Sense and Nonsense About Biometrics

Apple’s Touch ID fingerprint scanner seems to have fueled an important but ill-informed and ultimately nonsensical debate about biometrics and privacy. The latest example is this muddled editorial in the Sept. 22 New York Times.

Fingerprint photoThe Times editorial, and a great deal of other discussion of the issue, errs in confusing two completely different uses of biometric data: authentication and identification.

The iPhone uses fingerprints for authentication. It scans your finger an checks if it matches previously recorded data (read this for a deep dive into how the  process works and why it is secure.) You can record up to five prints. If you want one of them to be your cat’s paw, fine. You can give your cat access access to your iPhone. The phone does not care who the print actually belongs to, just that it matches.

This is what authentication is about. You attempt to access a system claiming to be Mr. X. The system confirms that this is the same person (or cat) who previously  claimed to be Mr. X. It offers no warranty whatever that the person claiming to be Mr. X is Mr. X or, indeed, that Mr. X exists.

Authentication is relatively easy. It is still non-deterministic and, like any other statistical process, subject to both false positives (accepting a print it should reject) and false negatives (rejecting a print it should accept.) But a properly designed system with a good sensor, like Apple’s, can keep the rates of both types of error very small. And as long as the biometric data is stored locally and securely, as Apple maintains is the case with Touch ID,  there is no real privacy issue. In fact, biometric authentication can increase privacy by reducing identify theft.

Identification is what happens when the police find a fingerprint at a crime scene. The FBI lab must compare this unknown print to millions of known prints in its database in search of a match. The likelihood of both false positives and false negatives is much higher than in the authentication case and the quality of any match–the probability that it is not a false positive–may be low. (Good defense lawyers know how to challenge expert witnesses on the quality of fingerprint matches.)

Fingerprint matching is at least backed by decades of experience and a fair amount of science. Other forms of biometric identification, such as face recognition in  crowds, is far more problematical. As Adam Harvey pointed out in an Ignite talk at the Privacy, Identity, Innovation conference in Seattle last week, the current state of technology makes it all but impossible to capture useful biometric data without the cooperation of the target. You have to touch something, hold still for iris scanning, or at least look squarely into a camera with you face unobscured. At best, the data we collect from tens of thousands of surveillance cameras is good only for after-the-fact identification of suspects.

But the technology for on-the-fly biometric data capture is only going to get better. This, not Apple’s fingerprint scanner, is what poses the real threat to privacy and where the debate ought to focus.

 

Reviewing Apple’s iPhone Event

I am providing you with a copulation of answers to several questions raised… ~ Marion Barry

The recent Apple iPhone event raised so very, many questions. Let’s touch on a few of them and see where we stand today.

Don’t sweat the petty things and don’t pet the sweaty things. ~ George Carlin

Apple TV

BREAKING NEWS: Piper Jaffray analyst Gene Munster on suicide watch following conclusion of Apple event with no sign of Apple television ((It’s an in-joke. If you don’t get the reference, just laugh hysterically anyway, then move on.)). ~ Peter Cohen (@flargh)

Sniping & Backstabbing

Personally, I could have done without the sniping and backstabbing done by Apple’s competitors. Apple does it too, so I’m not taking a “holier-than-thou” stance. I just think that it’s bad policy. But no matter what I think, it’s not going to stop any time soon.

Here are some examples of competitor’s mocking ads for those of you who like that sort of thing.

People who like this sort of thing will find this the sort of thing they like. ~ Abraham Lincoln

iPods

Not. One. Word.

Wow.

iPhone Buyback

Not mentioned at the event, but recently announced and implemented. I’m intrigued.

Phone buybacks, trade-ins and resales were already a big business but now Apple’s stepping in too. What effect will Apple’s participation have on the secondary markets? Worth keeping an eye on.

Apple’s Free iWork Just iScrewed Microsoft

Q: Where are an elephant’s genitals?
A: On his foot.
Q: Why do you say an elephant’s genitals are on his foot?
A: Because if he steps on you, you’re screwed.

Apple just stepped on Microsoft. Hard.

I don’t hear anyone talking about this and I’m not sure why.

Google has been attempting to undercut Microsoft Windows with Chrome for the desktop and Android in mobile. Apple has always subsidized its OS sales, but recently, they have begun to bundle their OS with their hardware for free.

(I)t’s not just Android that has made the OS layer non-monetizable. ~ Ben Thompson (@monkbent)

Google also attacked Microsoft’s other cash cow, Office, with free versions of Google Docs. Now Apple joins the attack by bundling iWorks into every new iPod Touch, iPhone and iPad.

Further, Apple already announced that iWork in the Cloud would be free and work cross-platform.

The problem for Microsoft (is) that you can’t charge for software anymore. ~ Horace Dediu (@asymco)

iWork being free could be truly disruptive to Office (especially ) if Apple were to make it free or pre-installed on all new Macs. ~ ßen ßajarin

Microsoft has an unequalled gift of squeezing big mistakes into small opportunities. ((With apologies to Henry James.))

Colors

PATIENT: Doctor doctor, I keep painting myself gold
.
DOCTOR: Don’t worry it’s just a gilt complex.

I refuse to argue over matters of taste. Let the market decide.

In matters of style, swim with the current; in matters of principle, stand like a rock. ~ Thomas Jefferson

iOS 7

Lots of controversy here. Some hate iOS 7. Some love it. Some say its going to upset Apple’s client base. Some say it’s going to reinvigorate Apple’s client base.

Only time will tell…

…and that time starts on Wednesday, September 18, 2013.

Carriers

Perhaps the biggest news for the iPhone came from outside the Apple event when reports indicated that Japan’s largest carrier (DoCoMo) and the world’s largest carrier (China Mobile) would be selling the iPhone this Fall.

Huge.

Literally and figuratively huge.

Something that people don’t seem willing to understand: Apple could have a deal with any carrier at any time they chose. But they choose to make deals only on their terms. Does that policy mean that they sell less phones? You bet. Does that policy mean that they make more money and sell only to the most engaged customers? You bet.

Apple’s low market share is not by accident, it’s by design.

M7 Chip

People say that Apple’s new M7 motion sensor is only potential…

…but that potential is huge.

People say that Apple isn’t innovating…

…but those people are dead wrong.

Apple is quietly putting together the foundation for the next five to ten years. People seldom pay attention when foundations are being laid…

…but they should.

Let’s wait just a bit and see what Apple hath wrought.

A7 Chip

How big is the new A7 chip for Apple? Well, let’s start with the fact that all of the differentiation between the iPhone 5C and 5S is built upon it:

— Faster and more powerful
— Camera features
— Fingerprint scanning

All of these benefits are made possible by the A7.

And future uses? Who knows?

But one thing to keep in mind. The incredible horsepower of the A7 is not so much targeted at consumers as it is targeted at developers.

With the A7 chip, Apple appears to be playing to their strengths. And it’s hard to know how quickly (or how slowly) the competition will catch up. ((No competitors are even close to bringing 64 bit to market and even for some platforms like Android which is focused on the low end non-spec smartphones it may not even make sense.))

Fingerprints, Privacy, Payments And The End Of NFC (We Hardly Knew Ye)

This topic deserves its own article, so let me briefly say this:

— Remember when people criticized Apple for not hopping on the NFC bandwagon fast enough? Yeah, forget about all of that.

Illustration of of Apple’s market power: it has effectively killed NFC despite Android supporting it. ~ Benedict Evans (@BenedictEvans)

— Remember when people said that Apple wasn’t innovative? Yeah, forget about all of that, too.

It seems Apple will skip NFC just like they skipped blue ray. ~ JF Martin (@jfmartin67)

— Remember when people said that Apple was doomed? Yeah, you forget about that one, too.

Having built a ‘secure element’ into the 5S…what else might Apple do with it? ~ BenedictEvans

Ah, now THERE is a grand question, indeed.

Seven Hundred Million iOS Devices

iphone-salesiOS is niche or going away?

Get over yourself.

iOS is 700 million strong and growing every day. iOS will reach a billion customers by 2014.

An iPhone 4S (2 year old phone) is only worth $50 less in good condition than the Samsung Galaxy S4 (4 month old phone) on Gazelle. ~ Abdel Ibrahim (@abdophoto)

Gazelle is not an analyst or a pundit or a fan boy. They want to make money. Their estimate of what they can re-sell hardware for is about as objective an appraisal as one can get. It’s set by the market. And so long as the market values Apple’s iPhones as premium products, then Apple’s iPhones ARE premium products.

Apple’s Unreasonable Pricing Strategy

Again, a topic for a full article. Let me just say this. The iPhone 5C is Apple doubling down on their current pricing strategy.

Apple’s iPhone event was a confident declaration that iPhones are worth paying for. ~ Ben Thompson (@monkbent)

Much more to follow in later articles.

Differentiation

One of my concerns was whether Apple would be able to sufficiently differentiate the iPhone 5C from the 5S. Would they be able to make the iPhone 5S $200 more valuable than the iPhone 5C without resorting to crippling the 5C?

It turns out that Apple only had to differentiate the phone by $100 since they inserted the iPhone 5C in the mid-level, rather than the low level, price bracket.

And did they meet their burden? Easily.

— Better A7 processor;
— Better camera features; and
— Fingerprint scanner and security system.

As an aside, I have to admire Apple’s marketing strategy. They created three differentiators between the iPhone 5C and iPhone 5S, all of which can be explained in a single sentence.

By way of comparison, go to a Microsoft store and ask the salesperson the difference between Windows 8 RT and Windows 8; or the difference between the Surface and any one of the notebook or hybrid computer models made by Microsoft’s (dwindling) hardware partners.

See what I mean?

Flagship v. Premium

Another topic that deserves another article. Let me boil it down to this:

The iPhone 5 was both Apple’s Flagship and Premium model. The iPhone 5S is Apple’s new premium iPhone. The iPhone 5C is Apple’s new Flagship iPhone.

Take a look at apple.com today and note which new iPhone appears first: the 5C, not the 5S” ~ Horace Dediu (@asymco)

Posit: yesterday Apple cut the price of the iPhone by $100, at same margin, and made it cooler. Also launched entirely new high-end phone ~ Benedict Evans (@BenedictEvans)

People are just not getting it. Apple has just reduced the price of their “Flagship” – the iPhone 5c – to $99 subsidized, $549 unsubsidized. Apple is going to sell a TON of these mid-level phones. This is by design.

Much, much more in later articles.

Jony Ive

The difference that Jony [Ive] has made, not only at Apple but in the world, is huge… If I had to pick a spiritual partner at Apple, it’s Jony. ~ Steve Jobs

appledesignteamJony Ive is the real deal, Apple’s true visionary.

Fast Company says that over the entire course of Ive’s leadership, only five designers have ever left Ive’s team with only two actually quitting, the other three simply died.

An incredible tribute to an incredibly gifted man and one of Apple’s greatest assets. So long as Jony Ive is with Apple, Apple won’t have to worry about that “vision thing.”

Innovation

When I hear people say that Apple isn’t innovative anymore, I have to do a reality check. Are those people living on the same planet that I am?

— MacBook Air
— iOS 7
— Mac Pro
— A7
— iPhone 5S

Taken together, the Mac Pro mentality and the A7 direction are terribly exciting. ~ Rene Ritchie (@reneritchie)

Agreed. The charge that Apple isn’t “innovative” would be laughable if it weren’t for the fact that so many people seem to take it seriously.

Critics who claim that Apple is not innovative may look like idiots and talk like idiots but don’t let that fool you: They really are idiots. ((With apologies to Groucho Marx.))

Critic’s Free Advice Worth Every Penney

The long knives are out for Apple. Critics are literally calling Apple “clueless” ((FRED WILSON: “The C in 5C does not mean ‘cheap’ as I had hoped. It means clueless, as in clueless about how the vast majority of new smartphone users are paying for their phones.”))

Leading candidate for Stupid Comment of the Day from Jony Evans at ComputerWorld: “Apple may have “hit its BlackBerry moment.” ~ Shawn King (@ShawnKing)

I don’t know about that, Shawn – the competition for stupidest comment is mighty fierce.

A critic is a person who rocks the boat and then claims that they are the only one capable of saving the ship.

Pshaw.

“The critic leaves at curtain fall
To find, in starting to review it,
He scarcely saw the play at all
For starting to review it.”

― E.B. White

Measure not the work until the day’s out and the labor done. ~ Elizabeth Barrett Browning

I have studied the wisdom of many (critics) and many cats. The wisdom of cats is infinitely superior. ~ Hippolyte Taine

Apple’s been doing pretty well on its own by ignoring the critics’ advice. Let’s wait and see how this all plays out before we jump to any premature conclusions. And let’s hope against hope, that Warren Buffet got it right when he said:

If a business does well, the stock eventually follows. ~ Warren Buffett

Touch ID: A Big Deal If Apple Doesn’t Mess It Up

The Touch ID fingerprint reader could be one of the most important features of the new iPhone 5s. Although it will initially be used only to unlock the phone and to log into the iTunes Store, it has the potential to improve the security of a wide range of mobile purchases and payments. But first Apple has to convince iPhone owners that it will not be a new assault on their privacy.

A few weeks ago, this would not have been an issue. But Apple is introducing Touch ID in an atmosphere in which many of the most far-out paranoid fantasies about government snooping seem to have been confirmed. A sampling of Twitter reactions to the Apple announcement, and this New York Times Bits article suggest what the company is up against:

Twitter screenshot

The sad thing is that there is a well-understood way to implement biometric tests such as fingerprints that is safe and will prevent the sort of leaks these tweeters fear. And I suspect that Apple, which bought AuthenTec, the leader in fingerprint technology, in 2012, is following these procedures. The problem is that Apple refuses to say so.

Despite several requests, all I could get Apple spokespersons to do was reiterate marketing chief Phil Schiller’s statement that the fingerprint data was encrypted and stored in “a secure enclave” on the A7 processor that could not be accessed by any apps. The data is never uploaded to iCloud or other servers. This is good, but not nearly good enough.

Here’s how you are supposed to do it. First, and Apple says this much, the reader never makes a copy of your actual finger print. What is does is collect data on a number, perhaps as many as several hundred, points called “minutiae” that uniquely identify a print. The minutiae are reduced to a string of numbers. The next step is really important. The fingerprint data should be run through a mathematical function called a one-way hash, which produces an encrypted version that cannot be decrypted. Because it cannot be decrypted, the original fingerprint cannot be reconstructed from the data, protecting your privacy.

The way this works is that the next time you scan a finger, the process is repeated and a new hash is generated. The new hash is compared to the stored hash and if they match, you pass. The same procedure is used for the secure storage of passwords. It is even more important for biometric data, because, while you can always replace a compromised password, you cannot grow a new finger.

If Apple wants to sell suspicious opinion leaders on the security and integrity of Touch ID, the company is going to have to be a great deal more forthcoming about just how it is protecting fingerprint data, including providing details on the encryption or hash protocols used. Ideally, it would let security experts examine the actual code in hopes of identifying the all-to-common implementation errors that can undermine seemingly secure encryption.

We definitely need an alternative or supplement to traditional passwords to make our devices more secure and useful, especially in commerce and payment. Biometrics, such as fingerprints, are a good choice, but only if they can be handled safely and, even more important, people are convinced their use is safe. That is going to require more transparency than Apple is used to providing.

The good news is that in my brief hands-on tests, Touch ID worked flawlessly. It was easy to register my fingerprints (you can use multiple fingers) and once the prints were set up, the iPhone responded instantly to my touch. It is by far the easiest fingerprint recognition system I have used.

For the moment, Apple is not allowing third-party app developers to use Touch ID, but I think it is only a matter of time until Apple expands its use beyond login and iTunes. The potential is just too great.

—–

An aside: I don’t worry in the least about the government getting my fingerprints, since I have been fingerprinted many times and my prints have been in the FBI database for decades. But the U.S. government isn’t the only snoop out there and I do worry about securing biometric data. as I said, once your fingerprint is gone, it is gone forever.