criminals will not stop stealing phones because some of them require a fingerprint, just as PIN codes on GPS devices haven't yet dented GPS theft -- but will eventually help.
The real concern with Touch ID, made much more sensitive because of the recent litany of NSA surveillance revelations -- is that Apple is now contributing to creation of a worldwide database of fingerprints. The firm has taken pains to explain that it's not doing so, that the fingerprint will be stored on the phone only. Given recent proof that many tech firms work secretly with U.S. government agencies, there are legitimate questions about the credibility of this claim. Will Apple, or a cell phone company, be able to guarantee that this data will never find its way into a government database? How could they? Security expert Bruce Schneier likes to say that a surveillance society make people less safe, not more safe, and here is a good example. A perfectly good security upgrade may fail because Americans can't trust corporations or the government not to exploit it.
Of course, the FBI already has a vast database of fingerprints, called the Integrated Automated Fingerprint Identification System, or IAFIS. On its website, the FBI says it has 70 million subjects in its criminal master file, along with 34 million "civil prints," presumably collected from teachers, coaches, and many other innocent people who've been required to submit their fingerprints for employment. So while Americans bristle at handing over their prints, because it often makes them feel like criminals, millions have already done so.
Rather than criticize Apple for trying to finally bring order to the chaotic enhanced security world, a better strategy would be to create privacy laws that forbid abuse of such information by governments and corporations alike. In the meantime, check on what companies know about you, and take some of your information off the grid.