Skip to content

Entries from September 2013

How risky to privacy is Apple's fingerprint reader?

Congratulations to Apple for featuring a fingerprint reader as part of its new iPhone. It was reported by The Wall Street Journal here, in the blog of Bruce Schneier here, by Time Tech here, and in dozens of other places. Very much expectedly, this revelation spurred anxiety among the conspiracy theorists out there. The two common concerns that were raised are:

  • Apple will have a database of all our fingerprints.

  • What if someone breaks into the device and gets at our fingerprint?

(There is another line of concern, related to the fifth amendment and how its protection may be foiled by authenticating using biometrics alone, but this is a legal concern which is off topic.)

While a bit of paranoid thinking is always helpful, security engineering requires more than crying out each time a mega-corporate launches a new technology that involves private data. Assets and threats need to be determined, and then we can decide whether or not the risk is worth the benefits.

Continue reading "How risky to privacy is Apple's fingerprint reader?"

Protecting private data: with law or with technology?

There is an ongoing debate on the need for new regulations that protect individuals’ personal data. Regulation is said to be required to protect the personal data of citizens, consumers, patients, etc., both against corporate service providers as well as against governments.

There is a growing concern about the implications of the data collection habits of social network operators, such as Facebook, as well as other service providers. Even those individuals who claim to not see any tangible risk behind the massive collection of data on themselves by service providers, still feel unease with the amount of data available on them, and on which they have no control.

On the state side, knowing that your government may monitor every single email and phone call reminds of George Orwell’s book “nineteen eighty-four". It is largely agreed that this practice, if not outright eliminated, shall at least be better controlled.

This essay discusses the two possible domains for such better control:
technology and regulation, arguing that the former is tremendously more effective than the latter.

Continue reading "Protecting private data: with law or with technology?"