Apples latest media carnival made clear that the company still has a capacity for spectacle, self-congratulation and, in the end, no small bit of innovation.
Amid a multimedia onslaught, including an Elvis Costello performance, the company unveiled the new iPhone 5S, complete with its piece de resistance: Touch ID, a fingerprint sensor that can supplant your password and be used to make purchases from Apples stores.
Even if it flops, Touch ID can still serve a useful purpose. Biometric devices are only going to become more pervasive, forcing consumers to confront a host of legal, moral and practical challenges. Better to start thinking through these issues now than when your bank, employer or (not least) government starts asking for a print.
As traditional passwords have grown more vulnerable, a host of biometric has arisen. The hope is that they could enhance both security and convenience: better protection from hacking and theft, no more forgotten passwords or onerous sign-in procedures. Investors have taken notice, other smartphone makers are likely to follow Apples lead, and some of the biggest names in Silicon Valley have joined a trade group that advocates wider adoption of the technology.
In the digital world, however, security and convenience are rarely complementary. Fingerprint scanners have obvious weaknesses that Touch ID will have to overcome.
For starters, biometric devices are typically susceptible to degradation, fluctuations in temperature or humidity, and the vagaries of biology (the quality of your fingerprint tends to decline significantly as you age, for example). They rely on probabilities; as such they are inherently fallible, as a report by the Natural Research Council found. Theyre not immune to counterfeiting. And they can be finicky or poorly calibrated.
If fingerprint scanners are eventually adapted for mobile payments, banking or cloud computing – uses that would often require a database of biometric information to verify a user – they could become as vulnerable to hacking as ordinary passwords. Worse, once a thief has your fingerprint, he always has it.
Finally, biometric data could present a privacy nightmare. It is by definition personally identifiable, and if theres any lesson consumers should have internalized, its that no data is truly safe once its collected and stored.
Apple has tried to mitigate a lot of these problems. The Touch ID sensor, the company says, is made of sapphire crystal, which not only sounds good in a marketing brochure but should also help forestall degradation. Perhaps more important, Apple says that your fingerprint data will be encrypted and stored only on your phone, not in the cloud, thus making violations of privacy or malicious intrusions more difficult.
Consumers may still hesitate, whether because theyre freaked out by divulging something so personal or they find it too cumbersome to bother with (just ask Motorola, which found out two years ago that smartphone consumers werent ready for fingerprint sensors). Apples challenge, then, is twofold: convincing wary customers that their information is safe and that a fingerprint scan is more convenient than a password.
So applaud Apples technological innovation and marvel at its marketing prowess. (Or decry them both; we take no position in the fanboy wars.) Just remember its only the beginning, and that no security system – no matter how cool, convenient or technically advanced – is infallible.