Book – Urban Fabrics Inside Out

Two new publications set out to investigate the urban structure from a different angle than the ever same physical structure perspective. Whilst it might not as such mark a general shift in the way cities or urban areas are investigated these two publication both take a very strong position stressing the social aspects, the experiential and the lived city. It is about people, individuals as much as society and culture.

Both books are part of much larger ongoing research project supported by large national bodies, but operating internationally.

The first of the two books is Suburban Constellations. Governance, Land and Infrastructure in the 21st Century. edited by Roger Keil published by Jovis. It is in fact some kind of half time summary of the ongoing project (2010-2017) Global Suburbanisms: governance, land, and infrastructure in the 21st century. Here the group not only reports on findings, but it is also a tool to define the status quo and look ahead at what is to be achieved further down the line. The project is mainly supported by Social Science and Humanities Research Council of Canada but investigates case studies from around the world. One of the very striking themes in this project is to bring case studies of all those areas of urban sprawl from around the globe together and compare/contrast them.

The second book is Handmade urbanism: from community initiatives to participatory models : Mumbai, São Paulo, Istanbul, Mexico City, Cape Town edited by Marco L. Rosa and Ute E and published by Jovis. Weiland and is a publication that draws on the Urban Age project at home at LSE and famously sponsored by Deutsche Bank. Here the Project is already into its sixth year and a number of books where published in its context. Most prominently the Endless City (2008) and Living in the Endless City (2011) both by Burdett and Sudjic. This new publication specifically focuses on the Urban Age Award which is organised by the Alfred Herrhausen Society as part of the Urban Age Conferences. With a focus on what is happening on the ground it is based on interviews with different stakeholders in each of the projects world cities. Those five cities are Mumbai, Sao Paulo, Mexico City and Cape Town. The editor of this new publication Ute Weiland has for the past five years coordinated said awards and worked closely with the local contributors in all five cities.

What is special on those two publications is the angel they portrait the urban world and the focus they chose for the respective research projects. The main topic is the rapid urbanisation, the fact that 80% of the world’s population will be living in urbanised areas by 2050 that urban means collective and that cities are in constant flux.

The publisher house Jovis has already a bit of a history with similar publications. There is for example Matthew Gandy’s Urban Constellations (2011) as one of the recent publications in this area. In fact Keil does specifically refer to Gandy in his introduction and the two books even share partly the same title.

Suburban Constellations. Governance, Land and Infrastructure in the 21st Century. being a work in progress brings together a body of writings much more experimental and investigative in comparison. Whilst this might be interpreted as a lack of focus or clear scope at times, it does surprise the reader with raw concepts and very direct lines thought making for a joyful read. Further more it does not require to be read from cover to cover, rather it can be picket up to read just one of the essays and read others maybe later.

It is structured along four topics: Foundations, Themes, Essay and Images and Regions. The first topic presents some ‘foundational thinking on suburbanisation’. The second topic ‘elaborated on those themes with emphasis on redevelopment, risk, boundaries, water, sewage, and transportation. These topics intertwined with the research project’s main points of Land, Governance and Infrastructure. Whilst this organisational structure whilst they might make sense from a project point of view it not as easily accessible for the generally interested reader.

book coverImage taken from the bad-news-beat.org / The waste lands of Fort Mcmurray AB.

The are pieces like “Forth McMurray, the Suburb sat the End of the Highway” by Clair Major describing the context of one of Canada’s two purely business driven settlements just north of Edmonton fuelled by the large oil sands. Or on the other hand an Essay by Alan Mabin “Suburbanisms in Africa” where he discusses not just the suburbs as places but mainly suburban as a term and its meaning in a culturally very different context. He for example points out how difficult it is to translate the term suburb or indeed suburbanises to other languages. For example in places such the urbanised areas of South Africa where beside the local/traditional languages plus English, French and Portuguese all compete for the meaning full expression such terminologies become very fluid in deed creating a complex concept of their own undermining all efforts to frame the topics with key terms.

The project plans a very comprehensive dissemination strategy including conferences and article, but also summer schools. So there will be much more to come from this project and research collective. Preview PDF for this publication is available HERE.

book spreadImage taken from the perfact.org / Book spread Handmade Urbanism showing sketch illustrations.

Handmade urbanism: from community initiatives to participatory models : Mumbai, São Paulo, Istanbul, Mexico City, Cape Town has its focus on what is happening on the ground in each of the five metropolis regions and is being supported by the worldwide operating initiative Urban Age Award sponsored by Deutsche Bank.

The premise of the initiative is that empowering the local population and supporting them to organise their own projects will lead to more sustainable and lasting projects and increases the communities resilience. These aspects are investigated through the interviews and discussions each locations is portrayed by. This is frased by Wolfgang Nowak, the initiator of the Deutsche Bank Urban Age Award in his interview as: “I am not one of these people, like a Florence Nightingale, who stands and gives out soup to the poor (she has in fact done a whole lot more, for people and science). What we want is to enable the poor no longer to accept soup queues and produce their own soup.” (annotation added)

The book structure is organised along the cities. This main body is introduced by a series of essays creating a context for the project. These are by Wolfgang Nowak, Ute E. Wieland and Richard Sennett. These essays are not extensive in length, but try to be very concise.

The main part of the book presents a range of information about each location. There are basic statistics and data key figures information, and a short introduction to each of the three shortlisted projects. This is then followed by a series of interviews with local stakeholders. Experts from the jury, the local government as well as the project initiators.

The book also comes with a cd so you can in addition watch the documentary about the award and hear a bit more about community-driven initiatives. Runtime only 5:30. Also the publisher offers a online preview in PDF for this publication, available HERE.

Both books provide a good overview and outline of these kind of projects. Both projects have a large scope but the struggle between global level of organisation and local level of operation is very apparent. It leaves the reader wondering what exactly do we take from all this? Urban Constellations is the one that makes for a good read with experimental thoughts and Handmade Urbanism is the more descriptive discussion type of publication.

Graphically the two books have very different approaches. Handmade Urbanism translates the topic literally and all illustrations are hand drawn sketches and symbols. Urban Constellations makes extensive use of photographs documenting places mainly views onto or into suburbs. It however a rather weak part of the book, the illustrations do not live up to the surprises the essays manage to challenge the readers with.

book coverImage taken from the Perfact / Handmade Urbanism book cover.

Keil, R. ed., 2013. Suburban Constellations. Governance, Land and Infrastructure in the 21st Century., Berlin: Jovis Verlag.
Rosa, M.L. & Weiland, U.E. eds., 2013. Handmade urbanism: from community initiatives to participatory models : Mumbai, São Paulo, Istanbul, Mexico City, Cape Town, Berlin: Jovis Verlag.

Continue reading »

Book – Urban Fabrics Inside Out

Two new publications set out to investigate the urban structure from a different angle than the ever same physical structure perspective. Whilst it might not as such mark a general shift in the way cities or urban areas are investigated these two publication both take a very strong position stressing the social aspects, the experiential and the lived city. It is about people, individuals as much as society and culture.

Both books are part of much larger ongoing research project supported by large national bodies, but operating internationally.

The first of the two books is Suburban Constellations. Governance, Land and Infrastructure in the 21st Century. edited by Roger Keil published by Jovis. It is in fact some kind of half time summary of the ongoing project (2010-2017) Global Suburbanisms: governance, land, and infrastructure in the 21st century. Here the group not only reports on findings, but it is also a tool to define the status quo and look ahead at what is to be achieved further down the line. The project is mainly supported by Social Science and Humanities Research Council of Canada but investigates case studies from around the world. One of the very striking themes in this project is to bring case studies of all those areas of urban sprawl from around the globe together and compare/contrast them.

The second book is Handmade urbanism: from community initiatives to participatory models : Mumbai, São Paulo, Istanbul, Mexico City, Cape Town edited by Marco L. Rosa and Ute E and published by Jovis. Weiland and is a publication that draws on the Urban Age project at home at LSE and famously sponsored by Deutsche Bank. Here the Project is already into its sixth year and a number of books where published in its context. Most prominently the Endless City (2008) and Living in the Endless City (2011) both by Burdett and Sudjic. This new publication specifically focuses on the Urban Age Award which is organised by the Alfred Herrhausen Society as part of the Urban Age Conferences. With a focus on what is happening on the ground it is based on interviews with different stakeholders in each of the projects world cities. Those five cities are Mumbai, Sao Paulo, Mexico City and Cape Town. The editor of this new publication Ute Weiland has for the past five years coordinated said awards and worked closely with the local contributors in all five cities.

What is special on those two publications is the angel they portrait the urban world and the focus they chose for the respective research projects. The main topic is the rapid urbanisation, the fact that 80% of the world’s population will be living in urbanised areas by 2050 that urban means collective and that cities are in constant flux.

The publisher house Jovis has already a bit of a history with similar publications. There is for example Matthew Gandy’s Urban Constellations (2011) as one of the recent publications in this area. In fact Keil does specifically refer to Gandy in his introduction and the two books even share partly the same title.

Suburban Constellations. Governance, Land and Infrastructure in the 21st Century. being a work in progress brings together a body of writings much more experimental and investigative in comparison. Whilst this might be interpreted as a lack of focus or clear scope at times, it does surprise the reader with raw concepts and very direct lines thought making for a joyful read. Further more it does not require to be read from cover to cover, rather it can be picket up to read just one of the essays and read others maybe later.

It is structured along four topics: Foundations, Themes, Essay and Images and Regions. The first topic presents some ‘foundational thinking on suburbanisation’. The second topic ‘elaborated on those themes with emphasis on redevelopment, risk, boundaries, water, sewage, and transportation. These topics intertwined with the research project’s main points of Land, Governance and Infrastructure. Whilst this organisational structure whilst they might make sense from a project point of view it not as easily accessible for the generally interested reader.

book coverImage taken from the bad-news-beat.org / The waste lands of Fort Mcmurray AB.

The are pieces like “Forth McMurray, the Suburb sat the End of the Highway” by Clair Major describing the context of one of Canada’s two purely business driven settlements just north of Edmonton fuelled by the large oil sands. Or on the other hand an Essay by Alan Mabin “Suburbanisms in Africa” where he discusses not just the suburbs as places but mainly suburban as a term and its meaning in a culturally very different context. He for example points out how difficult it is to translate the term suburb or indeed suburbanises to other languages. For example in places such the urbanised areas of South Africa where beside the local/traditional languages plus English, French and Portuguese all compete for the meaning full expression such terminologies become very fluid in deed creating a complex concept of their own undermining all efforts to frame the topics with key terms.

The project plans a very comprehensive dissemination strategy including conferences and article, but also summer schools. So there will be much more to come from this project and research collective. Preview PDF for this publication is available HERE.

book spreadImage taken from the perfact.org / Book spread Handmade Urbanism showing sketch illustrations.

Handmade urbanism: from community initiatives to participatory models : Mumbai, São Paulo, Istanbul, Mexico City, Cape Town has its focus on what is happening on the ground in each of the five metropolis regions and is being supported by the worldwide operating initiative Urban Age Award sponsored by Deutsche Bank.

The premise of the initiative is that empowering the local population and supporting them to organise their own projects will lead to more sustainable and lasting projects and increases the communities resilience. These aspects are investigated through the interviews and discussions each locations is portrayed by. This is frased by Wolfgang Nowak, the initiator of the Deutsche Bank Urban Age Award in his interview as: “I am not one of these people, like a Florence Nightingale, who stands and gives out soup to the poor (she has in fact done a whole lot more, for people and science). What we want is to enable the poor no longer to accept soup queues and produce their own soup.” (annotation added)

The book structure is organised along the cities. This main body is introduced by a series of essays creating a context for the project. These are by Wolfgang Nowak, Ute E. Wieland and Richard Sennett. These essays are not extensive in length, but try to be very concise.

The main part of the book presents a range of information about each location. There are basic statistics and data key figures information, and a short introduction to each of the three shortlisted projects. This is then followed by a series of interviews with local stakeholders. Experts from the jury, the local government as well as the project initiators.

The book also comes with a cd so you can in addition watch the documentary about the award and hear a bit more about community-driven initiatives. Runtime only 5:30. Also the publisher offers a online preview in PDF for this publication, available HERE.

Both books provide a good overview and outline of these kind of projects. Both projects have a large scope but the struggle between global level of organisation and local level of operation is very apparent. It leaves the reader wondering what exactly do we take from all this? Urban Constellations is the one that makes for a good read with experimental thoughts and Handmade Urbanism is the more descriptive discussion type of publication.

Graphically the two books have very different approaches. Handmade Urbanism translates the topic literally and all illustrations are hand drawn sketches and symbols. Urban Constellations makes extensive use of photographs documenting places mainly views onto or into suburbs. It however a rather weak part of the book, the illustrations do not live up to the surprises the essays manage to challenge the readers with.

book coverImage taken from the Perfact / Handmade Urbanism book cover.

Keil, R. ed., 2013. Suburban Constellations. Governance, Land and Infrastructure in the 21st Century., Berlin: Jovis Verlag.
Rosa, M.L. & Weiland, U.E. eds., 2013. Handmade urbanism: from community initiatives to participatory models : Mumbai, São Paulo, Istanbul, Mexico City, Cape Town, Berlin: Jovis Verlag.

Continue reading »

Book – Urban Fabrics Inside Out

Two new publications set out to investigate the urban structure from a different angle than the ever same physical structure perspective. Whilst it might not as such mark a general shift in the way cities or urban areas are investigated these two publication both take a very strong position stressing the social aspects, the experiential and the lived city. It is about people, individuals as much as society and culture.

Both books are part of much larger ongoing research project supported by large national bodies, but operating internationally.

The first of the two books is Suburban Constellations. Governance, Land and Infrastructure in the 21st Century. edited by Roger Keil published by Jovis. It is in fact some kind of half time summary of the ongoing project (2010-2017) Global Suburbanisms: governance, land, and infrastructure in the 21st century. Here the group not only reports on findings, but it is also a tool to define the status quo and look ahead at what is to be achieved further down the line. The project is mainly supported by Social Science and Humanities Research Council of Canada but investigates case studies from around the world. One of the very striking themes in this project is to bring case studies of all those areas of urban sprawl from around the globe together and compare/contrast them.

The second book is Handmade urbanism: from community initiatives to participatory models : Mumbai, São Paulo, Istanbul, Mexico City, Cape Town edited by Marco L. Rosa and Ute E and published by Jovis. Weiland and is a publication that draws on the Urban Age project at home at LSE and famously sponsored by Deutsche Bank. Here the Project is already into its sixth year and a number of books where published in its context. Most prominently the Endless City (2008) and Living in the Endless City (2011) both by Burdett and Sudjic. This new publication specifically focuses on the Urban Age Award which is organised by the Alfred Herrhausen Society as part of the Urban Age Conferences. With a focus on what is happening on the ground it is based on interviews with different stakeholders in each of the projects world cities. Those five cities are Mumbai, Sao Paulo, Mexico City and Cape Town. The editor of this new publication Ute Weiland has for the past five years coordinated said awards and worked closely with the local contributors in all five cities.

What is special on those two publications is the angel they portrait the urban world and the focus they chose for the respective research projects. The main topic is the rapid urbanisation, the fact that 80% of the world’s population will be living in urbanised areas by 2050 that urban means collective and that cities are in constant flux.

The publisher house Jovis has already a bit of a history with similar publications. There is for example Matthew Gandy’s Urban Constellations (2011) as one of the recent publications in this area. In fact Keil does specifically refer to Gandy in his introduction and the two books even share partly the same title.

Suburban Constellations. Governance, Land and Infrastructure in the 21st Century. being a work in progress brings together a body of writings much more experimental and investigative in comparison. Whilst this might be interpreted as a lack of focus or clear scope at times, it does surprise the reader with raw concepts and very direct lines thought making for a joyful read. Further more it does not require to be read from cover to cover, rather it can be picket up to read just one of the essays and read others maybe later.

It is structured along four topics: Foundations, Themes, Essay and Images and Regions. The first topic presents some ‘foundational thinking on suburbanisation’. The second topic ‘elaborated on those themes with emphasis on redevelopment, risk, boundaries, water, sewage, and transportation. These topics intertwined with the research project’s main points of Land, Governance and Infrastructure. Whilst this organisational structure whilst they might make sense from a project point of view it not as easily accessible for the generally interested reader.

book coverImage taken from the bad-news-beat.org / The waste lands of Fort Mcmurray AB.

The are pieces like “Forth McMurray, the Suburb sat the End of the Highway” by Clair Major describing the context of one of Canada’s two purely business driven settlements just north of Edmonton fuelled by the large oil sands. Or on the other hand an Essay by Alan Mabin “Suburbanisms in Africa” where he discusses not just the suburbs as places but mainly suburban as a term and its meaning in a culturally very different context. He for example points out how difficult it is to translate the term suburb or indeed suburbanises to other languages. For example in places such the urbanised areas of South Africa where beside the local/traditional languages plus English, French and Portuguese all compete for the meaning full expression such terminologies become very fluid in deed creating a complex concept of their own undermining all efforts to frame the topics with key terms.

The project plans a very comprehensive dissemination strategy including conferences and article, but also summer schools. So there will be much more to come from this project and research collective. Preview PDF for this publication is available HERE.

book spreadImage taken from the perfact.org / Book spread Handmade Urbanism showing sketch illustrations.

Handmade urbanism: from community initiatives to participatory models : Mumbai, São Paulo, Istanbul, Mexico City, Cape Town has its focus on what is happening on the ground in each of the five metropolis regions and is being supported by the worldwide operating initiative Urban Age Award sponsored by Deutsche Bank.

The premise of the initiative is that empowering the local population and supporting them to organise their own projects will lead to more sustainable and lasting projects and increases the communities resilience. These aspects are investigated through the interviews and discussions each locations is portrayed by. This is frased by Wolfgang Nowak, the initiator of the Deutsche Bank Urban Age Award in his interview as: “I am not one of these people, like a Florence Nightingale, who stands and gives out soup to the poor (she has in fact done a whole lot more, for people and science). What we want is to enable the poor no longer to accept soup queues and produce their own soup.” (annotation added)

The book structure is organised along the cities. This main body is introduced by a series of essays creating a context for the project. These are by Wolfgang Nowak, Ute E. Wieland and Richard Sennett. These essays are not extensive in length, but try to be very concise.

The main part of the book presents a range of information about each location. There are basic statistics and data key figures information, and a short introduction to each of the three shortlisted projects. This is then followed by a series of interviews with local stakeholders. Experts from the jury, the local government as well as the project initiators.

The book also comes with a cd so you can in addition watch the documentary about the award and hear a bit more about community-driven initiatives. Runtime only 5:30. Also the publisher offers a online preview in PDF for this publication, available HERE.

Both books provide a good overview and outline of these kind of projects. Both projects have a large scope but the struggle between global level of organisation and local level of operation is very apparent. It leaves the reader wondering what exactly do we take from all this? Urban Constellations is the one that makes for a good read with experimental thoughts and Handmade Urbanism is the more descriptive discussion type of publication.

Graphically the two books have very different approaches. Handmade Urbanism translates the topic literally and all illustrations are hand drawn sketches and symbols. Urban Constellations makes extensive use of photographs documenting places mainly views onto or into suburbs. It however a rather weak part of the book, the illustrations do not live up to the surprises the essays manage to challenge the readers with.

book coverImage taken from the Perfact / Handmade Urbanism book cover.

Keil, R. ed., 2013. Suburban Constellations. Governance, Land and Infrastructure in the 21st Century., Berlin: Jovis Verlag.
Rosa, M.L. & Weiland, U.E. eds., 2013. Handmade urbanism: from community initiatives to participatory models : Mumbai, São Paulo, Istanbul, Mexico City, Cape Town, Berlin: Jovis Verlag.

Continue reading »

The End of the Virtual? – Touch ID on the New iPhone 5s for the Real Online Self

Since the announcement of the new Apple iPhone 5s and the built in fingerprint scanning technology branded ‘Touch ID’ the discussion around security, data protection and privacy has been relaunched. It is an ongoing topic in the industry, both on the hardware side amongst producers of devices and the software side with developers of applications and services, but specifically for end users and consumers.

Until now, it was the password, or PIN, that protects and restricts access to the virtual world of data. This has led many of us to come up with creative procedures to create and remember a complicated sequence of letters, numbers and symbols in order to keep personal information secure. It has always been the debate as to how complicated these passwords need to be and how user-friendly this practice is, and often ‘better’ and ‘easier’ solutions for users were wished for.

Now Apple has implemented such a solution with their latest top of the range device. The iPhone 5s features a fingerprint scanner in the ‘Home’ button to uniquely identify a user (up to five different prints can be set up) and grant access. The ‘fingerprint identity sensor’ also allows users to shop on the iTunes Store, Apps Store and iBooks Store where the Touch ID approves purchases.

The new feature is branded by Apple as ‘convenient, highly secure and ahead of the future’. However, the technology and its implementation in mobile devices is nothing new. Motorola’s Atrix smartphone was introduced back in 2011, but also laptop manufacturers have trialled and implemented fingerprint scanner technology in the past decade [REF]. Other manufacturers, namely HTC, are gearing up to release gadgets with similar technology and features.

Although the technology is not new, it is the fact that it is being introduced on such a large scale that makes it a ‘hot topic’. According to TechCrunch, Apple has currently (2013) an estimated user base of 147 million iPhone users, plus about 48 million iPad users. Of the new iPhones (iPhone 5s and iPhone 5c), Apple sold 9 millions in just three days after their launch on the 20iest of September 2013. This is a new record, as previous implementations settled on a much smaller scale. This means that the iPhone 5s is already used by a large number of people. It could therefore be classified as ‘mainstream’ and ‘cultural commodity’. The introduction of this technology can therefore be expected to be used by a much larger customer base as any other similar implementation of biometrics so far.

In this context, the introduction of a unique and personal identifier, the fingerprint, is a smart move. Smart, because everybody knows and understands the idea of the fingerprint. It is in use as signature and plays an important role in crime investigation and law enforcement for over a century. Through its use in detective stories and crime thrillers it has also found its way into everyday culture. It is this very idea of the fingerprint as a unique identifier – ‘’your iPhone reads your fingerprint and knows who you are’’ – that Apple has turned into a selling point to the products advantage.


Image taken from fingerprintingscottsdale / Fingerprint identification plate.

It can be speculated that with the introduction of Touch ID, similarly to the introduction of the touch screen, Apple changes, once again, the way we access electronic devices and use the Internet. Whether this is intentional and whether the use of the fingerprint has played an main role in the development of the newest iPhone generation can only be speculated. A range of problematic aspects in connection to the use of this technology in electronic devices shall be discussed in the following. The points raised function only as an introduction since the topic is vast and might have implications that are yet to be discovered. We debate if the technology used in the iPhone 5s might even be the ‘End of the Virtual?’.

..Security concerns

Official concerns regarding the introduction of the Touch ID were raised amongst others by US Senator Al Franken (Chairman Senate Judiciary Subcommittee) in an open letter to Apple’s CEO Tim Cook (PDF, WEB). The letter states “…while Apple’s new fingerprint reader, Touch ID, may improve certain aspects of mobile security, it also raises substantial privacy questions for Apple and for everyone who may use your products”. Al Franken supports his concerns by saying that “Passwords are secret and dynamic; fingerprints are public and permanent”. This means, once someone has access to someone else’s fingerprint, this access cannot be reversed and the security token can not be changed. ‘’…if hackers get hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life’’.


Image taken from maskable / The Touch ID explained during the introduction of the new iPone 5s at conference key note.

In this context, Al Franken also questions the filing and transferring of the fingerprint data. He demands to know if the fingerprint data stored on the phone is also being transmitted electronically to either Apple or others, and if this data is being saved on computers used to back up the device (referring to the earlier iOS version that stored unencrypted location information recorded by the device in backup files on computers). He wonders further how iTunes, iBooks and AppStore and potential future services interact with Touch ID.

These practical concerns are connected to the only recently refreshed high level discussion on data privacy with information on mass surveillance programs leaked by Edward Snowden, an American computer specialist and former CIA and NSA employee, to the Guardian in May 2013 [REF ] regarding the secret PRISM program. Similar discussions have been on the table in recent years specifically related to social media and the challenged public/private practices in an online context (Neuhaus und Webmoor, 2012, earlier blog post on urbanTick, 2011).

It seems that Senator Franken’s concerns are not ungrounded. ‘Apple’s fingerprint scan technology has been hacked’ was announced by the Computer Chaos Club, CCC, only two days after the iPhone 5s had gone on sale. The claim was backed up with a video demonstrating that ‘fingerbiometrics is unsuitable as access control method’. This ‘hack’, however, focused on the physical reproduction of a fingerprint and did not bypass the new Touch ID technology. Despite this, the attack by CCC proves how easily the new security system can be tricked and everyone with a camera, scanner, printer and a good stock of graphite powder, glycerene, and wood-glue/super-glue/theatrical-glue can repeat the procedure.

The ‘iPhone touch defeat’ also proves that users’ fingerprints are not secret, meaning that anything touched by users will have fingerprints on it, including the new phone. Senator Franken has referred to this with the ‘fingerprint being public’. And here is the real flaw of the technology. If someone gets hold of the device, he or she has basically access to ‘the lock and the key’, as the phone will be covered with fingerprints that can be reproduced to unlock the security system. Even though the chances of guessing the correct fingerprint is 1:50’000 compared to 1:10’000 with a normal 4 digit numeric key (except 1234, source Apple), now that the ‘key’ is on the phone in the form of ‘touches’ this number is meaningless, or at least reduced to 1:10.

Another question raised by the introduction of Touch ID is the digital reproduction of the fingerprint. Apple has explained that the information is not stored as a digital image. Instead it is being translated by the device into a sequence of numbers (a mathematical representation of the fingerprint derived by an specific algorithm). This implies that the print can only, if at all, re-engineered with physical access to the device. This is being discussed extensively on tech blogs, for example on The Unoffical Apple Weblog (source TUAW). In reference to these statements, it seems only a question of time until the A7 chip inside the phone is cracked.

However, the main argument highlighted by Apple is not security, but convenience. ‘’You check your iPhone dozens and dozens of times a day. Entering a passcode each time just slows you down’’. It seems as if it is annoying for customers to input four digits, or on Android models a swipe pattern. In this context, the fingerprint scanner is put forward as the user-friendly solution. With just one touch the phone is activated, unlocked and ready to use. However, when considering the security concerns discussed above, it is questionable if winning a few seconds to start up the phone is important and desirable.

..Security versus convenience

CNet askes on its website: “Should we trade our biometric data and privacy for the sake of convenience?”. The answer to this question seems straightforward: Biometrics, or biometric authentication, can be useful, but it should not be used in mobile devices as the technology is not yet error-prone and these devices can easily be lost or stolen. This seems the common agreement amongst security experts (for example in Der Spiegel). In addition, as Schneier, then President of Counterpane Systems, argued in 1998, ‘’biometrics are unique identifiers, but not secrets’’. This means, they are easy to steal and reproduce. ‘’Once someone steals your biometric, it remains stolen for life; there is no getting back to a secure situation’’. So the big question a lot of people should be asking themselves is not how quick they can access their data, but what they are giving away when using Touch ID.

In this context, it seems important to repeat that Touch ID does not actually store an image of the fingerprint, and the data is not available to any other application other than Apple apps nor stored at Apple’s servers or backed up via iCloud. For now, at least. There is no guarantee that this will be the same in the future, especially as the prospect of a vast biometric database is the dream of any national security agency, marketing company and hacker community. This means third parties will pay a lot of attention to these developments and probably exert some force to get access to some of this data. It would therefore be important to know ‘how does Apple see the actual fingerprint data and how are they going to handle it, now and in the future?’.

Whilst there are regulations as to when third parties can be forced to hand over data in connection to crime investigation, it is a complicated matter with Touch ID as the technology enables new ways of ‘tracking’ people. For example, a user logging in with Touch ID does not only confirm his or her location, but also his or her identity. This means the iPhone 5s could act as a means of evidence – ‘I was here’. So far, Apple has stated that they do not share any information with others – although the technology can be used to verify purchases. The question is therefore, as Senator Franken asks: ‘’Does Apple believe that users have a reasonable expectation of privacy in fingerprint data they provide to touch ID?’’.

There might also be some legal implications for the user of the Touch ID technology. It has been pointed out, for example by Marcia Hofmann of Wired, that the shift from PIN as an ‘known’ key to a fingerprint as a ‘what we are’ key might strip users of the right to the in the US called 5th. This Amendment protects the individual from giving evidence against him/her self. At the moment, this only applies to things one knows, knowledge, thoughts, so on and not to things one has, keys, written notes (if you write down the password on a piece of paper) or is, biometrics. Hence, on trial a person can not be forced to provide the password to a device or to decrypt information since the password is something he/she knows. A key, however, would be something the person has and this object, according to current law, can be requested. The fingerprint belongs to the person, it is part of the human body, a thing, and hence it belongs do the category of information that can not be withhold. This means access to devices or data via fingerprint scan can be enforced. This fact, in connection to Touch ID, might mean that consumers need to give up on one of their basic (human) rights, the right to withdraw information.

..Personal data and biometrics becomes mainstream

A further concern connected to Touch ID is that biometrics are becoming mainstream. Currently, the use of biometrical authentication in the public sphere is limited. Its main use is in passport and immigration control, where retina and fingerprint recognition, actual or as part of a passport, is used to identify ‘travellers’ and reduce queues at border control. Here, the data is usually linked up with secondary information or other means of verification. For example, users of a retina scan machine need also to provide their passport for optical scanning. This means, the replication of a retina scan alone does not provide access to ‘free travel’.

However, the implications of ‘normalising’ biometrics and using biometrics in everyday applications are not only connected to the risk of individuals being permanently tracked and surveilled, but also to the risk of biometrics becoming unsafe. As Schneier argued, ‘’Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications’’. This means, it is not a good idea to use your thumbprint to access your mobile phone, open your front door and unlock your file cabinet at work, as data theft would automatically lead to a catastrophe.

It could therefore be said that biometrics are not safer than other security means. With Apple suggesting to customers that ‘’Your fingerprint is one of the best passcodes in the world’’ seems therefore misleading. The question really is how much consumers are willing to trade their personal information and data for the ultimate and smooth technology experience.

In addition, in today’s context the distribution of personal information is no longer directly manageable by the individual, as user information is being left behind with every move online and regular real world services. Shopping online, borrowing books at the local library, and visiting the GP, all activities leave a ‘digital footprint’. It has become complicated to the point where it is impossible for the user to understand and control what information is left behind when using a mobile device, especially when using online and server connected apps and services. These apps are often pre-installed on the device and updated automatically. Also, the companies behind those apps are often unknown and it is unclear what kind of information they collect, store and and how this information is used or shared with third parties.

In this context, the introduction of a truly unique identifier, the fingerprint, will not only add to the information left by users, but also add to the possibility of users being personally identified across the entire range of services. This in turn changes not only the discussion around online security but also online identity. Until now, users could ‘create’ their online identity by using a pseudonym and an avatar (an icon-sized graphic image). This ‘chosen’ identity could then be adjusted or changed, any time. In the beginning of the Internet, individuals would often create and use a whole range of online identities. This has changed. Nowadays users prefer online interactions supported by ‘authentic identity’ as reported by the Guardian. This means they want to know with whom they communicate.

This practice has been taken to a new level by Google with the Google ID, an unique ID tied to an individual/account which was introduced in connection to Google+ in 2011. Facebook uses a similar user identification. Both sites, Google and Facebook, make it difficult for users to create and use multiple accounts, and it can be assumed that through this the number of IDs per individual has been dramatically reduced. This of course makes it also a lot simpler for Google and Facebook, and their respective partners, to target marketing and individual advertisement. Despite this, users often create and use different accounts for their private and professional networking. With the new Touch ID, this will no longer be possible. They will have only one account.

How individuals are uniquely identifiable online through the use and manipulation of devices is being researched widely. Besides the PIN and the here discussed biometric identification, alternative methods to provide security, in particular in connection with mobile devices, is being developed under the umbrella term of “Implicit Authentication” (via Quarz). In this case, the security is based on an ongoing security check as opposed to the one-off security check at the start of a session, for example by unlocking the phone. The idea, for example focused on by researchers at the Palo Alto Research Centre, is that the individual user displays very specific, habitual characteristics in behaviour and usage or even movement pattern that can be used to continuously monitor the usage. This will allow to determine sudden change in which case the device will immediately shut down and deny access. Such parameters being researched include location and movement patterns, the way we walk, speed and style of data input on the device, activity pattern and timing, or the subtle way the user’s hand shakes.

These methods seem, as the research shows, to deliver reliable results. At the same time, however, this extends on the privacy discussion, as data is collected on users’ bio-sensorial functions. The technology also puts pressure on individual to profile themselves. The security of such a dataset is a very different issue again, including and extending into the field of personal health and medical information. Nevertheless it represents a big move towards the identification of ‘unique’ individuals and verifying much more than the Touch ID in itself does.

..The end of the virtual?

The introduction of Touch ID or alternative biometric/behavioural authentication methods will prevent users from creating different online identities, as the fingerprint is ‘THE ID’. This means it is really you, who bought that song on iTunes, uploaded that image on Flickr and accidentally deleted that file on Prezi. And it is the very same person who called the client on Skype and tweeted about Beyonce’s concert on Twitter. It is also the same individual who banks with HSBC, shops with Sainsbury’s and hangs out at the Barbican. The point is that ‘being online’ becomes very much like ‘being offline’. Events, happenings and activities become uniquely and reliable tied to users, the individual becomes authentic and unique. Is this the end of virtual?

When looking at the introduction of Touch ID it seems so. It really is the case of as Apple put it ‘’your iPhone reads your fingerprint and knows who you are’’. Subsequently any activity becomes real and unique, and also identifiable as such by online friends and fellow users as well as service providers and traders. However, as suggested by Apple, this does not only make your life easier, but also that of marketing and consumer related businesses. At the same time, it too makes the individual responsible for his or her online activities not dissimilar to the responsibility one enjoys in person as an individual in the real world. It will no longer be possible for users to hide behind one or multiple pseudonyms or avatars. This will certainly transform practice, as both, providers and users, will have to accommodate this ‘new authentic self’ and a completely new reality of online practice.

In many ways, this discussion is related to the ‘Internet of Things’ concept which has enjoyed raising attention over the past five years. Whilst the Internet of Things is about ‘real’ objects being connected to the web, to each other and to ‘users’, Touch ID is about ‘real’ humans. An interesting aspect raised by the Tales of Things project at CASA UCL was the fact that the ‘real’ object was required to access information. This means, access to content is based on ‘real world interaction’. With Touch ID, it is very similar. It requires me, the user, to unlock information (at least once, until may fingerprint has been ‘hacked’) and interact, both online and offline. This ultimately connects the online world to reality.

This means, with and through Touch ID the online experience becomes real in the sense that it confirms that the person logging in at this moment, at this location really is the specific individual and not someone else or a bot. At a first glance, this seems great. From a security and privacy point of view, however, this raises a whole bunch of new questions and concerns that need to be addressed to enjoy this ‘brave new online world’ with yet new possibilities for both users and services. For example, national agencies and businesses might be extremely interested in this kind of data as it is the ultimate proof of someone’s activities at a given time and location. Hence, this information on habitual activities individually verified seems much more desirable for ‘outsiders’ than the actual fingerprint. Touch ID reveals what, when and where a user has been, all confirmed by his or her own fingerprint whilst unlocking or just using the device – meaning the virtual has become its realest so far with consequences and possibilities we can only begin to speculate on.


Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

..Summary

Since the launch of the new iPhone 5s by Apple, the discussion revolving around online security and privacy has been re-activated. Experts agree that with the introduction of Touch ID the use of biometrical data as a security measure in mobile devices needs to be regulated, especially in terms of storage, handling and exchange of the biometric data processed. However, when looking closer at the implications of the finger-scan-technology developed and introduced by Apple, it becomes clear that the technology not only influences the usage of our personal data, the law and rights users have, but also the way we are present online. Especially since the fingerprint, or any other to be implemented biometric or personal pattern based verification, is ‘THE ID’. With biometrical authentication, there is no way of hiding behind a pseudonym or an avatar. It is really you, the user, who activates and uses the device (at least once, before the device is ‘hacked’). This means, the new iPhone 5s links the virtual world with reality and brings them as close as they have not been before, almost merging them in practice and consequence. The online self becomes authentic. As speculated in the article, this could be the end of the virtual and the beginning of a new web and online experience where we meet real people, make real conversations, buy real goods, but also carry real responsibility.


Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

Article written by Sandra Abegglen and Fabian Neuhaus Simultaneously published on Everyday Click and urbanTick.

Continue reading »

The End of the Virtual? – Touch ID on the New iPhone 5s for the Real Online Self

Since the announcement of the new Apple iPhone 5s and the built in fingerprint scanning technology branded ‘Touch ID’ the discussion around security, data protection and privacy has been relaunched. It is an ongoing topic in the industry, both on the hardware side amongst producers of devices and the software side with developers of applications and services, but specifically for end users and consumers.

Until now, it was the password, or PIN, that protects and restricts access to the virtual world of data. This has led many of us to come up with creative procedures to create and remember a complicated sequence of letters, numbers and symbols in order to keep personal information secure. It has always been the debate as to how complicated these passwords need to be and how user-friendly this practice is, and often ‘better’ and ‘easier’ solutions for users were wished for.

Now Apple has implemented such a solution with their latest top of the range device. The iPhone 5s features a fingerprint scanner in the ‘Home’ button to uniquely identify a user (up to five different prints can be set up) and grant access. The ‘fingerprint identity sensor’ also allows users to shop on the iTunes Store, Apps Store and iBooks Store where the Touch ID approves purchases.

The new feature is branded by Apple as ‘convenient, highly secure and ahead of the future’. However, the technology and its implementation in mobile devices is nothing new. Motorola’s Atrix smartphone was introduced back in 2011, but also laptop manufacturers have trialled and implemented fingerprint scanner technology in the past decade [REF]. Other manufacturers, namely HTC, are gearing up to release gadgets with similar technology and features.

Although the technology is not new, it is the fact that it is being introduced on such a large scale that makes it a ‘hot topic’. According to TechCrunch, Apple has currently (2013) an estimated user base of 147 million iPhone users, plus about 48 million iPad users. Of the new iPhones (iPhone 5s and iPhone 5c), Apple sold 9 millions in just three days after their launch on the 20iest of September 2013. This is a new record, as previous implementations settled on a much smaller scale. This means that the iPhone 5s is already used by a large number of people. It could therefore be classified as ‘mainstream’ and ‘cultural commodity’. The introduction of this technology can therefore be expected to be used by a much larger customer base as any other similar implementation of biometrics so far.

In this context, the introduction of a unique and personal identifier, the fingerprint, is a smart move. Smart, because everybody knows and understands the idea of the fingerprint. It is in use as signature and plays an important role in crime investigation and law enforcement for over a century. Through its use in detective stories and crime thrillers it has also found its way into everyday culture. It is this very idea of the fingerprint as a unique identifier – ‘’your iPhone reads your fingerprint and knows who you are’’ – that Apple has turned into a selling point to the products advantage.


Image taken from fingerprintingscottsdale / Fingerprint identification plate.

It can be speculated that with the introduction of Touch ID, similarly to the introduction of the touch screen, Apple changes, once again, the way we access electronic devices and use the Internet. Whether this is intentional and whether the use of the fingerprint has played an main role in the development of the newest iPhone generation can only be speculated. A range of problematic aspects in connection to the use of this technology in electronic devices shall be discussed in the following. The points raised function only as an introduction since the topic is vast and might have implications that are yet to be discovered. We debate if the technology used in the iPhone 5s might even be the ‘End of the Virtual?’.

..Security concerns

Official concerns regarding the introduction of the Touch ID were raised amongst others by US Senator Al Franken (Chairman Senate Judiciary Subcommittee) in an open letter to Apple’s CEO Tim Cook (PDF, WEB). The letter states “…while Apple’s new fingerprint reader, Touch ID, may improve certain aspects of mobile security, it also raises substantial privacy questions for Apple and for everyone who may use your products”. Al Franken supports his concerns by saying that “Passwords are secret and dynamic; fingerprints are public and permanent”. This means, once someone has access to someone else’s fingerprint, this access cannot be reversed and the security token can not be changed. ‘’…if hackers get hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life’’.


Image taken from maskable / The Touch ID explained during the introduction of the new iPone 5s at conference key note.

In this context, Al Franken also questions the filing and transferring of the fingerprint data. He demands to know if the fingerprint data stored on the phone is also being transmitted electronically to either Apple or others, and if this data is being saved on computers used to back up the device (referring to the earlier iOS version that stored unencrypted location information recorded by the device in backup files on computers). He wonders further how iTunes, iBooks and AppStore and potential future services interact with Touch ID.

These practical concerns are connected to the only recently refreshed high level discussion on data privacy with information on mass surveillance programs leaked by Edward Snowden, an American computer specialist and former CIA and NSA employee, to the Guardian in May 2013 [REF ] regarding the secret PRISM program. Similar discussions have been on the table in recent years specifically related to social media and the challenged public/private practices in an online context (Neuhaus und Webmoor, 2012, earlier blog post on urbanTick, 2011).

It seems that Senator Franken’s concerns are not ungrounded. ‘Apple’s fingerprint scan technology has been hacked’ was announced by the Computer Chaos Club, CCC, only two days after the iPhone 5s had gone on sale. The claim was backed up with a video demonstrating that ‘fingerbiometrics is unsuitable as access control method’. This ‘hack’, however, focused on the physical reproduction of a fingerprint and did not bypass the new Touch ID technology. Despite this, the attack by CCC proves how easily the new security system can be tricked and everyone with a camera, scanner, printer and a good stock of graphite powder, glycerene, and wood-glue/super-glue/theatrical-glue can repeat the procedure.

The ‘iPhone touch defeat’ also proves that users’ fingerprints are not secret, meaning that anything touched by users will have fingerprints on it, including the new phone. Senator Franken has referred to this with the ‘fingerprint being public’. And here is the real flaw of the technology. If someone gets hold of the device, he or she has basically access to ‘the lock and the key’, as the phone will be covered with fingerprints that can be reproduced to unlock the security system. Even though the chances of guessing the correct fingerprint is 1:50’000 compared to 1:10’000 with a normal 4 digit numeric key (except 1234, source Apple), now that the ‘key’ is on the phone in the form of ‘touches’ this number is meaningless, or at least reduced to 1:10.

Another question raised by the introduction of Touch ID is the digital reproduction of the fingerprint. Apple has explained that the information is not stored as a digital image. Instead it is being translated by the device into a sequence of numbers (a mathematical representation of the fingerprint derived by an specific algorithm). This implies that the print can only, if at all, re-engineered with physical access to the device. This is being discussed extensively on tech blogs, for example on The Unoffical Apple Weblog (source TUAW). In reference to these statements, it seems only a question of time until the A7 chip inside the phone is cracked.

However, the main argument highlighted by Apple is not security, but convenience. ‘’You check your iPhone dozens and dozens of times a day. Entering a passcode each time just slows you down’’. It seems as if it is annoying for customers to input four digits, or on Android models a swipe pattern. In this context, the fingerprint scanner is put forward as the user-friendly solution. With just one touch the phone is activated, unlocked and ready to use. However, when considering the security concerns discussed above, it is questionable if winning a few seconds to start up the phone is important and desirable.

..Security versus convenience

CNet askes on its website: “Should we trade our biometric data and privacy for the sake of convenience?”. The answer to this question seems straightforward: Biometrics, or biometric authentication, can be useful, but it should not be used in mobile devices as the technology is not yet error-prone and these devices can easily be lost or stolen. This seems the common agreement amongst security experts (for example in Der Spiegel). In addition, as Schneier, then President of Counterpane Systems, argued in 1998, ‘’biometrics are unique identifiers, but not secrets’’. This means, they are easy to steal and reproduce. ‘’Once someone steals your biometric, it remains stolen for life; there is no getting back to a secure situation’’. So the big question a lot of people should be asking themselves is not how quick they can access their data, but what they are giving away when using Touch ID.

In this context, it seems important to repeat that Touch ID does not actually store an image of the fingerprint, and the data is not available to any other application other than Apple apps nor stored at Apple’s servers or backed up via iCloud. For now, at least. There is no guarantee that this will be the same in the future, especially as the prospect of a vast biometric database is the dream of any national security agency, marketing company and hacker community. This means third parties will pay a lot of attention to these developments and probably exert some force to get access to some of this data. It would therefore be important to know ‘how does Apple see the actual fingerprint data and how are they going to handle it, now and in the future?’.

Whilst there are regulations as to when third parties can be forced to hand over data in connection to crime investigation, it is a complicated matter with Touch ID as the technology enables new ways of ‘tracking’ people. For example, a user logging in with Touch ID does not only confirm his or her location, but also his or her identity. This means the iPhone 5s could act as a means of evidence – ‘I was here’. So far, Apple has stated that they do not share any information with others – although the technology can be used to verify purchases. The question is therefore, as Senator Franken asks: ‘’Does Apple believe that users have a reasonable expectation of privacy in fingerprint data they provide to touch ID?’’.

There might also be some legal implications for the user of the Touch ID technology. It has been pointed out, for example by Marcia Hofmann of Wired, that the shift from PIN as an ‘known’ key to a fingerprint as a ‘what we are’ key might strip users of the right to the in the US called 5th. This Amendment protects the individual from giving evidence against him/her self. At the moment, this only applies to things one knows, knowledge, thoughts, so on and not to things one has, keys, written notes (if you write down the password on a piece of paper) or is, biometrics. Hence, on trial a person can not be forced to provide the password to a device or to decrypt information since the password is something he/she knows. A key, however, would be something the person has and this object, according to current law, can be requested. The fingerprint belongs to the person, it is part of the human body, a thing, and hence it belongs do the category of information that can not be withhold. This means access to devices or data via fingerprint scan can be enforced. This fact, in connection to Touch ID, might mean that consumers need to give up on one of their basic (human) rights, the right to withdraw information.

..Personal data and biometrics becomes mainstream

A further concern connected to Touch ID is that biometrics are becoming mainstream. Currently, the use of biometrical authentication in the public sphere is limited. Its main use is in passport and immigration control, where retina and fingerprint recognition, actual or as part of a passport, is used to identify ‘travellers’ and reduce queues at border control. Here, the data is usually linked up with secondary information or other means of verification. For example, users of a retina scan machine need also to provide their passport for optical scanning. This means, the replication of a retina scan alone does not provide access to ‘free travel’.

However, the implications of ‘normalising’ biometrics and using biometrics in everyday applications are not only connected to the risk of individuals being permanently tracked and surveilled, but also to the risk of biometrics becoming unsafe. As Schneier argued, ‘’Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications’’. This means, it is not a good idea to use your thumbprint to access your mobile phone, open your front door and unlock your file cabinet at work, as data theft would automatically lead to a catastrophe.

It could therefore be said that biometrics are not safer than other security means. With Apple suggesting to customers that ‘’Your fingerprint is one of the best passcodes in the world’’ seems therefore misleading. The question really is how much consumers are willing to trade their personal information and data for the ultimate and smooth technology experience.

In addition, in today’s context the distribution of personal information is no longer directly manageable by the individual, as user information is being left behind with every move online and regular real world services. Shopping online, borrowing books at the local library, and visiting the GP, all activities leave a ‘digital footprint’. It has become complicated to the point where it is impossible for the user to understand and control what information is left behind when using a mobile device, especially when using online and server connected apps and services. These apps are often pre-installed on the device and updated automatically. Also, the companies behind those apps are often unknown and it is unclear what kind of information they collect, store and and how this information is used or shared with third parties.

In this context, the introduction of a truly unique identifier, the fingerprint, will not only add to the information left by users, but also add to the possibility of users being personally identified across the entire range of services. This in turn changes not only the discussion around online security but also online identity. Until now, users could ‘create’ their online identity by using a pseudonym and an avatar (an icon-sized graphic image). This ‘chosen’ identity could then be adjusted or changed, any time. In the beginning of the Internet, individuals would often create and use a whole range of online identities. This has changed. Nowadays users prefer online interactions supported by ‘authentic identity’ as reported by the Guardian. This means they want to know with whom they communicate.

This practice has been taken to a new level by Google with the Google ID, an unique ID tied to an individual/account which was introduced in connection to Google+ in 2011. Facebook uses a similar user identification. Both sites, Google and Facebook, make it difficult for users to create and use multiple accounts, and it can be assumed that through this the number of IDs per individual has been dramatically reduced. This of course makes it also a lot simpler for Google and Facebook, and their respective partners, to target marketing and individual advertisement. Despite this, users often create and use different accounts for their private and professional networking. With the new Touch ID, this will no longer be possible. They will have only one account.

How individuals are uniquely identifiable online through the use and manipulation of devices is being researched widely. Besides the PIN and the here discussed biometric identification, alternative methods to provide security, in particular in connection with mobile devices, is being developed under the umbrella term of “Implicit Authentication” (via Quarz). In this case, the security is based on an ongoing security check as opposed to the one-off security check at the start of a session, for example by unlocking the phone. The idea, for example focused on by researchers at the Palo Alto Research Centre, is that the individual user displays very specific, habitual characteristics in behaviour and usage or even movement pattern that can be used to continuously monitor the usage. This will allow to determine sudden change in which case the device will immediately shut down and deny access. Such parameters being researched include location and movement patterns, the way we walk, speed and style of data input on the device, activity pattern and timing, or the subtle way the user’s hand shakes.

These methods seem, as the research shows, to deliver reliable results. At the same time, however, this extends on the privacy discussion, as data is collected on users’ bio-sensorial functions. The technology also puts pressure on individual to profile themselves. The security of such a dataset is a very different issue again, including and extending into the field of personal health and medical information. Nevertheless it represents a big move towards the identification of ‘unique’ individuals and verifying much more than the Touch ID in itself does.

..The end of the virtual?

The introduction of Touch ID or alternative biometric/behavioural authentication methods will prevent users from creating different online identities, as the fingerprint is ‘THE ID’. This means it is really you, who bought that song on iTunes, uploaded that image on Flickr and accidentally deleted that file on Prezi. And it is the very same person who called the client on Skype and tweeted about Beyonce’s concert on Twitter. It is also the same individual who banks with HSBC, shops with Sainsbury’s and hangs out at the Barbican. The point is that ‘being online’ becomes very much like ‘being offline’. Events, happenings and activities become uniquely and reliable tied to users, the individual becomes authentic and unique. Is this the end of virtual?

When looking at the introduction of Touch ID it seems so. It really is the case of as Apple put it ‘’your iPhone reads your fingerprint and knows who you are’’. Subsequently any activity becomes real and unique, and also identifiable as such by online friends and fellow users as well as service providers and traders. However, as suggested by Apple, this does not only make your life easier, but also that of marketing and consumer related businesses. At the same time, it too makes the individual responsible for his or her online activities not dissimilar to the responsibility one enjoys in person as an individual in the real world. It will no longer be possible for users to hide behind one or multiple pseudonyms or avatars. This will certainly transform practice, as both, providers and users, will have to accommodate this ‘new authentic self’ and a completely new reality of online practice.

In many ways, this discussion is related to the ‘Internet of Things’ concept which has enjoyed raising attention over the past five years. Whilst the Internet of Things is about ‘real’ objects being connected to the web, to each other and to ‘users’, Touch ID is about ‘real’ humans. An interesting aspect raised by the Tales of Things project at CASA UCL was the fact that the ‘real’ object was required to access information. This means, access to content is based on ‘real world interaction’. With Touch ID, it is very similar. It requires me, the user, to unlock information (at least once, until may fingerprint has been ‘hacked’) and interact, both online and offline. This ultimately connects the online world to reality.

This means, with and through Touch ID the online experience becomes real in the sense that it confirms that the person logging in at this moment, at this location really is the specific individual and not someone else or a bot. At a first glance, this seems great. From a security and privacy point of view, however, this raises a whole bunch of new questions and concerns that need to be addressed to enjoy this ‘brave new online world’ with yet new possibilities for both users and services. For example, national agencies and businesses might be extremely interested in this kind of data as it is the ultimate proof of someone’s activities at a given time and location. Hence, this information on habitual activities individually verified seems much more desirable for ‘outsiders’ than the actual fingerprint. Touch ID reveals what, when and where a user has been, all confirmed by his or her own fingerprint whilst unlocking or just using the device – meaning the virtual has become its realest so far with consequences and possibilities we can only begin to speculate on.


Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

..Summary

Since the launch of the new iPhone 5s by Apple, the discussion revolving around online security and privacy has been re-activated. Experts agree that with the introduction of Touch ID the use of biometrical data as a security measure in mobile devices needs to be regulated, especially in terms of storage, handling and exchange of the biometric data processed. However, when looking closer at the implications of the finger-scan-technology developed and introduced by Apple, it becomes clear that the technology not only influences the usage of our personal data, the law and rights users have, but also the way we are present online. Especially since the fingerprint, or any other to be implemented biometric or personal pattern based verification, is ‘THE ID’. With biometrical authentication, there is no way of hiding behind a pseudonym or an avatar. It is really you, the user, who activates and uses the device (at least once, before the device is ‘hacked’). This means, the new iPhone 5s links the virtual world with reality and brings them as close as they have not been before, almost merging them in practice and consequence. The online self becomes authentic. As speculated in the article, this could be the end of the virtual and the beginning of a new web and online experience where we meet real people, make real conversations, buy real goods, but also carry real responsibility.


Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

Article written by Sandra Abegglen and Fabian Neuhaus Simultaneously published on Everyday Click and urbanTick.

Continue reading »

The End of the Virtual? – Touch ID on the New iPhone 5s for the Real Online Self

Since the announcement of the new Apple iPhone 5s and the built in fingerprint scanning technology branded ‘Touch ID’ the discussion around security, data protection and privacy has been relaunched. It is an ongoing topic in the industry, both on the hardware side amongst producers of devices and the software side with developers of applications and services, but specifically for end users and consumers.

Until now, it was the password, or PIN, that protects and restricts access to the virtual world of data. This has led many of us to come up with creative procedures to create and remember a complicated sequence of letters, numbers and symbols in order to keep personal information secure. It has always been the debate as to how complicated these passwords need to be and how user-friendly this practice is, and often ‘better’ and ‘easier’ solutions for users were wished for.

Now Apple has implemented such a solution with their latest top of the range device. The iPhone 5s features a fingerprint scanner in the ‘Home’ button to uniquely identify a user (up to five different prints can be set up) and grant access. The ‘fingerprint identity sensor’ also allows users to shop on the iTunes Store, Apps Store and iBooks Store where the Touch ID approves purchases.

The new feature is branded by Apple as ‘convenient, highly secure and ahead of the future’. However, the technology and its implementation in mobile devices is nothing new. Motorola’s Atrix smartphone was introduced back in 2011, but also laptop manufacturers have trialled and implemented fingerprint scanner technology in the past decade [REF]. Other manufacturers, namely HTC, are gearing up to release gadgets with similar technology and features.

Although the technology is not new, it is the fact that it is being introduced on such a large scale that makes it a ‘hot topic’. According to TechCrunch, Apple has currently (2013) an estimated user base of 147 million iPhone users, plus about 48 million iPad users. Of the new iPhones (iPhone 5s and iPhone 5c), Apple sold 9 millions in just three days after their launch on the 20iest of September 2013. This is a new record, as previous implementations settled on a much smaller scale. This means that the iPhone 5s is already used by a large number of people. It could therefore be classified as ‘mainstream’ and ‘cultural commodity’. The introduction of this technology can therefore be expected to be used by a much larger customer base as any other similar implementation of biometrics so far.

In this context, the introduction of a unique and personal identifier, the fingerprint, is a smart move. Smart, because everybody knows and understands the idea of the fingerprint. It is in use as signature and plays an important role in crime investigation and law enforcement for over a century. Through its use in detective stories and crime thrillers it has also found its way into everyday culture. It is this very idea of the fingerprint as a unique identifier – ‘’your iPhone reads your fingerprint and knows who you are’’ – that Apple has turned into a selling point to the products advantage.


Image taken from fingerprintingscottsdale / Fingerprint identification plate.

It can be speculated that with the introduction of Touch ID, similarly to the introduction of the touch screen, Apple changes, once again, the way we access electronic devices and use the Internet. Whether this is intentional and whether the use of the fingerprint has played an main role in the development of the newest iPhone generation can only be speculated. A range of problematic aspects in connection to the use of this technology in electronic devices shall be discussed in the following. The points raised function only as an introduction since the topic is vast and might have implications that are yet to be discovered. We debate if the technology used in the iPhone 5s might even be the ‘End of the Virtual?’.

..Security concerns

Official concerns regarding the introduction of the Touch ID were raised amongst others by US Senator Al Franken (Chairman Senate Judiciary Subcommittee) in an open letter to Apple’s CEO Tim Cook (PDF, WEB). The letter states “…while Apple’s new fingerprint reader, Touch ID, may improve certain aspects of mobile security, it also raises substantial privacy questions for Apple and for everyone who may use your products”. Al Franken supports his concerns by saying that “Passwords are secret and dynamic; fingerprints are public and permanent”. This means, once someone has access to someone else’s fingerprint, this access cannot be reversed and the security token can not be changed. ‘’…if hackers get hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life’’.


Image taken from maskable / The Touch ID explained during the introduction of the new iPone 5s at conference key note.

In this context, Al Franken also questions the filing and transferring of the fingerprint data. He demands to know if the fingerprint data stored on the phone is also being transmitted electronically to either Apple or others, and if this data is being saved on computers used to back up the device (referring to the earlier iOS version that stored unencrypted location information recorded by the device in backup files on computers). He wonders further how iTunes, iBooks and AppStore and potential future services interact with Touch ID.

These practical concerns are connected to the only recently refreshed high level discussion on data privacy with information on mass surveillance programs leaked by Edward Snowden, an American computer specialist and former CIA and NSA employee, to the Guardian in May 2013 [REF ] regarding the secret PRISM program. Similar discussions have been on the table in recent years specifically related to social media and the challenged public/private practices in an online context (Neuhaus und Webmoor, 2012, earlier blog post on urbanTick, 2011).

It seems that Senator Franken’s concerns are not ungrounded. ‘Apple’s fingerprint scan technology has been hacked’ was announced by the Computer Chaos Club, CCC, only two days after the iPhone 5s had gone on sale. The claim was backed up with a video demonstrating that ‘fingerbiometrics is unsuitable as access control method’. This ‘hack’, however, focused on the physical reproduction of a fingerprint and did not bypass the new Touch ID technology. Despite this, the attack by CCC proves how easily the new security system can be tricked and everyone with a camera, scanner, printer and a good stock of graphite powder, glycerene, and wood-glue/super-glue/theatrical-glue can repeat the procedure.

The ‘iPhone touch defeat’ also proves that users’ fingerprints are not secret, meaning that anything touched by users will have fingerprints on it, including the new phone. Senator Franken has referred to this with the ‘fingerprint being public’. And here is the real flaw of the technology. If someone gets hold of the device, he or she has basically access to ‘the lock and the key’, as the phone will be covered with fingerprints that can be reproduced to unlock the security system. Even though the chances of guessing the correct fingerprint is 1:50’000 compared to 1:10’000 with a normal 4 digit numeric key (except 1234, source Apple), now that the ‘key’ is on the phone in the form of ‘touches’ this number is meaningless, or at least reduced to 1:10.

Another question raised by the introduction of Touch ID is the digital reproduction of the fingerprint. Apple has explained that the information is not stored as a digital image. Instead it is being translated by the device into a sequence of numbers (a mathematical representation of the fingerprint derived by an specific algorithm). This implies that the print can only, if at all, re-engineered with physical access to the device. This is being discussed extensively on tech blogs, for example on The Unoffical Apple Weblog (source TUAW). In reference to these statements, it seems only a question of time until the A7 chip inside the phone is cracked.

However, the main argument highlighted by Apple is not security, but convenience. ‘’You check your iPhone dozens and dozens of times a day. Entering a passcode each time just slows you down’’. It seems as if it is annoying for customers to input four digits, or on Android models a swipe pattern. In this context, the fingerprint scanner is put forward as the user-friendly solution. With just one touch the phone is activated, unlocked and ready to use. However, when considering the security concerns discussed above, it is questionable if winning a few seconds to start up the phone is important and desirable.

..Security versus convenience

CNet askes on its website: “Should we trade our biometric data and privacy for the sake of convenience?”. The answer to this question seems straightforward: Biometrics, or biometric authentication, can be useful, but it should not be used in mobile devices as the technology is not yet error-prone and these devices can easily be lost or stolen. This seems the common agreement amongst security experts (for example in Der Spiegel). In addition, as Schneier, then President of Counterpane Systems, argued in 1998, ‘’biometrics are unique identifiers, but not secrets’’. This means, they are easy to steal and reproduce. ‘’Once someone steals your biometric, it remains stolen for life; there is no getting back to a secure situation’’. So the big question a lot of people should be asking themselves is not how quick they can access their data, but what they are giving away when using Touch ID.

In this context, it seems important to repeat that Touch ID does not actually store an image of the fingerprint, and the data is not available to any other application other than Apple apps nor stored at Apple’s servers or backed up via iCloud. For now, at least. There is no guarantee that this will be the same in the future, especially as the prospect of a vast biometric database is the dream of any national security agency, marketing company and hacker community. This means third parties will pay a lot of attention to these developments and probably exert some force to get access to some of this data. It would therefore be important to know ‘how does Apple see the actual fingerprint data and how are they going to handle it, now and in the future?’.

Whilst there are regulations as to when third parties can be forced to hand over data in connection to crime investigation, it is a complicated matter with Touch ID as the technology enables new ways of ‘tracking’ people. For example, a user logging in with Touch ID does not only confirm his or her location, but also his or her identity. This means the iPhone 5s could act as a means of evidence – ‘I was here’. So far, Apple has stated that they do not share any information with others – although the technology can be used to verify purchases. The question is therefore, as Senator Franken asks: ‘’Does Apple believe that users have a reasonable expectation of privacy in fingerprint data they provide to touch ID?’’.

There might also be some legal implications for the user of the Touch ID technology. It has been pointed out, for example by Marcia Hofmann of Wired, that the shift from PIN as an ‘known’ key to a fingerprint as a ‘what we are’ key might strip users of the right to the in the US called 5th. This Amendment protects the individual from giving evidence against him/her self. At the moment, this only applies to things one knows, knowledge, thoughts, so on and not to things one has, keys, written notes (if you write down the password on a piece of paper) or is, biometrics. Hence, on trial a person can not be forced to provide the password to a device or to decrypt information since the password is something he/she knows. A key, however, would be something the person has and this object, according to current law, can be requested. The fingerprint belongs to the person, it is part of the human body, a thing, and hence it belongs do the category of information that can not be withhold. This means access to devices or data via fingerprint scan can be enforced. This fact, in connection to Touch ID, might mean that consumers need to give up on one of their basic (human) rights, the right to withdraw information.

..Personal data and biometrics becomes mainstream

A further concern connected to Touch ID is that biometrics are becoming mainstream. Currently, the use of biometrical authentication in the public sphere is limited. Its main use is in passport and immigration control, where retina and fingerprint recognition, actual or as part of a passport, is used to identify ‘travellers’ and reduce queues at border control. Here, the data is usually linked up with secondary information or other means of verification. For example, users of a retina scan machine need also to provide their passport for optical scanning. This means, the replication of a retina scan alone does not provide access to ‘free travel’.

However, the implications of ‘normalising’ biometrics and using biometrics in everyday applications are not only connected to the risk of individuals being permanently tracked and surveilled, but also to the risk of biometrics becoming unsafe. As Schneier argued, ‘’Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications’’. This means, it is not a good idea to use your thumbprint to access your mobile phone, open your front door and unlock your file cabinet at work, as data theft would automatically lead to a catastrophe.

It could therefore be said that biometrics are not safer than other security means. With Apple suggesting to customers that ‘’Your fingerprint is one of the best passcodes in the world’’ seems therefore misleading. The question really is how much consumers are willing to trade their personal information and data for the ultimate and smooth technology experience.

In addition, in today’s context the distribution of personal information is no longer directly manageable by the individual, as user information is being left behind with every move online and regular real world services. Shopping online, borrowing books at the local library, and visiting the GP, all activities leave a ‘digital footprint’. It has become complicated to the point where it is impossible for the user to understand and control what information is left behind when using a mobile device, especially when using online and server connected apps and services. These apps are often pre-installed on the device and updated automatically. Also, the companies behind those apps are often unknown and it is unclear what kind of information they collect, store and and how this information is used or shared with third parties.

In this context, the introduction of a truly unique identifier, the fingerprint, will not only add to the information left by users, but also add to the possibility of users being personally identified across the entire range of services. This in turn changes not only the discussion around online security but also online identity. Until now, users could ‘create’ their online identity by using a pseudonym and an avatar (an icon-sized graphic image). This ‘chosen’ identity could then be adjusted or changed, any time. In the beginning of the Internet, individuals would often create and use a whole range of online identities. This has changed. Nowadays users prefer online interactions supported by ‘authentic identity’ as reported by the Guardian. This means they want to know with whom they communicate.

This practice has been taken to a new level by Google with the Google ID, an unique ID tied to an individual/account which was introduced in connection to Google+ in 2011. Facebook uses a similar user identification. Both sites, Google and Facebook, make it difficult for users to create and use multiple accounts, and it can be assumed that through this the number of IDs per individual has been dramatically reduced. This of course makes it also a lot simpler for Google and Facebook, and their respective partners, to target marketing and individual advertisement. Despite this, users often create and use different accounts for their private and professional networking. With the new Touch ID, this will no longer be possible. They will have only one account.

How individuals are uniquely identifiable online through the use and manipulation of devices is being researched widely. Besides the PIN and the here discussed biometric identification, alternative methods to provide security, in particular in connection with mobile devices, is being developed under the umbrella term of “Implicit Authentication” (via Quarz). In this case, the security is based on an ongoing security check as opposed to the one-off security check at the start of a session, for example by unlocking the phone. The idea, for example focused on by researchers at the Palo Alto Research Centre, is that the individual user displays very specific, habitual characteristics in behaviour and usage or even movement pattern that can be used to continuously monitor the usage. This will allow to determine sudden change in which case the device will immediately shut down and deny access. Such parameters being researched include location and movement patterns, the way we walk, speed and style of data input on the device, activity pattern and timing, or the subtle way the user’s hand shakes.

These methods seem, as the research shows, to deliver reliable results. At the same time, however, this extends on the privacy discussion, as data is collected on users’ bio-sensorial functions. The technology also puts pressure on individual to profile themselves. The security of such a dataset is a very different issue again, including and extending into the field of personal health and medical information. Nevertheless it represents a big move towards the identification of ‘unique’ individuals and verifying much more than the Touch ID in itself does.

..The end of the virtual?

The introduction of Touch ID or alternative biometric/behavioural authentication methods will prevent users from creating different online identities, as the fingerprint is ‘THE ID’. This means it is really you, who bought that song on iTunes, uploaded that image on Flickr and accidentally deleted that file on Prezi. And it is the very same person who called the client on Skype and tweeted about Beyonce’s concert on Twitter. It is also the same individual who banks with HSBC, shops with Sainsbury’s and hangs out at the Barbican. The point is that ‘being online’ becomes very much like ‘being offline’. Events, happenings and activities become uniquely and reliable tied to users, the individual becomes authentic and unique. Is this the end of virtual?

When looking at the introduction of Touch ID it seems so. It really is the case of as Apple put it ‘’your iPhone reads your fingerprint and knows who you are’’. Subsequently any activity becomes real and unique, and also identifiable as such by online friends and fellow users as well as service providers and traders. However, as suggested by Apple, this does not only make your life easier, but also that of marketing and consumer related businesses. At the same time, it too makes the individual responsible for his or her online activities not dissimilar to the responsibility one enjoys in person as an individual in the real world. It will no longer be possible for users to hide behind one or multiple pseudonyms or avatars. This will certainly transform practice, as both, providers and users, will have to accommodate this ‘new authentic self’ and a completely new reality of online practice.

In many ways, this discussion is related to the ‘Internet of Things’ concept which has enjoyed raising attention over the past five years. Whilst the Internet of Things is about ‘real’ objects being connected to the web, to each other and to ‘users’, Touch ID is about ‘real’ humans. An interesting aspect raised by the Tales of Things project at CASA UCL was the fact that the ‘real’ object was required to access information. This means, access to content is based on ‘real world interaction’. With Touch ID, it is very similar. It requires me, the user, to unlock information (at least once, until may fingerprint has been ‘hacked’) and interact, both online and offline. This ultimately connects the online world to reality.

This means, with and through Touch ID the online experience becomes real in the sense that it confirms that the person logging in at this moment, at this location really is the specific individual and not someone else or a bot. At a first glance, this seems great. From a security and privacy point of view, however, this raises a whole bunch of new questions and concerns that need to be addressed to enjoy this ‘brave new online world’ with yet new possibilities for both users and services. For example, national agencies and businesses might be extremely interested in this kind of data as it is the ultimate proof of someone’s activities at a given time and location. Hence, this information on habitual activities individually verified seems much more desirable for ‘outsiders’ than the actual fingerprint. Touch ID reveals what, when and where a user has been, all confirmed by his or her own fingerprint whilst unlocking or just using the device – meaning the virtual has become its realest so far with consequences and possibilities we can only begin to speculate on.


Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

..Summary

Since the launch of the new iPhone 5s by Apple, the discussion revolving around online security and privacy has been re-activated. Experts agree that with the introduction of Touch ID the use of biometrical data as a security measure in mobile devices needs to be regulated, especially in terms of storage, handling and exchange of the biometric data processed. However, when looking closer at the implications of the finger-scan-technology developed and introduced by Apple, it becomes clear that the technology not only influences the usage of our personal data, the law and rights users have, but also the way we are present online. Especially since the fingerprint, or any other to be implemented biometric or personal pattern based verification, is ‘THE ID’. With biometrical authentication, there is no way of hiding behind a pseudonym or an avatar. It is really you, the user, who activates and uses the device (at least once, before the device is ‘hacked’). This means, the new iPhone 5s links the virtual world with reality and brings them as close as they have not been before, almost merging them in practice and consequence. The online self becomes authentic. As speculated in the article, this could be the end of the virtual and the beginning of a new web and online experience where we meet real people, make real conversations, buy real goods, but also carry real responsibility.


Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

Article written by Sandra Abegglen and Fabian Neuhaus Simultaneously published on Everyday Click and urbanTick.

Continue reading »

The End of the Virtual? – Touch ID on the New iPhone 5s for the Real Online Self

Since the announcement of the new Apple iPhone 5s and the built in fingerprint scanning technology branded ‘Touch ID’ the discussion around security, data protection and privacy has been relaunched. It is an ongoing topic in the industry, both on the hardware side amongst producers of devices and the software side with developers of applications and services, but specifically for end users and consumers.

Until now, it was the password, or PIN, that protects and restricts access to the virtual world of data. This has led many of us to come up with creative procedures to create and remember a complicated sequence of letters, numbers and symbols in order to keep personal information secure. It has always been the debate as to how complicated these passwords need to be and how user-friendly this practice is, and often ‘better’ and ‘easier’ solutions for users were wished for.

Now Apple has implemented such a solution with their latest top of the range device. The iPhone 5s features a fingerprint scanner in the ‘Home’ button to uniquely identify a user (up to five different prints can be set up) and grant access. The ‘fingerprint identity sensor’ also allows users to shop on the iTunes Store, Apps Store and iBooks Store where the Touch ID approves purchases.

The new feature is branded by Apple as ‘convenient, highly secure and ahead of the future’. However, the technology and its implementation in mobile devices is nothing new. Motorola’s Atrix smartphone was introduced back in 2011, but also laptop manufacturers have trialled and implemented fingerprint scanner technology in the past decade [REF]. Other manufacturers, namely HTC, are gearing up to release gadgets with similar technology and features.

Although the technology is not new, it is the fact that it is being introduced on such a large scale that makes it a ‘hot topic’. According to TechCrunch, Apple has currently (2013) an estimated user base of 147 million iPhone users, plus about 48 million iPad users. Of the new iPhones (iPhone 5s and iPhone 5c), Apple sold 9 millions in just three days after their launch on the 20iest of September 2013. This is a new record, as previous implementations settled on a much smaller scale. This means that the iPhone 5s is already used by a large number of people. It could therefore be classified as ‘mainstream’ and ‘cultural commodity’. The introduction of this technology can therefore be expected to be used by a much larger customer base as any other similar implementation of biometrics so far.

In this context, the introduction of a unique and personal identifier, the fingerprint, is a smart move. Smart, because everybody knows and understands the idea of the fingerprint. It is in use as signature and plays an important role in crime investigation and law enforcement for over a century. Through its use in detective stories and crime thrillers it has also found its way into everyday culture. It is this very idea of the fingerprint as a unique identifier – ‘’your iPhone reads your fingerprint and knows who you are’’ – that Apple has turned into a selling point to the products advantage.


Image taken from fingerprintingscottsdale / Fingerprint identification plate.

It can be speculated that with the introduction of Touch ID, similarly to the introduction of the touch screen, Apple changes, once again, the way we access electronic devices and use the Internet. Whether this is intentional and whether the use of the fingerprint has played an main role in the development of the newest iPhone generation can only be speculated. A range of problematic aspects in connection to the use of this technology in electronic devices shall be discussed in the following. The points raised function only as an introduction since the topic is vast and might have implications that are yet to be discovered. We debate if the technology used in the iPhone 5s might even be the ‘End of the Virtual?’.

..Security concerns

Official concerns regarding the introduction of the Touch ID were raised amongst others by US Senator Al Franken (Chairman Senate Judiciary Subcommittee) in an open letter to Apple’s CEO Tim Cook (PDF, WEB). The letter states “…while Apple’s new fingerprint reader, Touch ID, may improve certain aspects of mobile security, it also raises substantial privacy questions for Apple and for everyone who may use your products”. Al Franken supports his concerns by saying that “Passwords are secret and dynamic; fingerprints are public and permanent”. This means, once someone has access to someone else’s fingerprint, this access cannot be reversed and the security token can not be changed. ‘’…if hackers get hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life’’.


Image taken from maskable / The Touch ID explained during the introduction of the new iPone 5s at conference key note.

In this context, Al Franken also questions the filing and transferring of the fingerprint data. He demands to know if the fingerprint data stored on the phone is also being transmitted electronically to either Apple or others, and if this data is being saved on computers used to back up the device (referring to the earlier iOS version that stored unencrypted location information recorded by the device in backup files on computers). He wonders further how iTunes, iBooks and AppStore and potential future services interact with Touch ID.

These practical concerns are connected to the only recently refreshed high level discussion on data privacy with information on mass surveillance programs leaked by Edward Snowden, an American computer specialist and former CIA and NSA employee, to the Guardian in May 2013 [REF ] regarding the secret PRISM program. Similar discussions have been on the table in recent years specifically related to social media and the challenged public/private practices in an online context (Neuhaus und Webmoor, 2012, earlier blog post on urbanTick, 2011).

It seems that Senator Franken’s concerns are not ungrounded. ‘Apple’s fingerprint scan technology has been hacked’ was announced by the Computer Chaos Club, CCC, only two days after the iPhone 5s had gone on sale. The claim was backed up with a video demonstrating that ‘fingerbiometrics is unsuitable as access control method’. This ‘hack’, however, focused on the physical reproduction of a fingerprint and did not bypass the new Touch ID technology. Despite this, the attack by CCC proves how easily the new security system can be tricked and everyone with a camera, scanner, printer and a good stock of graphite powder, glycerene, and wood-glue/super-glue/theatrical-glue can repeat the procedure.

The ‘iPhone touch defeat’ also proves that users’ fingerprints are not secret, meaning that anything touched by users will have fingerprints on it, including the new phone. Senator Franken has referred to this with the ‘fingerprint being public’. And here is the real flaw of the technology. If someone gets hold of the device, he or she has basically access to ‘the lock and the key’, as the phone will be covered with fingerprints that can be reproduced to unlock the security system. Even though the chances of guessing the correct fingerprint is 1:50’000 compared to 1:10’000 with a normal 4 digit numeric key (except 1234, source Apple), now that the ‘key’ is on the phone in the form of ‘touches’ this number is meaningless, or at least reduced to 1:10.

Another question raised by the introduction of Touch ID is the digital reproduction of the fingerprint. Apple has explained that the information is not stored as a digital image. Instead it is being translated by the device into a sequence of numbers (a mathematical representation of the fingerprint derived by an specific algorithm). This implies that the print can only, if at all, re-engineered with physical access to the device. This is being discussed extensively on tech blogs, for example on The Unoffical Apple Weblog (source TUAW). In reference to these statements, it seems only a question of time until the A7 chip inside the phone is cracked.

However, the main argument highlighted by Apple is not security, but convenience. ‘’You check your iPhone dozens and dozens of times a day. Entering a passcode each time just slows you down’’. It seems as if it is annoying for customers to input four digits, or on Android models a swipe pattern. In this context, the fingerprint scanner is put forward as the user-friendly solution. With just one touch the phone is activated, unlocked and ready to use. However, when considering the security concerns discussed above, it is questionable if winning a few seconds to start up the phone is important and desirable.

..Security versus convenience

CNet askes on its website: “Should we trade our biometric data and privacy for the sake of convenience?”. The answer to this question seems straightforward: Biometrics, or biometric authentication, can be useful, but it should not be used in mobile devices as the technology is not yet error-prone and these devices can easily be lost or stolen. This seems the common agreement amongst security experts (for example in Der Spiegel). In addition, as Schneier, then President of Counterpane Systems, argued in 1998, ‘’biometrics are unique identifiers, but not secrets’’. This means, they are easy to steal and reproduce. ‘’Once someone steals your biometric, it remains stolen for life; there is no getting back to a secure situation’’. So the big question a lot of people should be asking themselves is not how quick they can access their data, but what they are giving away when using Touch ID.

In this context, it seems important to repeat that Touch ID does not actually store an image of the fingerprint, and the data is not available to any other application other than Apple apps nor stored at Apple’s servers or backed up via iCloud. For now, at least. There is no guarantee that this will be the same in the future, especially as the prospect of a vast biometric database is the dream of any national security agency, marketing company and hacker community. This means third parties will pay a lot of attention to these developments and probably exert some force to get access to some of this data. It would therefore be important to know ‘how does Apple see the actual fingerprint data and how are they going to handle it, now and in the future?’.

Whilst there are regulations as to when third parties can be forced to hand over data in connection to crime investigation, it is a complicated matter with Touch ID as the technology enables new ways of ‘tracking’ people. For example, a user logging in with Touch ID does not only confirm his or her location, but also his or her identity. This means the iPhone 5s could act as a means of evidence – ‘I was here’. So far, Apple has stated that they do not share any information with others – although the technology can be used to verify purchases. The question is therefore, as Senator Franken asks: ‘’Does Apple believe that users have a reasonable expectation of privacy in fingerprint data they provide to touch ID?’’.

There might also be some legal implications for the user of the Touch ID technology. It has been pointed out, for example by Marcia Hofmann of Wired, that the shift from PIN as an ‘known’ key to a fingerprint as a ‘what we are’ key might strip users of the right to the in the US called 5th. This Amendment protects the individual from giving evidence against him/her self. At the moment, this only applies to things one knows, knowledge, thoughts, so on and not to things one has, keys, written notes (if you write down the password on a piece of paper) or is, biometrics. Hence, on trial a person can not be forced to provide the password to a device or to decrypt information since the password is something he/she knows. A key, however, would be something the person has and this object, according to current law, can be requested. The fingerprint belongs to the person, it is part of the human body, a thing, and hence it belongs do the category of information that can not be withhold. This means access to devices or data via fingerprint scan can be enforced. This fact, in connection to Touch ID, might mean that consumers need to give up on one of their basic (human) rights, the right to withdraw information.

..Personal data and biometrics becomes mainstream

A further concern connected to Touch ID is that biometrics are becoming mainstream. Currently, the use of biometrical authentication in the public sphere is limited. Its main use is in passport and immigration control, where retina and fingerprint recognition, actual or as part of a passport, is used to identify ‘travellers’ and reduce queues at border control. Here, the data is usually linked up with secondary information or other means of verification. For example, users of a retina scan machine need also to provide their passport for optical scanning. This means, the replication of a retina scan alone does not provide access to ‘free travel’.

However, the implications of ‘normalising’ biometrics and using biometrics in everyday applications are not only connected to the risk of individuals being permanently tracked and surveilled, but also to the risk of biometrics becoming unsafe. As Schneier argued, ‘’Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications’’. This means, it is not a good idea to use your thumbprint to access your mobile phone, open your front door and unlock your file cabinet at work, as data theft would automatically lead to a catastrophe.

It could therefore be said that biometrics are not safer than other security means. With Apple suggesting to customers that ‘’Your fingerprint is one of the best passcodes in the world’’ seems therefore misleading. The question really is how much consumers are willing to trade their personal information and data for the ultimate and smooth technology experience.

In addition, in today’s context the distribution of personal information is no longer directly manageable by the individual, as user information is being left behind with every move online and regular real world services. Shopping online, borrowing books at the local library, and visiting the GP, all activities leave a ‘digital footprint’. It has become complicated to the point where it is impossible for the user to understand and control what information is left behind when using a mobile device, especially when using online and server connected apps and services. These apps are often pre-installed on the device and updated automatically. Also, the companies behind those apps are often unknown and it is unclear what kind of information they collect, store and and how this information is used or shared with third parties.

In this context, the introduction of a truly unique identifier, the fingerprint, will not only add to the information left by users, but also add to the possibility of users being personally identified across the entire range of services. This in turn changes not only the discussion around online security but also online identity. Until now, users could ‘create’ their online identity by using a pseudonym and an avatar (an icon-sized graphic image). This ‘chosen’ identity could then be adjusted or changed, any time. In the beginning of the Internet, individuals would often create and use a whole range of online identities. This has changed. Nowadays users prefer online interactions supported by ‘authentic identity’ as reported by the Guardian. This means they want to know with whom they communicate.

This practice has been taken to a new level by Google with the Google ID, an unique ID tied to an individual/account which was introduced in connection to Google+ in 2011. Facebook uses a similar user identification. Both sites, Google and Facebook, make it difficult for users to create and use multiple accounts, and it can be assumed that through this the number of IDs per individual has been dramatically reduced. This of course makes it also a lot simpler for Google and Facebook, and their respective partners, to target marketing and individual advertisement. Despite this, users often create and use different accounts for their private and professional networking. With the new Touch ID, this will no longer be possible. They will have only one account.

How individuals are uniquely identifiable online through the use and manipulation of devices is being researched widely. Besides the PIN and the here discussed biometric identification, alternative methods to provide security, in particular in connection with mobile devices, is being developed under the umbrella term of “Implicit Authentication” (via Quarz). In this case, the security is based on an ongoing security check as opposed to the one-off security check at the start of a session, for example by unlocking the phone. The idea, for example focused on by researchers at the Palo Alto Research Centre, is that the individual user displays very specific, habitual characteristics in behaviour and usage or even movement pattern that can be used to continuously monitor the usage. This will allow to determine sudden change in which case the device will immediately shut down and deny access. Such parameters being researched include location and movement patterns, the way we walk, speed and style of data input on the device, activity pattern and timing, or the subtle way the user’s hand shakes.

These methods seem, as the research shows, to deliver reliable results. At the same time, however, this extends on the privacy discussion, as data is collected on users’ bio-sensorial functions. The technology also puts pressure on individual to profile themselves. The security of such a dataset is a very different issue again, including and extending into the field of personal health and medical information. Nevertheless it represents a big move towards the identification of ‘unique’ individuals and verifying much more than the Touch ID in itself does.

..The end of the virtual?

The introduction of Touch ID or alternative biometric/behavioural authentication methods will prevent users from creating different online identities, as the fingerprint is ‘THE ID’. This means it is really you, who bought that song on iTunes, uploaded that image on Flickr and accidentally deleted that file on Prezi. And it is the very same person who called the client on Skype and tweeted about Beyonce’s concert on Twitter. It is also the same individual who banks with HSBC, shops with Sainsbury’s and hangs out at the Barbican. The point is that ‘being online’ becomes very much like ‘being offline’. Events, happenings and activities become uniquely and reliable tied to users, the individual becomes authentic and unique. Is this the end of virtual?

When looking at the introduction of Touch ID it seems so. It really is the case of as Apple put it ‘’your iPhone reads your fingerprint and knows who you are’’. Subsequently any activity becomes real and unique, and also identifiable as such by online friends and fellow users as well as service providers and traders. However, as suggested by Apple, this does not only make your life easier, but also that of marketing and consumer related businesses. At the same time, it too makes the individual responsible for his or her online activities not dissimilar to the responsibility one enjoys in person as an individual in the real world. It will no longer be possible for users to hide behind one or multiple pseudonyms or avatars. This will certainly transform practice, as both, providers and users, will have to accommodate this ‘new authentic self’ and a completely new reality of online practice.

In many ways, this discussion is related to the ‘Internet of Things’ concept which has enjoyed raising attention over the past five years. Whilst the Internet of Things is about ‘real’ objects being connected to the web, to each other and to ‘users’, Touch ID is about ‘real’ humans. An interesting aspect raised by the Tales of Things project at CASA UCL was the fact that the ‘real’ object was required to access information. This means, access to content is based on ‘real world interaction’. With Touch ID, it is very similar. It requires me, the user, to unlock information (at least once, until may fingerprint has been ‘hacked’) and interact, both online and offline. This ultimately connects the online world to reality.

This means, with and through Touch ID the online experience becomes real in the sense that it confirms that the person logging in at this moment, at this location really is the specific individual and not someone else or a bot. At a first glance, this seems great. From a security and privacy point of view, however, this raises a whole bunch of new questions and concerns that need to be addressed to enjoy this ‘brave new online world’ with yet new possibilities for both users and services. For example, national agencies and businesses might be extremely interested in this kind of data as it is the ultimate proof of someone’s activities at a given time and location. Hence, this information on habitual activities individually verified seems much more desirable for ‘outsiders’ than the actual fingerprint. Touch ID reveals what, when and where a user has been, all confirmed by his or her own fingerprint whilst unlocking or just using the device – meaning the virtual has become its realest so far with consequences and possibilities we can only begin to speculate on.


Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

..Summary

Since the launch of the new iPhone 5s by Apple, the discussion revolving around online security and privacy has been re-activated. Experts agree that with the introduction of Touch ID the use of biometrical data as a security measure in mobile devices needs to be regulated, especially in terms of storage, handling and exchange of the biometric data processed. However, when looking closer at the implications of the finger-scan-technology developed and introduced by Apple, it becomes clear that the technology not only influences the usage of our personal data, the law and rights users have, but also the way we are present online. Especially since the fingerprint, or any other to be implemented biometric or personal pattern based verification, is ‘THE ID’. With biometrical authentication, there is no way of hiding behind a pseudonym or an avatar. It is really you, the user, who activates and uses the device (at least once, before the device is ‘hacked’). This means, the new iPhone 5s links the virtual world with reality and brings them as close as they have not been before, almost merging them in practice and consequence. The online self becomes authentic. As speculated in the article, this could be the end of the virtual and the beginning of a new web and online experience where we meet real people, make real conversations, buy real goods, but also carry real responsibility.


Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

Article written by Sandra Abegglen and Fabian Neuhaus Simultaneously published on Everyday Click and urbanTick.

Continue reading »

Book – Contagious Architecture

Computers have changed the architectural process fundamentally. In most areas the practice has embraced the possibilities of the software tool and has alongside the technology transformed not just the way architecture is produced but foremost the way architecture is thought.

Whilst CAD offers flexibility and speed, 3D software visualises models and simulation tools are employed to help with strategic design decisions, its the algorithm used in parametric design where the computer code actually becomes part of the process of designing.

A new The MIT Press publication by Luciana Parisi. Parisi is senior lecturer at the centre for cultural studies at Goldsmith, University of London. She publishes a comprehensive and thought provoking discussion of the practice and the thinking of parametric design in the field of architecture. However in this text Parisi does not just simply present the software logic and practice. Instead, as she states right at the beginning:

“Algorithms do not simply govern the procedural logic of computers: more generally, they have become the objects of a new programming culture. The imperative of information processing has turned culture into a lab of generative forms that are driven by open-ended rules.”

A definition of Algorithms is provided in the notes of the book referring to David Berlinski, ” an algorithm is a finite procedure, written in a fixed symbolic vocabulary, governed by precise instructions, moving in discrete steps, 1, 2, 3, whose execution requires no insight, cleverness, intuition, intelligence, or perspicuity, and that sooner or later comes to an end.” (Berlinsky, D. (2000). The Advent of the Algorithm: The Ideas that Rule the World. New York: Harcourt.)

Whilst the book is heavy on theory a few examples are provided. All examples are carefully chosen and do not at all make up a showcase. They illustrate specific points of discussion in the text and at the same time serve are points of reference to push the thinking forward.

Image taken from archdaily.com / Kokkugia, Taipei Performing Arts Centre, 2008. Roland Snooks + Robert Stuart-Smith. The competition was won by OMA.

Image taken from corpora.hu / DoubleNegatives Architecture (dNA) Yamaguchi Centre for the Arts and Media, 2007. Sota Ichikawa.

Image taken from new-territories.com / R(&)Sie(n), Une Architecture des humeurs, 2010-2011.

What is most interesting about the concepts of algorithmic architecture discussed in this book is the fact that from the very beginning time and space are folded into one and remain present aspects of the process at any time. Whilst the use of digital tools in architecture has transformed the practice in many ways, the continuous presence of time and space as one in architectural theory is probably the most fundamental. This transforms the way architecture is thought of from a physical object to a transformative process.

This is a very specialist book and runs deep on the theory of parametric architecture and algorithm based design. It is however not just for architects and experts who work with algorithms themselves, but is definitely interesting experts from a range of fields including theoretical works. The way Parisi pushed the thinking ahead creates successfully a niche in timespace for parametric design to develop an identity.

Image taken from the MIT Press / Book cover.

Parisi, L., 2013. Contagious architecture: computation, aesthetics, and space, Cambridge MA: The MIT Press.

Continue reading »

Book – Contagious Architecture

Computers have changed the architectural process fundamentally. In most areas the practice has embraced the possibilities of the software tool and has alongside the technology transformed not just the way architecture is produced but foremost the way architecture is thought.

Whilst CAD offers flexibility and speed, 3D software visualises models and simulation tools are employed to help with strategic design decisions, its the algorithm used in parametric design where the computer code actually becomes part of the process of designing.

A new The MIT Press publication by Luciana Parisi. Parisi is senior lecturer at the centre for cultural studies at Goldsmith, University of London. She publishes a comprehensive and thought provoking discussion of the practice and the thinking of parametric design in the field of architecture. However in this text Parisi does not just simply present the software logic and practice. Instead, as she states right at the beginning:

“Algorithms do not simply govern the procedural logic of computers: more generally, they have become the objects of a new programming culture. The imperative of information processing has turned culture into a lab of generative forms that are driven by open-ended rules.”

A definition of Algorithms is provided in the notes of the book referring to David Berlinski, ” an algorithm is a finite procedure, written in a fixed symbolic vocabulary, governed by precise instructions, moving in discrete steps, 1, 2, 3, whose execution requires no insight, cleverness, intuition, intelligence, or perspicuity, and that sooner or later comes to an end.” (Berlinsky, D. (2000). The Advent of the Algorithm: The Ideas that Rule the World. New York: Harcourt.)

Whilst the book is heavy on theory a few examples are provided. All examples are carefully chosen and do not at all make up a showcase. They illustrate specific points of discussion in the text and at the same time serve are points of reference to push the thinking forward.

Image taken from archdaily.com / Kokkugia, Taipei Performing Arts Centre, 2008. Roland Snooks + Robert Stuart-Smith. The competition was won by OMA.

Image taken from corpora.hu / DoubleNegatives Architecture (dNA) Yamaguchi Centre for the Arts and Media, 2007. Sota Ichikawa.

Image taken from new-territories.com / R(&)Sie(n), Une Architecture des humeurs, 2010-2011.

What is most interesting about the concepts of algorithmic architecture discussed in this book is the fact that from the very beginning time and space are folded into one and remain present aspects of the process at any time. Whilst the use of digital tools in architecture has transformed the practice in many ways, the continuous presence of time and space as one in architectural theory is probably the most fundamental. This transforms the way architecture is thought of from a physical object to a transformative process.

This is a very specialist book and runs deep on the theory of parametric architecture and algorithm based design. It is however not just for architects and experts who work with algorithms themselves, but is definitely interesting experts from a range of fields including theoretical works. The way Parisi pushed the thinking ahead creates successfully a niche in timespace for parametric design to develop an identity.

Image taken from the MIT Press / Book cover.

Parisi, L., 2013. Contagious architecture: computation, aesthetics, and space, Cambridge MA: The MIT Press.

Continue reading »

Urban Playground

The city can be boring, repetitive and grinding at times. Its the same old routine every day, a miserable day. But hey there is no need, it can be so different. Just think, it could be this exciting world of your own. A park, an ocean a dolls house. And then the city turns into a an adventure play ground, a huge entertainment park.

This is just how Fernando Livschitz for BlackSheepFilms imagined his city. A series of shorts show cities as playgrounds Buenos Aires – Inception Park, CONO Egypt Amusement Park TVC اعلان كونو الملاهي – كونو متفائلين and NEW YORK PARK.

And remember, the next time you leave the house, think of what the city could be to you.

Continue reading »

Urban Playground

The city can be boring, repetitive and grinding at times. Its the same old routine every day, a miserable day. But hey there is no need, it can be so different. Just think, it could be this exciting world of your own. A park, an ocean a dolls house. And then the city turns into a an adventure play ground, a huge entertainment park.

This is just how Fernando Livschitz for BlackSheepFilms imagined his city. A series of shorts show cities as playgrounds Buenos Aires – Inception Park, CONO Egypt Amusement Park TVC اعلان كونو الملاهي – كونو متفائلين and NEW YORK PARK.

And remember, the next time you leave the house, think of what the city could be to you.

Continue reading »
1 2 3 4 9