Last week, United States Senator Al Franken (who is also a member of the Senate Judicary Committee on Privacy, Technology and the Law) posed some questions to Apple regarding their newest Face ID technology.
Although Apple has included a detailed explanation of the software on its website, Franken raised concerns about the privacy of the detailed biometric system and Apple how they plan to use the feature in the future alongside wondering how it will respond to law enforcement requests.
To answer some of the questions about privacy, security and functionality, Apple’s software engineering chief Craig Federighi had a telephone interview with TechCrunch’s Matthew Panzarino.
According to Fedherighi, Face ID needs to see a user’s eyes, nose and mouth so there will be some situations where it will not work and a passcode will need to be entered instead. “If you’re a surgeon or someone who wears a garment that covers your face, it’s not going to work,” says Federighi. “But if you’re wearing a helmet or scarf it works quite well.”
Federighi was then asked to expand on how Face ID could be used with sunglasses and whether polarization is an issue. This followed information last week that said Face ID could be used with most sunglasses. Federighi said that polarization is not a problem but that there are some lenses that will block IR. The feature will work from multiple angles and distances when a device is held at a natural angle but in some cases it will need to see your face:
“It’s quite similar to the ranges you’d be at if you put your phone in front facing camera mode [to take a picture],” says Federighi. Once your space from eyes to mouth come into view that would be the matching range – it can work at fairly extreme angles — if it’s down low because your phone is in your lap it can unlock it as long as it can see those features. Basically, If you’re using your phone across a natural series of angles it can unlock it.”
Responding to security issues, Apple said that all Face ID processing is done on the device and nothing is uploaded onto the cloud or Apple’s servers. No data is collected when the TrueDepth camera scans your face on the iPhone X.
In terms of law enforcement requests for Face ID data, Apple has no data to provide. Your Face ID scan will be converted into a mathematical model in the Secure Enclave on the iPhone X and it can be reverse engineered back into a face. The same goes for Touch ID and third-parties will never have access either.
In the event that someone steals your phone and attempts to unlock it, Federighi explained that holding down the buttons on either side of the device will take it to power down screen which disables Face ID. The feature will also disable itself after five failed attempts at recognition, although Apple had documented earlier in the week that it would be disabled after two failed attempts.Similarly, when the phone reboots or Face ID has not been used in 48 hours it will require a passcode to be unlocked and if you haven’t entered a passcode in 6.5 days and Face ID has not been used in the past four hours, Face ID will be disabled until a passcode is entered.
This reconfirms many of the issues that had been raised only a day after Apple’s Keynote Event which saw the release of the new flagship iPhone X alongside the updated iPhone 8 and iPhone 8 Plus. Naturally, we’re still expecting to encounter some further inquiries once the devices have been officially launched.