There were a lot of jokes to be had about the NSA and the fingerprint scanner announced for Apple's newest iPhone -- including the one above courtesy of Internet meme machine reddit. But you can put away your tinfoil hat, because the technology used in most identity-based digital fingerprint scanners means the data they store is very different than the kind desired by law enforcement agencies.
"Databases of fingerprints keep full images of all 10 fingerprints so that future techniques for feature detection can be used," according to Joseph Lorenzo Hall, the senior staff technologist at the Center for Democracy and Technology.
But for mobile devices, "the enrollment or registration will take a few scans to detect features and determine the center of the print, then it will turn the detected features into a reference data structure (a biometric template) that lists features and positions on the print.," Hall explains. It would be that template, rather than a full featured scan that the device stores -- and likely of only one or two fingers, like say both thumbs so you have a back up.
Because it's only storing a few data points on select fingers, this data is very unlikely to be useful to law enforcement for things like matching a partial print from crime scene to an individual. So unless Apple did something radically different than earlier types of fingerprint scanners, the type data it will collect and store isn't something that would likely be used to build some sort of huge fingerprint database.
And just in case that doesn't put you at ease, Apple claims fingerprint data stored as part of the Touch ID will stay on the phone rather than be uploaded to some central database. It's unclear if Apple will still have access to fingerprints despite that state of affairs, but assuming it doesn't, it would be hard for the NSA to subpoena Apple for that biometric data.
Besides, law enforcement is doing a pretty good job creating their own biometric databases. The FBI's Integrated Automated Fingerprint Identification System (IAFIS) claims to have prints for more than 70 million subjects in its criminal master file and more than 34 million "civil prints." And the records in that database also include "corresponding criminal histories; mug shots; scars and tattoo photos; physical characteristics like height, weight, and hair and eye color; and aliases" that are available 24 hours day, 365 days a year to their local, state, and federal law enforcement partners. The FBI is also working on a Next Generation Identification (NGI) program that will go beyond fingerprints to include things like iris scans and face and vocal recognition.
Of course, none of this completely erases concerns about the larger implications of using fingerprint scanners instead of passwords on electronic devices like an iPhone. As my colleague Brian Fung noted, there are potential legal consequences for the switch from passwords to fingerprints for unlocking devices. For instance, some courts have ruled that forcing a defendant to provide the password for an encrypted hard drive is a violation of the defendant’s Fifth Amendment privilege against self-incrimination. It seems unlikely that the same level of protection would apply to fingerprint scans because the police can obtain them merely through access to a suspect's thumb.