Friday, September 27

Touch ID - Distributed Fingerprint Lookup


All the press regarding the new Touch ID fingerprint biometric on Apple's new iPhone has brought some insight into how to misuse this service.  Most of the critics have focused on circumventing the device to gain access or Apple deciding to share the data with the Government.

One interesting perspective that I haven't seen covered yet is if the system could be used as a distributed matching system for existing fingerprint image systems.  In an over simplified view of the process, a law enforcement agency can take an acquired fingerprint and search for patterns in the database of collected prints and spit out possible matches.

Although Apple states that an API won't be available for apps, it is conceivable that such an interface might exist, and provide the ability to take an acquired print (either from the iPhone hardware or from software) and check it for validity against the stored print.

There are some limits to this, as there is likely only going to be one print stored (Thumb in most cases) and the matching wouldn't be perfect (high false-accept and false-reject rates), and distributing a request for matching over public networks could potentially be discovered.  But, the pros of attempting matches across the entire iPhone population might outweigh these cons.

If anyone has more detailed information about the potential for this type of use I would like to hear about it.