If It Wants Your Fingerprint, the Government Won't Need Your New iPhone
Your iPhone knows where you are. In the new version, it will know your thumbprint. Given revelations about NSA hacking Apple devices, should you be worried? Come on. No.
Your iPhone knows who you call. It knows where you are. And in the newest versions, it will know your thumbprint. Given revelations about how the NSA can access Apple devices, should you be worried about it having that biometric data?
No. No no no no no no. Come on. No.
To be fair, most of the suggestions we've seen that imply there's something to be worried about are either jokes or slightly better jokes or suggestions that worrying about this is dumb. The New York Times explained some legitimate concerns about the technology, which involves tapping the phone's home button with your thumb; The Washington Post had a more alarmed take. In case you are sincerely worried about it, allow us to articulate why you shouldn't be.
Getting data from the iPhone isn't easy.
Apple's iOS, the operating system that controls its mobile devices, is based on a version of Unix. For years, the company emphasized the security advantages of Unix in its marketing material, with good reason. On its developer site, the company explains how its "sandboxing" of applications leverages the security of Unix to ensure that apps only have access to a subset of the utilities available on the device. Think of it this way: If I take you into a building and lock you in an apartment in that building, you can roam around the apartment, use the shower, whatever. But you can't roam around the building. If you want to break everything in the room, go nuts. The building is safe. What Apple does is lock apps in rooms with access to some plumbing.
This isn't optional, as software engineer Isaac Schmidt from TenDigi confirmed to The Atlantic Wire by email. "[S]andboxing is a concrete constraint of the operating system," he said, "(as opposed to a 'rule' given to developers from Apple and enforced by the honor system)."
Speaking to All Things Digital, Apple vice president Phil Schiller confirmed that the thumbprint tool wouldn't be among the plumbing available in an app's room. Not yet — probably not ever. This is why you probably don't need to worry about malicious apps getting hold of your thumb print, either.
There are two ways in which developers might break out of the room, or at least access more plumbing.
The first is if the phone is "jailbroken," a procedure that allows a user to install applications from outside the Apple approval process. In that case, the doors to the rooms are left unlocked, and an application has broader access to the building at large. "Although jailbreaking the phone doesn't explicitly deconstruct the 'sandbox' architecture of the OS," Schmidt told us, "it does effectively mean that all bets are off in terms of assurances of what installed software can and cannot do any still be able to function/execute. So while fences remain on a jailbroken device, there is no longer anything to prevent you from jumping over them."
What's more, a jailbroken phone can look like its operating under the normal iOS, but if your phone isn't jailbroken, someone seeking to have those doors unlocked would need to jailbreak it first.
Probably. The second way to get out of the room is if the NSA hacks it. According to Der Spiegel, the NSA has successfully accessed iPhones.
Under the heading "iPhone capability," the NSA specialists list the kinds of data they can analyze in these cases. The document notes that there are small NSA programs, known as "scripts," that can perform surveillance on 38 different features of the iPhone 3 and 4 operating systems. They include the mapping feature, voicemail and photos, as well as the Google Earth, Facebook and Yahoo Messenger applications.
(Images from an NSA slideshow like the one at right certainly won't help nervous customers.)
It's not clear if this is a regular app that is leveraging all of the possible pipes iOS makes available, or if it is otherwise a system that allows the NSA to roam around the phone. The hard count of 38 suggests the former. What an NSA hacked phone looks like isn't certain (though two Guardian employees found a weird, probably unrelated app on their phones). What is clear is that installing the NSA's surveillance tool / system / whatever requires syncing the device with a computer, adding yet another level of difficulty for the NSA.
We'll get to why that matters in a second. First, to dispel another rumor.
Your print isn't leaving your phone.
There was some concern that Apple would upload your scanned thumbprint to the cloud; that is, to the internet. At this point it isn't, and there's no reason to think it would. (Why would you need your password, which is in effect what this is, remotely?)
All Things Digital confirmed this, too. "All fingerprint information is encrypted and stored securely inside the A7 chip on the iPhone 5s." And there you go.
There is the issue of PRISM. The vaguely understood data-sharing agreement between Apple and the NSA is focused on the transmission of possibly-encrypted data over Apple's servers. The NSA, according to leaked documents, asks Apple (and other companies) for a peek at the traffic moving past.
Your fingerprint, though, isn't traveling anywhere. Is it possible that the NSA could ask Apple to upload a user's fingerprint from the phone so that it can be transmitted to the agency? Sure. But that likely wouldn't be a request that comes through PRISM; it would probably require a separate warrant. Not impossible, but, given the burden of demonstrating need for a warrant, not as easy as a few keystrokes.
There are trillions of better ways to get your thumbprint. Gajillions.
There are cases in which law enforcement has grabbed a cup someone used once in order to test for DNA. You leave DNA around in far fewer places than you do your thumbprint.
People seem to forget that the NSA is a spy agency. It has people who, unlike Edward Snowden, get out of the office. If the agency wanted to get your thumbprint, it could have one of those people do so in an hour. Have someone follow you out to eat, snag your fork as it heads back to the kitchen when you're done. Done. Easy. You touch a glass door as you walk through. You leave your desk for the day. You leave thumbprints in hundreds of places all the time.
If the NSA wanted to grab your thumbprint, it could do so trivially. (Assuming you're not an American. The NSA, of course, isn't allowed to do this sort of surveillance on Americans, subject to a variety of qualifications and "except"s and so on that aren't worth getting into here.) Not without time and effort — but none of these options are free of time and effort. Having a guy pick your soda bottle out of the garbage is probably harder than getting access to your laptop to install malware on your phone, but not a whole lot.
What is the NSA going to do with your thumbprint, anyway?
Movie fans can probably imagine the NSA stealing your thumbprint, printing out a recreation of it from wax, and then slipping it onto a glove to carry out some nefarious activity. But unless you own a biometric lock at your house or office (which not many people do), that's not going to do much good. (If that even works, which seems unlikely.) Of course, you do have one biometric lock — on your iPhone. But the NSA wouldn't need to hack your iPhone to get your thumbprint so it could access your iPhone.
Maybe you're worried the NSA wants to confirm your identity. It seems unlikely that the NSA's acquisition of your thumbprint from your phone could be used to establish reasonable doubt when matched to an anonymous thumbprint at a crime scene. If it wanted to compare the phone print to your known thumbprint, well, that means the government already has your thumbprint. So it sort of doesn't matter in that case either.
So stop worrying.
Look, there are legitimate concerns about how the government and, particularly, the NSA conducts its surveillance. The boundaries of where and when that happens are still emerging and certainly suggest reason for caution.
Your new gold iPhone is not the key to a lock the government has been dying to pick. It is easy to hear a combination of things that have been remotely linked to dangerous situations and get nervous — iPhone, biometric, hacked, thumbprint, gold. But work your way back up the system of trails and you see that you've gotten pretty far from reality.
Now are you carrying your laptop across the border? That you should worry about.