The authorities love Facebook because people put so much of their personal data on the site. Including where they were, with times, dates and photo evidence. But Apple’s new “swipe and pay” requires that people use a fingerprint. As such, can the police take that fingerprint data from Apple?
Since Apple has admitted that it’s phones collect and transmit data back to Apple, it is possible that the police could capture fingerprint data via the web, on the way to Apple. Or even worse, write software to take the data form the phone without the user’s knowledge.
While Apple is trying to position itself and the better privacy company – better than Google – it may have opened itself up to a privacy problem. In order for the swipe and pay to be secure, it needs to have a password option. Or Apple needs to remove the software data tracking enabled on it’s phones. If Apple’s iOS (the operating system on it’s phones) has the data tracking features removed, then maybe we can feel secure. But if Apple wants to collect once too many data on it’s users, then the fingerprint data may be vulnerable.
Recently the U.S. Supreme Court ruled that a search warrant was required to search a suspect’s phone. But many rulings say that a fingerprint left in public is not protected. That is, the police do not need a warrant to use it as evidence. At least in the US. For the moment …
With fingerprint data, the data is on the phone. But it could be sent to Apple, thus transmitting it on the public airways (using the jargon of the old radio days). Again in the US, Supreme Court has ruled that public transmission is not protected. And, strange as it is, a sealed letter is protected, but not a phone call. The idea is that phone call does not require opening. That is, another person on the line can hear the conversation. With a letter, it is transmitted through the mail hidden from the postal carrier. But on the phone, the conversation is not hidden or sealed.
So this would make the fingerprint transmission an open or public act. And that has me worried. Is using the iPhone now a device the can collect fingerprint data by the police?
We’ll need to see if Swipe and Pay will move to the Android platform, and if hackers will try to get fingerprint data. If they do, it will be real fun and games. The bigger issue is the privacy issue raised. In many countries, what you leave for trash pick-up is considered public. That is, a person looses all privacy rights when they throw something away. Will this be true of finger print data also?
Want more about Apple Pay? Have a look at my Introduction to the Use of Virtual Payments and Apple Pay blog post.