formerly Stewart Smally

Minnesota Senator Al Franken has a few questions about your privacy and the fingerprint scanner on the Galaxy S5, and has sent off a letter to Samsung to get some answers. We've seen Franken do the same thing last year when the iPhone 5S debuted with fingerprint scanning technology, so we can't say we're surprised.

Fingerprints are the opposite of secret. You leave them on countless objects that you touch throughout the day: your car door, a glass of water, even the screen of your smartphone. And unlike passwords, fingerprints cannot be changed. If hackers get hold of a digital copy of your fingerprint, they could use it to impersonate you for the rest of your life, particularly as more and more technologies start relying on fingerprint authentication. — Senator Franken

Senator Franken acknowledges that Samsung has taken steps to keep user data private when they are using the fingerprint scanner, but he addresses concerns about hacking, and what Samsung plans to do with any data they may procure.

In general, Franken is actually doing his job and looking out for his constituents. The transcript of the letter follows.

Source: Senator Al Franken

May 13, 2014

Dr. Oh-Hyun Kwon, CEO Samsung Electronics Co., Ltd. Samsung Main Building 250, Taepyeongno 2-ga, Jung-gu Seoul, 100-742, Korea

Mr. Gregory Lee, CEO Samsung Electronics North America 85 Challenger Road Ridgefield Park, NJ 07660

Dear Dr. Kwon and Mr. Lee:

I am writing to ask you about privacy protections for the fingerprint scanning technology on the Samsung Galaxy S5 smartphone, which recently went on sale. I am concerned by reports that Samsung's fingerprint scanner may not be as secure as it may seem - and that those security gaps might create broader security problems on the S5 smartphone. I am writing to request information on how Samsung is addressing these and other privacy questions about its fingerprint scanner.

The security benefits of fingerprint technology are not as clear as many would expect. On the one hand, it's easier to swipe your finger than to tap out a complex password. Thus, the convenience of the fingerprint scanner may result in more smartphone owners actually locking their phones. On the other hand, fingerprint scanners raise acute security problems that passwords do not - particularly when they are used instead of rather than in addition to password verification. As I explained in an earlier letter to Apple regarding their rollout of their Touch ID fingerprint scanner, passwords are secret and dynamic, while fingerprints are public and permanent. If you don't tell anyone your password, no one will know it. If it gets hacked, you can change it in a minute or two.

Fingerprints are the opposite of secret. You leave them on countless objects that you touch throughout the day: your car door, a glass of water, even the screen of your smartphone. And unlike passwords, fingerprints cannot be changed. If hackers get hold of a digital copy of your fingerprint, they could use it to impersonate you for the rest of your life, particularly as more and more technologies start relying on fingerprint authentication.

Like Apple's Touch ID, the Galaxy S5's fingerprint scanner was hacked a few days after the smartphone's release. Security researchers bypassed both scanners by creating a fake rubber print from a fingerprint lifted from the screen of a smartphone.

Initial reports also suggest that the Galaxy S5 may raise security concerns that Touch ID does not. The Galaxy S5 fingerprint scanner reportedly allows for unlimited authentication attempts without a password prompt, whereas Apple's Touch ID requires a password after only five failed attempts. Furthermore, while Touch ID can be used only to unlock a device and to access certain tightly monitored Apple apps, Galaxy S5 appears to allow any app to use the fingerprint scanner instead of a password. This means that you can use the Galaxy S5 fingerprint scanner to send money on PayPal and access your password app; unfortunately, it likely means that bad actors who spoof your fingerprints can do that, too. This broader access to the scanner could potentially allow third parties to access sensitive information generated by the technology.

I respectfully request that Samsung provide answers to the following questions. All but the first are almost identical to the questions I posed to Apple last year.

(1) How exactly does Samsung secure the fingerprint data generated by the Galaxy S5's fingerprint scanner?

(2) Is it possible to convert locally-stored fingerprint data into a digital or visual format that can be used by third parties?

(3) Is it possible to extract and obtain fingerprint data from a Galaxy S5? If so, can this be done remotely, or with physical access to the device?

(4) Will fingerprint data be backed up to a user's computer? Will fingerprint data be backed up to the cloud or to Samsung servers?

(5) Does the Galaxy S5 transmit any diagnostic information about the fingerprint scanner system to Samsung or any other party? If so, what information is transmitted?

(6) How exactly do Samsung apps and third party apps interact with the fingerprint scanner? What information is collected by those apps from the fingerprint scanner system, and what information is collected by Samsung associated with those interactions, including identifiers or hashes related to the fingerprint data?

(7) What are Samsung's future plans for fingerprint scanning technology? Will it deploy the technology on its tablet devices, as news reports suggest?

(8) Can Samsung assure its users that it will never share their fingerprint data, along with tools or other information necessary to extract or manipulate the Galaxy S5 fingerprint data, with any commercial third party?

(9) Can Samsung assure its users that it will never share their fingerprint data, along with tools or other information necessary to extract or manipulate the Galaxy S5 fingerprint data, with any government, absent appropriate legal authority and process?

(10) Under American privacy law, law enforcement agencies cannot compel companies to disclose the "contents" of communications without a warrant, and companies cannot share that information with third parties without customer consent. However, the "record[s] or other information pertaining to a subscriber... or customer" can be freely disclosed to any third party without customer consent, and can be disclosed to law enforcement upon issuance of a non-probable cause court order. Moreover, a "subscriber number or identity" can be disclosed to the government with a simple subpoena. See generally 18 U.S.C. § 2702-2703.

Does Samsung consider fingerprint data to be the "contents" of communications, customer or subscriber records, or a "subscriber number or identity" as defined in the Stored Communications Act?

(11) Under American intelligence law, the Federal Bureau of Investigation can seek an order requiring the production of "any tangible thing[] (including books, records, papers, documents, and other items)" if they are deemed relevant to certain foreign intelligence investigations. See 50 U.S.C. § 1861.

Does Samsung consider fingerprint data to be "tangible things" as defined in the USA PATRIOT Act?

(12) Under American intelligence law, the Federal Bureau of Investigation can unilaterally issue a National Security Letter that compels telecommunications providers to disclose "subscriber information" or "electronic communication transactional records in its custody or possession." National Security Letters typically contain a gag order, meaning that recipients cannot disclose that they received the letter. See, e.g., 18 U.S.C. § 2709.

Does Samsung consider fingerprint data to be "subscriber information" or "electronic communication transactional records" as defined in the Stored Communications Act?

(13) Does Samsung believe that users have a reasonable expectation of privacy in fingerprint data they provide to the fingerprint scanner?

I'm not trying to discourage adoption of fingerprint technology for consumer mobile devices. If adopted with strong safeguards, this technology could prove to be convenient and beneficial. Rather, my goal is to urge companies to deploy this technology in the most secure manner reasonable - and create a public record around how companies are treating sensitive biometric information.

Thank you for your time and attention to these questions. I ask that Samsung answer them within a month of receiving this letter.


Reader comments

Senator Al Franken questioning Samsung about privacy and the Galaxy S5 fingerprint scanner



I would never use one myself because it would be in a file somewhere either locally or in the cloud.

Guess it doesn't matter much though, enough state and federal agencies have my fingerprints on file

Posted via Android Central App

Usually, the way these things work is that they create a kind of "hash" (similar to how your password is stored on websites) where the hash can't really be turned back into anything. But a new scan coming in can then be hashed and compared to the original hash.

I mean that, even if someone managed to hack into the phone and steal your "reference scan" all they'd get is a string of numbers. The idea is that it would be so computationally intensive, just to figure out the "shape" for a single fingerprint, that it really wouldn't be of any benefit to hackers.

There's likely much easier ways to get your info, anyway.

while ignoring a complete security disaster of iPhone
"iPhone is most vulnerable, least secure smartphone in the market, security firm finds"

like Obama protecting only Apple against US ban

I understand your sentiment but in this case I open this questioning with open arms. Unless you have some type of connection where you can ask Samsung directly about your privacy concerns and they will respond to your personally, if you do let me know.

Posted via Nexus 5 Android Central App

I respect where you are coming from, but (and I say this as a libertarian- the renowned anarchists of society haha), the governments sole job is to protect the people from infringements which they have difficulty, or impossibility, addressing.

This would count as one of those. I approve this. Good stuff.

Posted via Android Central App

I'm libertarian, and this is exactly where the government needs to step in and represent the people.

Posted via Android Central App

AL Franken is a blooming idiot. He wasn't that good of a comedian and worse as an official.

Posted via Android Central App

omg some guy on the internet might have my fingerprint. Now he has to find me and get my phone to unlock it.

More than that. Copy your fingerprint and use it on a crime scene. Think about it.

Posted via Android Central App

More than that. Copy your fingerprint and use it on a crime scene. Think about it.

Posted via Android Central App

I think a legitimate concern is that we just don't know how fingerprints will be used for security or identification in the future. Maybe it will really matter, and it is unlikely you will be able to easily change your fingerprint.

I remember when he used to be simply 'Al Franken on Saturday Night Live' you kids might be too young to remember that.

Posted via Android Central App

I had some serious questions about samsung's fingerprint reader the moment i heard PayPal was on board with it. It's all well and good when you're just unlocking your phone and confirming purchasing in the app store like on the iPhone, but the moment my fingerprint can be used to purchase anything in a store, I start feeling a little less enthusiastic. Still haven't heard anything from samsung on how exactly my info is secure.

We've been using fingerprints on our PC's for a decade to unlock and pay on tons of sites. Yes, I agree that it's not optimal to get unlimited tries, not that it makes much of a difference on a physical/manual login, but still. However, the concern about fingerprints used as authentication on PayPal or any other site is just a cry for media attention. The same site allows you to use passwords that are hacked too easily. That is a much bigger concern, as brute force attempts can be done by anyone with a computer and a list of email addresses.

Its the fact that sites like paypal can be brute forced into that is my main concern. It wasn't that long ago that I was getting emails from all sorts of sites about theft of login details and account information from huge companies, but a password can be changed. someone obtaining fingerprint data has that for life. there's no changing it. This is my concern. If its done the way Apple is doing it where they only keep the data on the device then tell the site you're accessing that it matches, then great. That's perfect. I just want them to confirm it.

Again, brute force hacking your password is on average easier. I've been working as a server engineer for 20+ years. I know how stupid passwords people use. No one will waste their time using a GS5 to make up a billion random fingerprints and try to hack your specific device, when they can buy a list of email addresses and try to access a lot of accounts instead.

Apple are doing what Apple are doing out of greed. They are, as always, locking their consumers into their own ecosystem. "You want the convenience of fingerprint, then you have to buy that ticket online through us." You can get skinned as much through Apple's service as you can through PayPal. The only difference is, Samsung don't force you to pay 30% extra for that like Apple.

What if i told you that Apple doesn't do everything out of greed and that sometimes, just sometimes, they actually care about consumer security?

You lost my attention as soon as you said "apple" and "greed.". That card has been played way too many times.

My LG G2>>> Your phone

Hey, I didn't being them up, I just clarified the only reason as to why Apple are locking third parties out. For the last time, fingerprints has been used on computers for over a decade without an issue, as there are much easier ways to hijack accounts.

And talking about that "you lost me at...". You might want to drop that signature to avoid easy retorts... Food for thought. =)


like Hans said, fingerprint scanners have been around a long time. They generally work just like passwords: you enter the password (fingerprint) you want, and the system creates a "hash". Basically, it's just a complex math formula that takes your password an converts it into a bunch of numbers that can't be turned back into the password itself. It's a form of "non-reversible encryption" and it's pretty common for authentication systems. It means that even the person on the other end doesn't know what your login info is, which is why a lot of websites (if you click the "I forgot my password") will just send you a link to create a new password, instead of actually sending you your password. They can't. There's no way to get it back.

I'd be *shocked* to discover that Samsung is treating their fingerprint scanner any differently, given that it's been such a long-running standard. Basically, even if someone managed to hack into your phone and steal the hash to your reference fingerprint, they would then have to figure out the math formula that creates the hash, and then have a computer try random combinations of shapes to see if one produced a hash similar enough that it would pass as your fingerprint.

Really, not terribly dissimilar from how a hacker would brute force a password, except that the "password" would be several orders of magnitude more complex that anything you would ever type in to a website or app. At the end of the day, brute forcing your fingerprint would be so computationally expensive, that it wouldn't represent an "advantageous" way for a hacker to get your data.

And, while your fingerprint can't be changed, the algorithm used to create the hash can be, which would provide some recourse if it was ever found that hackers had managed to bypass the system, because then they would have to go back to square one.

Just some food for though.

And THE most extreme left one at that. Consistently ranked by outside groups as the most partisan senator to boot.

The finger print scanner on the GS5 according to reviews only seems to work 60% of the time anyway. Still more secure than face unlock.

I can't look at Al Franken without seeing his goofy face as he played the baggage handler with his old partner Davis in Trading Places. And yes, I remember him in SNL... With me.... Al Franken.
I can tell you, I'd be pretty pissed if I had to respond to those 13 questions. They're really long. I think I'd need a college education just to properly address a letter to Korea. Did you see that address? Vafungol!

Posted via Android Central App

Who's that? It's Pat!

Quite possibly the worst movie of all time. He wasn't a good actor before and he's not good in his current role, either.

Posted via T-Mobile Samsung Galaxy Note 3

I applaud what Franken is doing. No, Samsung's system is a very early implementation of biometrics in a mass-market device, but others will surely follow, and we need to set some ground rules and best practices of how this technology will be implemented. First, is the fingerprint data stored only on the device or also in the cloud, and, if it's the latter, why is this being done? Also, if data is being passed to a service like PayPal, exactly what is being sent, and is it encrypted? Does the service keep the original data, or does it only create a hash?

All I'm saying is that there have been far too many cases of security through obscurity, so we need a clear understanding of how this system is being implemented.

Posted via Android Central App

He's an idiot looking for publicity. My Dell laptop has a fingerprint scanner on it. Did he send a letter to Dell? My Lenovo laptop prior to the Dell also had a fingerprint scanner. Did he send a letter to Lenovo? Toshiba makes laptops with fingerprint readers. Did he send a letter to Toshiba? HP makes laptops with fingerprint readers. Did he send a letter to HP?

There are hundreds of companies that make fingerprint scanning devices including door locks, timecard machines, gun safes, automobile ignition, home security systems, garage door openers, and crappy little $15 USB dongles. Did he send a letter to any of these companies? Many of those devices connect to the internet and many of them are made/sold by huge corporations, so was he concerned enough to send a letter to them?

Of course he didn't because he's just a grandstanding moron and "Samsung" makes a good headline.

Laptops made my Dell, HP, Toshiba, Lenovo, and others are almost 100% running MS Windows and almost 100% connected to the internet on a daily basis. That means they're running an operating system that has been hacked hundreds of times and connecting to the internet which makes the data accessible.

Why hasn't he sent a letter asking Dell, HP, Toshiba, and Lenovo what steps they're taking to secure the fingerprint data?

Here's how this works...put a new technology out in the world, say cameras for traffic violations, "security" or whatever...everyone complains, but is anything done about it? Nope, it's in the public's best interest in the name of security. TSA does full body pat downs, everyone complains, but is anything done about it? Nope, it's in the public's best interest in the name of security. ICE does vehicle stops within 100 miles of the border, police do DWI checkpoints all the time, everyone complains, everyone complains, but is anything done about it? Nope, it's in the public's best interest in the name of security. Now we have fingerprint scanners showing up on phones, people start complaining, and you know that pattern is nothing but 1's & 0's, and we all know how those bits can be turned into wonderful works of art, photos, music. It's just 1's & 0's, so what's the harm about storing it in the "cloud"? What harm could come of it, everyone complains, but is anything done about it? Nope, it's in the public's best interest in the name of security.
See a pattern here people? Why should the alphabet agencies in the USA, UN, or any other government worry about what people think? Nothing ever changes. Heck, even with a less than 40% approval rating, the congress/senate of the USA will retain a 90% re-election rate because everyone else's representative is bad, but mine is good. Why? Because he "gives" us things.
Until the people start showing up with pitchforks & torches in DC, calling for the heads of these clowns that make "laws", nothing will change. Franken & myself would be considered political polar opposites, but I encourage him to find out about this stupid idea of a fingerprint scanner. Personal freedom & liberty trump "security". There was once a wise man who said something to the effect that those who give up their freedoms, in the name of security, deserve NEITHER!

This guy is a dipshit. I don't care what he says about anything. He's on a power trip and it's a joke that anyone ever elected him for anything.

Posted via Android Central App

I use my fingerprint to sign in to work every day... no biggie, maybe I'll have someone copy my fingerprint and they can sign in as me and I can stay home!
Posted from my Beastly Note 3 via Android Central App

Is this a late April fools joke ? I have seen that guy on some comedy shows and are you telling me that he is a big shot politician in the U.S. ?

Excellent letter.
I have been saying for many years that fingerprints should never be used for biometrics. Only things like retina scan or deep vein pattern.... things that are not "left everywhere" or can be taken or used without your knowledge.

Wake up, people.

Senator "Oh look I found this box of ballots in the trunk of my personal vehicle 3 days after the election and it's just enough votes to make the unfunny so-called comedian al frankenstein win"

I'm certainly no lawyer, but why is he asking Samsung about their opinion of US law? Those that enforce those laws are the ones who will decide what is payload, etc. If that law is written so poorly such that a manufacturer decides then the law needs to be revisited.

This is the main reason I have no interest of a finger print scanner on my phone. Are we getting so lazy that we can't type a few letters and numbers to unlock your phone? What's next phones that cook meals lol

Posted Via AT&T Galaxy Note 3

Technically, the hash pattern generated by a fingerprint would be several orders of magnitude more complex than one created by a string of letters. It is actually more secure than just a password, not just easier.

I haven't noticed anyone mention that in biometrics a scan of the actual fingerprint is not stored anywhere. It is converted to a number which is based on various algorithms which compute said number. Why is everyone stuck on the fingerprint!?

Posted via Android Central App

I guess people are worried that someone will get that number, reverse engineer those algorithms and then have your print to do whatever they want with. My view on this is if someone really wants to do all of that work to get your print, you should not have pissed them off so bad to begin with

Posted via Android Central App

LOL. A hacker would *really* want *your* fingerprint to go to all the trouble of brute forcing the hash. Especially considering such a brute force method could take years for a single fingerprint.