How private can Face ID really be?

It only took one day after Apple revealed its new flagship iPhone X, equipped with the latest facial recognition software, that it was criticized in regards to its privacy.

United States Senator Al Franken (D-MN), who is a member of the Senate Judiciary Committee on Privacy, Technology and the Law sent a letter to the CEO of Apple, Tim Cook, with questions regarding the privacy of the new Face ID feature.

This feature is designed to take a 3D face scan that will determine the structure of your face and transform it to a mathematical model for the purpose of device authentication and unlocking. Apple have already stated that Face ID is protected by the same Secure Enclave that keeps Touch ID safe, meaning that all processing will take place within the device itself rather than on the cloud. The company also confirmed that users can’t fool this feature with the use of a photograph or even a mask.

In Franken’s letter he raises concerns about how Apple plan to use facial recognition in the future, how diverse its training is and how the company will respond to law enforcement requests for the Face ID system:

Since the announcement, however, reporters, advocates, and iPhone users have raised concerns about how Face ID could impact Americans’ fundamental right to privacy, speculated on the ways in which Apple could use faceprint data in the future, and questioned the quality and security of the technology. 

For example, it has previously been reported that many facial recognition systems have a higher rate of error when tested for accuracy in identifying people of color, which may be explained by variety of factors, including a lack of diversity in the faces that were used to train a system. Furthermore, some have expressed concern that the system could be fooled, and thus the device unlocked, by a photo or a mask of the owner of the device.

When Touch ID was first introduced on the iPhone 5s, Franken addressed a similar letter to Cook asking for clarification on the feature but now he has asked Tim Cook to respond to a series of ten questions by October 13. These include things such as:

  • Can Apple extract Face ID data from a device, will Apple ever store Face ID data remotely, and can Apple confirm that it has no plans to use faceprint data for purposes other than Face ID?
  • Where did the one billion images that were used to train Face ID come from, and what steps did the company take to ensure the system was trained on a diverse set of faces?
  • Does Face ID perpetually search for a face, and does Apple locally retain the raw photos of faces used to unlock the device? Will Apple retain the faceprints of individuals other than the owner of the device?
  • What safeguard has Apple implemented to prevent the unlocking of the iPhone X when someone other than the owner holds the device up to the owners face? How does it distinguish a user’s face from a photo or mask?
  • How will Apple respond to law enforcement requests to access Apple’s faceprint data or the Face ID system itself?

However, some of these may have already been answered by Apple and, of course, the company is not obliged to respond but its likely that they will cooperate.


About the Author

Helen is a Digital Copywriter at Precise English, a copywriting and marketing agency based in the UK.