Apple, Samsung try to ease Franken’s fears about fingerprints

Apple and Samsung are trying to quell concerns from Capitol Hill about new technology that uses people’s fingerprints as passwords.

In letters to Sen. Al FrankenAl FrankenSenate passes resolution honoring Prince Senators aim to bolster active shooter training Minnesota senators praise Prince on Senate floor MORE (D-Minn.) released on Friday, the two tech titans claimed that users' fingerprints are not stored on their smartphones and are safe from hackers and identity thieves.

ADVERTISEMENT
“We agree with you that fingerprint scanning technology for smartphones can be convenient and beneficial for consumers but must be implemented in a way that safeguards consumer privacy,” Samsung vice president Cindi Moreland told the Minnesota Democrat.

Apple senior vice president Bruce Sewell added that his company’s technology was a “good example” of its commitment to privacy.

Both Samsung’s Galaxy S5 and Apple’s iPhone 5s allow people to scan their fingerprints instead of entering a password for accessing certain applications, spending money and other purposes.

Franken, who feared that those fingerprints could be attractive to criminals, requested information from the companies to ensure that they adequately protect people’s information.

The phones don’t store fingerprint images on the phone, executives told Franken. Instead, they use a mathematical model to identify someone’s fingerprint, which cannot be reverse-engineered into an image of the print. Additionally, that mathematical model is stored on the phones in an encrypted and protected chip, not transferred to an external database where it could be easier for thieves to nab.

In its letter, Samsung claimed that it “has implemented reasonable security measures to protect fingerprint data that users choose to store on their devices, including saving the data to a protected section of the device to prevent external access.”

Franken, who chairs the Senate Judiciary Committee’s privacy and technology subcommittee, seemed only moderately satisfied by the tech companies’ assurances.

“What I got was mostly good news,” he said in a statement. “But both companies have not taken any further steps to prevent criminals from bypassing fingerprint readers with a spoofed print. That problem needs to be fixed, since fingerprint readers are becoming a gateway to a range of powerfully sensitive information.”