By Dan Moren
February 9, 2016 12:30 PM PT
Wish List: Document security via Touch ID
The forthcoming iOS 9.3 update promises to bring improved security for Notes, letting you protect them with Touch ID, but what I’d really like to see is the ability to send secured documents—such as notes—to others, with the ability to decrypt them via Touch ID.
As much as the importance of good security hygiene—strong unique passwords, browsing with SSL, password protected Wi-Fi networks—has become a part of everyday life, one place that we don’t always do the best job of security is in sending personal information to other people. As a freelancer who has to send out his social security number to employers, I try to be cautious about this fact, but the best option these days is often to send an encrypted PDF, then relay the password via another channel, such as by iMessage or even telephone. Unsurprisingly it’s clunky and annoying, and there really should be a better way.
So wouldn’t it be cool if there were a way to send secure encrypted documents to your contacts and let those users access those documents via Touch ID? For example, I encrypt a secure document I want to give Jason, then send it to him via email; when he receives it, he can only open the document once he’s unlocked it via Touch ID.
Granted, this is definitely on the complicated side, since it not only requires a system that lets you verify that you are you—which Touch ID can partially handle—but also then needs to let you ensure that your contacts are who they claim to be. That would probably mean some form of public key infrastructure (PKI) along with stricter identity checking than currently exists. (I.e., if you happen to have your significant other’s fingerprint stored in Touch ID to allow them to unlock your phone, you still might not want to give them access to the secured documents therein. So iOS might need the ability to recognize different users based on their fingerprints.)
That said, behind-the-scenes encryption isn’t out of Apple’s bailiwick. The company already encrypts iMessage end-to-end1; it’d be nice to see that security extend to other methods of communication, such as email. Google, for example, just recently started alerting Gmail users to emails that are sent from services that don’t support encryption.
Despite many of our politicians’ insistence to the contrary, the prevalence of encryption is a good thing: not only does it help us keep our private information free from prying eyes, thus combatting increasingly common threats like phishing and identity theft, but it can also protect us from government snooping and overreach. Giving us the ability to easily and quickly encrypt our sensitive documents would go a long way towards keeping personal information out of the wrong hands.
Yes, the company can theoretically retrieve copies of those messages from iCloud backups. ↩
[If you appreciate articles like this one, help us continue doing Six Colors (and get some fun benefits) by becoming a Six Colors subscriber.]