Sen. Franken Frets Over Apple’s Fingerprint Technology

Users could be impersonated for life

It's one thing for a hacker to get your digital password and impersonate you on the Internet; you can easily change your password. But your fingerprint is a whole other matter, said Sen. Al Franken (D-Minn.).

Franken, who has taken a strong interest in the use of facial recognition and other biometric technology, is worried about Apple's new fingerprint reader on the new iPhone, Touch ID, because, as he puts it, if a hacker gets a hold of your thumbprint, "they could use it to identify and impersonate you for the rest of your life."

In Apple's promotional material, the company says that the fingerprint data isn't shared, doesn't exist on the Apple servers, and is tucked away in a corner of the phone that is inaccessible to third parties.

But Franken wants to make sure.

"It's clear to me that Apple has made a good-faith effort to secure this technology and implement it responsibly," he said. "At the same time, this new ground-breaking technology raises important privacy questions for millions of users," said Franken, who raised those questions in a letter to Apple CEO Tim Cook.

Among the questions Franken posed to Cook is whether it's possible for the locally stored fingerprint to be extracted from the iPhone, either remotely or with physical access to the device. He also asked about what kind of data is collected from Apple when a user selects Touch ID to interact with iTunes, iBooks and the App Store, and whether Apple can assure users that the company will never share fingerprint data with any third party.

Franken also raised a few legal questions. Right now, law enforcement officials cannot compel companies to disclose the contents of communications without warrants or share information with third parties without customer consent. "Does Apple consider fingerprint data to be the 'contents' of communications, customer or subscriber records, or a 'subscriber number of identity?’" Franken asked. "Does Apple believe that users have a reasonable expectation of privacy in fingerprint data they provide to Touch ID?"

Franken asked Apple to get back to him in a month.