Although it has been rumored that Apple will be integrating biometrics into its products since it purchased AuthenTec last year, speculation that the upcoming iPhone 5S will have a fingerprint sensor appears to be on more solid ground with yesterday's release of iOS7, a new beta version of its upcoming software, to developers. According to 9to5Mac, the new feature may replace the Apple iPhone 'home' button and would indicate, then, that a fingerprint will work as the 'key' to unlock the phone. Other features that sources, including CNN, believe will be assimilated into the upcoming iPhone are improved camera and voice features, an improved processor, and even possibly a larger screen.

As stated, rumors began to fly in July of last year, when Apple agreed to purchase Authentec, paying shareholders $8 per share for a total of $356 million in cash. In its financial filings at that time, Authentec described itself as a provider of "a series of products including fingerprint sensors, software and intellectual property (IP) that provide security, convenience, personalization and navigation features in such end-use products as PCs, tablets, smartphones, printers, network servers and gateways." At the time of the merger, The New York Times reported that the acquisition of Authentec was significant because security was becoming the crucial feature of Apple products, since companies were increasingly purchasing iPhones and other Apple products for employees who are routinely expected and required to protect workplace information.

What better way to increase security than to use biometrics, which are currently used in computer science to control access and to identify individuals.

Biological Security?

A biometric characteristic, as described in a report by the National Security Agency (NSA), describes "a measurable physiological and/or behavioral characteristic that can be used for automated recognition." Currently, the most common biometric modalities that are employed for security purposes are fingerprint, face, iris, voice, signature, vein pattern, and hand geometry recognition, though other identifying biological characteristics, such as footprint and gait recognition, are being studied for potential use.

The NSA outlines the operation of a biometric system as a three-step process. The first step consists of various sensors observing or collecting the biometric data. The second step converts and describes the accumulated data using some form of digital representation known as a "template." In the third and final step, this newly-formed template is compared to existing templates, which have been created and stored in a database and declared either a "match" or a "non-match."

Significantly, within its report the NSA notes that declaring a match or non-match "is based on the acquired template being similar, but not identical, to the stored template." Those who create and use biometric systems stipulate parameters to determine the exact degree of similarity required to trigger acceptance or rejection. Thus, the threshold within any biometric system is adjustable; a net can be widened, narrowed, or modified, depending on the user.

Considering that a fingerprint sensor may be part of the next generation, iPhone and biometrics may increasingly be used for commercial purposes going forward, what are the implications?

Which database?

In an article published in Duke Law Journal, Catherine Kimel discusses DNA profiles, a form of biometrics commonly used in law enforcement, and computer searches in light of the Fourth Amendment. Protecting citizens against unlawful searches and seizures, the Fourth Amendment is the statute that requires officials to obtain warrants before searching property. Noting that among those who have addressed DNA databasing, courts and scholars have "focused their attention almost exclusively on the constitutionality of the government's seizure of the biological samples from which the profiles are generated." She wonders, though, if Fourth Amendment issues exist when the government simply searches its vast DNA database.

Within her paper, she follows the evolution of DNA collection and databasing. First used in the late 1980s, the earliest of DNA-collection statutes only required someone to submit a biological sample when convicted of a sex offense or a violent felony. These statutes, though, rapidly expanded to include people convicted of any felony and even misdemeanors. CODIS, the computer software program that operates the local, state, and national databases of DNA profiles now includes convicted offenders, unsolved crime scene evidence, and missing persons.

"Rather than link identified suspects to specific crimes, the distinct purpose of DNA-collection statutes has been to facilitate the creation of genetic databases to assist law enforcement in generating suspects for unspecified past and future crimes," Kimel wrote. "The incidence of cold-hit matches continues to rise exponentially as CODIS acquires more and more DNA profiles."

A question that any future purchasers of a product with fingerprint sensors, such as the rumored iPhone, might want to ask themselves is whether they have fears about their information being stored in a commercial database.

Safety

Many people argue that such fears are ridiculous. A fingerprint sensor (or voice signature or iris sensor) will simply keep their information safe. Besides, the increasing use of biometrics is an inevitable trend.

Yet, according to Edward Snowden as transcribed by TPM for his interview released by the Guardian, "Companies like Google, Facebook, Apple, Microsoft — they all get together with the NSA, and provide the NSA direct access to the back ends of all of the systems you use to communicate, to store data, to put things in the cloud, and even just to send birthday wishes, and keep a record of your life."

Still, if a person is not doing anything wrong, what does it matter if someone has access to their information?

Perhaps, for law-abiding citizens, it truly does not matter whether their biometric data is included in a database, no matter who has access to it. But since the standards to create a "match" are not exact, as the NSA indicates, access to information secured behind a biometric characteristic, such as a fingerprint, may not even be safe from a common thief.

Source: Kimel CW. DNA Profiles, Computer Searches, and the Fourth Amendment. Duke Law Journal. 2013.