And this illustrates my problem with Franken and all the far left -- government agencies are trampling over Americans' privacy, and his issue is whether a private company is taking sufficient safeguards to avoid making it easier for the government to trample that privacy.
As opposed to, you know, getting government to stop abusing its power.
Half of his questions are "what's Apple's legal interpretation of our abusive laws?" It doesn't really matter what Apple's interpretation is. What matters is the secret court's secret decisions about what those laws mean. It's good that Franken voted against renewing the Patriot act, but he should be sending this letter to his colleagues that voted for it, not Apple.
Or, you know, you could do both. If it's politically achievable to safeguard people's private data from private companies, then why not do that? This is the old "why bother with solving x when people are starving in y?" argument, which has never been too convincing.
And, for the record, I'm very interested to know what Apple's interpretation of the law is, because that could be what informs the design of their products.
I'd imagine some of the far left thinks its far easier to make it impossible for the government to do these things then to make it illegal (since the government seems to have little problem twisting laws to justify what they do). Moreover, you can and should take both paths at the same time.
Plus, even if you curtail what the FBI can get, there will be circumstances when they legally should and will be allowed to get data from a business on an individual(e.g. with a subpoena/warrant). As such it makes since to make verify Apple's assertion that they can't hand over anything.
Finally, he's not just asking about the government, he is asking about any third party.
I too wondered why he would ask Apple rather than the DOJ. If he did the latter, the answer would be that they don't know the details of the implementation, and can't say. Apple is the party which knows right now.
So what I would like, is that after Apple comes out with the details, the question gets asked to the government. That would ensure that the government does behave according to the intent of Congress.
Franken is one of the good guys... he's probably the strongest proponent of net neutrality in the senate.
The letter to Apple came from his role as the Chairman of the Judiciary Subcommittee on Privacy, Technology and the Law. That committee was created to advocate for consumer privacy, which is probably as important as privacy from the government. How many lives could Google ruin with all of the personal information they have on hand? How many companies have your credit card and social security number on some poorly secured server?
As for broader government abuse, Franken introduced a bill to mandate the NSA to reveal the extent of their surveillance, which is supported by just about every privacy-focused organization in the country (ACLU, EFF, HRW, etc.). While he's not as strong of a critic as Merkley or others, pushing things in the right direction is worth supporting.
We can't stop the powerful from lying about what they're doing. We can only potentially detect the lies after the fact.
We can decide that since we can't stop the powerful from lying, we won't hand them the tools to further incentivize that lying.
It's perfectly reasonable for a polity to decide that no member should build land-mines, even if the most blame lies with the users of land-mines. This is not a public / private, left / right issue.
First, government agencies aren't the only ones we should be worried about, even if government abuses are on the front page of HN every day. There are other concerns, and these are questions that Apple should answer.
Second, how do you know Franken isn't sending letters to his colleagues? Just because you're losing on one front doesn't mean you shouldn't try to fight on another.
to add to this, where's the NRA and supporters of the 2nd amendment regarding NSA/the government recording "everything"? wouldn't they be very vocal if the feds implemented a massive gun registry? (I'm not American so I may be off-base here)
It's not like a scanner that's taking a picture of a finger and storing the image on a chip. From what I can tell, the biometric markers of individual fingerprints are used as a hash to generate a strong password -- much stronger than a user generated password. The fact is, the standard 4 digit pins that most users use are not very secure. (From what I can recall of a recent security seminar I attended.)
Given the privacy concerns that have been news lately, it's understandable that this would raise some eyebrows, but when combined with something like the iCloud keychain for generating strong online passwords, this could actually be a great benefit to individual privacy.
It's possible the device is storing a second key of some sort as well as regenerate each time a fingerprint is set. It may even regenerate it each time a scan is done and reset the password.
I.E. hash( hash(fingerprint) + stored key ) = actual password.
Looks like the anti-spying-stories brigade is out in full force today flagging this and the two stories about GCHQ hacking the Belgian telecom companies
I still don't understand all this uproar over fingerprinting.
Fingerprints are obviously incredibly insecure. They're obviously identifiable. How is this news?
Fingerprint readers on phones are like locks on doors -- they deter casual people, but are totally worthless against anyone determined. But still pretty useful for their convenience in most situations.
Fingerprint readers on phones are for preventing your mother or your girlfriend or your son or your coworker from getting into your phone. And nothing more. It does zilch against police/government/espionage/etc. But it was never supposed to, any more than your front lock is supposed to keep a SWAT team out.
It should be worth noting, taking someone's fingerprint and duplicating it is surprisingly easy. In fact, a duplicate print has been used to open door locks and even computer locks as the Mythbusters have shown :
This seems like it would be a more powerful argument if the fingerprint sensor on the iPhone was used for more things than unlocking your phone and making App Store and iTunes purchases. As it is now, Touch ID doesn't need to be technically more secure, dynamic, or anonymous than a passcode or password, it just needs to be faster and more convenient. And what does a perpetrator do once they've lifted your fingerprint and made a copy? They still have to steal your phone or gain access to it for some amount of time, which requires very personal targeting.
The answer to this problem is to create a technology which allows for easy replication of fingerprints once you have a digital copy. Once that technology exists it will completely remove the use and value of fingerprints since the existence of a finger print won't prove anything.
3D printers could provide that system as long as they are precise enough to print fingerprints at scale.
re-create some super VIP's prints and plant them in undesirable places they obviously did not go to; then publicize it. Render the whole 'fingerprint as an identifier' thing with uncertainty and doubt.
I believe Objet/Stratsys still have the highest resolution printers at 16 micron layers and 30 micron-width droplets.
A quick google search says the papillary ridges of a fingerprint could be safely assumed at between .020 and 2.0mm in height[1]; that might be printable now.
"The Touch ID-enabled home button feels invisible; it works with a tap, can recognize your finger from many angles, and feels like it has less of a fail rate than fingerprint sensors I've used on laptops. It's impressive tech. It worked on all my fingers, and even my toe (I was curious)."
[+] [-] kevinpet|12 years ago|reply
As opposed to, you know, getting government to stop abusing its power.
Half of his questions are "what's Apple's legal interpretation of our abusive laws?" It doesn't really matter what Apple's interpretation is. What matters is the secret court's secret decisions about what those laws mean. It's good that Franken voted against renewing the Patriot act, but he should be sending this letter to his colleagues that voted for it, not Apple.
[+] [-] Osmium|12 years ago|reply
And, for the record, I'm very interested to know what Apple's interpretation of the law is, because that could be what informs the design of their products.
[+] [-] anologwintermut|12 years ago|reply
Plus, even if you curtail what the FBI can get, there will be circumstances when they legally should and will be allowed to get data from a business on an individual(e.g. with a subpoena/warrant). As such it makes since to make verify Apple's assertion that they can't hand over anything.
Finally, he's not just asking about the government, he is asking about any third party.
[+] [-] pjbringer|12 years ago|reply
So what I would like, is that after Apple comes out with the details, the question gets asked to the government. That would ensure that the government does behave according to the intent of Congress.
[+] [-] mikeyouse|12 years ago|reply
The letter to Apple came from his role as the Chairman of the Judiciary Subcommittee on Privacy, Technology and the Law. That committee was created to advocate for consumer privacy, which is probably as important as privacy from the government. How many lives could Google ruin with all of the personal information they have on hand? How many companies have your credit card and social security number on some poorly secured server?
As for broader government abuse, Franken introduced a bill to mandate the NSA to reveal the extent of their surveillance, which is supported by just about every privacy-focused organization in the country (ACLU, EFF, HRW, etc.). While he's not as strong of a critic as Merkley or others, pushing things in the right direction is worth supporting.
[+] [-] JabavuAdams|12 years ago|reply
We can decide that since we can't stop the powerful from lying, we won't hand them the tools to further incentivize that lying.
It's perfectly reasonable for a polity to decide that no member should build land-mines, even if the most blame lies with the users of land-mines. This is not a public / private, left / right issue.
[+] [-] cruise02|12 years ago|reply
Second, how do you know Franken isn't sending letters to his colleagues? Just because you're losing on one front doesn't mean you shouldn't try to fight on another.
[+] [-] lazyant|12 years ago|reply
[+] [-] joshowens|12 years ago|reply
[+] [-] rednukleus|12 years ago|reply
[+] [-] gdubs|12 years ago|reply
Given the privacy concerns that have been news lately, it's understandable that this would raise some eyebrows, but when combined with something like the iCloud keychain for generating strong online passwords, this could actually be a great benefit to individual privacy.
[+] [-] eksith|12 years ago|reply
I.E. hash( hash(fingerprint) + stored key ) = actual password.
[+] [-] pvnick|12 years ago|reply
[+] [-] crazygringo|12 years ago|reply
Fingerprints are obviously incredibly insecure. They're obviously identifiable. How is this news?
Fingerprint readers on phones are like locks on doors -- they deter casual people, but are totally worthless against anyone determined. But still pretty useful for their convenience in most situations.
Fingerprint readers on phones are for preventing your mother or your girlfriend or your son or your coworker from getting into your phone. And nothing more. It does zilch against police/government/espionage/etc. But it was never supposed to, any more than your front lock is supposed to keep a SWAT team out.
[+] [-] eksith|12 years ago|reply
https://www.youtube.com/watch?v=3Hji3kp_i9k
[+] [-] prjw|12 years ago|reply
http://www.h-online.com/newsticker/news/item/CCC-publishes-f...
[+] [-] baddox|12 years ago|reply
[+] [-] pvidler|12 years ago|reply
[+] [-] r00fus|12 years ago|reply
Read up on more details and critique about TouchID: http://arstechnica.com/security/2013/09/fingerprints-as-pass...
[+] [-] dobbsbob|12 years ago|reply
[+] [-] JabavuAdams|12 years ago|reply
[+] [-] wtvanhest|12 years ago|reply
3D printers could provide that system as long as they are precise enough to print fingerprints at scale.
[+] [-] bradleysmith|12 years ago|reply
re-create some super VIP's prints and plant them in undesirable places they obviously did not go to; then publicize it. Render the whole 'fingerprint as an identifier' thing with uncertainty and doubt.
I believe Objet/Stratsys still have the highest resolution printers at 16 micron layers and 30 micron-width droplets.
A quick google search says the papillary ridges of a fingerprint could be safely assumed at between .020 and 2.0mm in height[1]; that might be printable now.
Fun thought, anyway.
[1]-http://answers.google.com/answers/threadview?id=216913
[+] [-] robbiemitchell|12 years ago|reply
Passwords are often static, shared, and relatively easy to crack.
[+] [-] JabavuAdams|12 years ago|reply
It's like using your SIN as a secret.
[+] [-] thabofletcher|12 years ago|reply
[+] [-] joshowens|12 years ago|reply
[+] [-] Raphmedia|12 years ago|reply
Did anybody think of using toes yet?
[+] [-] r00fus|12 years ago|reply
"The Touch ID-enabled home button feels invisible; it works with a tap, can recognize your finger from many angles, and feels like it has less of a fail rate than fingerprint sensors I've used on laptops. It's impressive tech. It worked on all my fingers, and even my toe (I was curious)."
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] mumbi|12 years ago|reply