Facial Recognition Startups Report Increased Interest in Their Tech After Apple's Reveal of Face ID

[HEK]

I can think of a lot of such scenarios, especially if your phone is in your pocket (or off your person) and the cops yell "Hands up now or we shoot!".

You seem to be assuming you'll have lots of warning. Not always the case.

Yup...guess your fxxxxd all right. Damn Apple, how could they do this to me. Have you considered a Samsung phone, cheaper so you don’t loose as much at each arrest when phone is confiscated. Or how about carrying a burner phone. Buy em by the dozen, get discount. You could keep fake stuff on em as well, really send police off in wrong direction. Don’t mean to go off topic, but you seem quite concerned about arrest. You work at the White House? Just asking.

 

[Tech198]

lol.

Startups are all good, but its not how it looks, it how it works well with security.

 

[kdarling]

Don’t mean to go off topic, but you seem quite concerned about arrest. You work at the White House? Just asking.

lol. Well I did used to be in the military arm of NSA.

Actually, usually I'm in trouble here for saying people need tin foil hats for thinking everyone wants to know all their secrets

However, it's just as ridiculous to claim that people who do want to lock down their phone will always have the opportunity to.

The long and the short of it to me, is that people should not expect their phone to be a totally safe spot to leave personal items they don't want seen.

 

[err404]

In short, apps do not have to add FaceId support; it's automatic. They can only remove it.

Basically, Apple has heavily stacked the deck in favor of FaceId adoption.

Yes, and I can assure you that it can be removed from devices that only support Face ID. This is a legal issue for sensitive apps. I fully expect that Face ID will be sufficiently secure, but if these companies don’t have early access to the tech, expect that functionality may intentionally limited at launch.

 

[kenny2]

Google wallet was around for awhile with NFC, but no one used it or cared.

Great for competition, especially since Samsung pay actually surpassed Apple pay with usability (Works with magnetic strip)

can't remember how many years ago anybody used magnetic strips in Europe/UK. Its been chip and pin for so long I can't remember the old stuff. Sweden is even considering the possibility of going cashless.

 

[kdarling]

Yes, and I can assure you that it can be removed from devices that only support Face ID.

Yes, as I already pointed out.

This is a legal issue for sensitive apps.

I don't see how. Apple's authentication API only ever promised biometric, not finger specifically. If anything, legal liabilities would be on Apple's side.

I fully expect that Face ID will be sufficiently secure, but if these companies don’t have early access to the tech, expect that functionality may intentionally limited at launch.

Any company that does that is certainly going to lose its customers.

 

[Zaft]

can't remember how many years ago anybody used magnetic strips in Europe/UK. Its been chip and pin for so long I can't remember the old stuff. Sweden is even considering the possibility of going cashless.

US is rather slow as far as chip and pin. Plenty of places still have magnetic strip.

 

[HEK]

lol. Well I did used to be in the military arm of NSA.

Actually, usually I'm in trouble here for saying people need tin foil hats for thinking everyone wants to know all their secrets

However, it's just as ridiculous to claim that people who do want to lock down their phone will always have the opportunity to.

The long and the short of it to me, is that people should not expect their phone to be a totally safe spot to leave personal items they don't want seen.

That seems to logical....LOL. With people putting their whole lives on web with things like Facebook, and Equifax releasing rest of your personal data, not much left to hide.

 

[err404]

I don't see how. Apple's authentication API only ever promised biometric, not finger specifically. If anything, legal liabilities would be on Apple's side.

Any company that does that is certainly going to lose its customers.

Sorry, but no. A bank for example can’t use Apples PR to bypass an independent review of an authentication method and expect not to be liable.
There are also legal definitions of a “signature” that may have implications.
I think any company NOT performing their due diligence will be more at risk of losing customers than those that do.
For the record I like the idea of FaceID and fully expect it to work out. Just don’t be surprised if companies need some hands on time to evaluate it before excepting the risks.

 

[kdarling]

Sorry, but no. A bank for example can’t use Apples PR to bypass an independent review of an authentication method and expect not to be liable.
There are also legal definitions of a “signature” that may have implications.

US banks already accept zero or very little user authentication with physical cards. They don't even ask stores to verify signatures any more, yet the one we give is enough to satisfy a vague Federal requirement for identification purposes.

As for regulations outside of the US, I suspect that Apple's legions of lawyers have that covered, though of course we'd all be interested in any such rules you can point at.

TouchId and FaceId are simply shortcuts to entering a passcode. Moreover, they do NOT REPEAT NOT guarantee in any way that the person who is registered to unlock the phone is actually the owner of the bank cards. That could only be done if each card was registered in person at a bank where your biometrics were taken and stored. So it's not like they're absolute authentication in the first place. Again, they're about convenience more than anything else.

 

[err404]

US banks already accept zero or very little user authentication with physical cards. They don't even ask stores to verify signatures any more, yet the one we give is enough to satisfy a vague Federal requirement for identification purposes.

As for regulations outside of the US, I suspect that Apple's legions of lawyers have that covered, though of course we'd all be interested in any such rules you can point at.

TouchId and FaceId are simply shortcuts to entering a passcode. Moreover, they do NOT REPEAT NOT guarantee in any way that the person who is registered to unlock the phone is actually the owner of the bank cards. That could only be done if each card was registered in person at a bank where your biometrics were taken and stored. So it's not like they're absolute authentication in the first place. Again, they're about convenience more than anything else.

As you say the rules are vague, but any change to authentication needs to be reviewed. Most US banks have already commented that they need to evaluate FaceID (you are free to google that yourself).
I have said several times that I don’t expect it to be an issue, but it is not something that companies will allow without a review. The question is if they will have the ability to do this prior to the iPhone X launch.
BTW a lot of your post is conflating authorization with authentication. These are not the same standards.

 

[kdarling]

I have said several times that I don’t expect it to be an issue, but it is not something that companies will allow without a review. The question is if they will have the ability to do this prior to the iPhone X launch.

Looks like with the delay in production, they can at least prepare to remove access if they wish. But you know that if one bank allows it, the others will as well, out of fear of no longer being used.

BTW a lot of your post is conflating authorization with authentication. These are not the same standards.

I was only posting about user authentication. Where did you see any authorization context?