U.S. Senator Raises Questions About Security and Privacy of Face ID

[MacRumors]

Just a day after Apple unveiled its new flagship iPhone X equipped with a facial recognition system, United States Senator Al Franken (D-MN), who is a member of the Senate Judiciary Committee on Privacy, Technology, and the Law, sent a letter [PDF] to Apple CEO Tim Cook with some questions on the privacy and the security of the Face ID feature.

Face ID is designed to take a 3D face scan that determines the structure of a person's face and transforms it into a mathematical model for device authentication and unlocking purposes. Apple has said that Face ID is protected by the same Secure Enclave that keeps Touch ID data safe, and that all processing takes place on the device itself with no data uploaded to the cloud. Furthermore, Apple says Face ID can't be fooled by a photo or a mask.

In his letter, Franken raises concerns about how Apple plans to use facial recognition data in the future, the diversity of its training, how Apple will respond to law enforcement requests for Face ID data or the Face ID system, and if it might be fooled by a photo or a mask.

Since the announcement, however, reporters, advocates, and iPhone users have raised concerns about how Face ID could impact Americans' fundamental right to privacy, speculated on the ways in which Apple could use faceprint data in the future, and questioned the quality and security of the technology.

For example, it has previously been reported that many facial recognition systems have a higher rate of error when tested for accuracy in identifying people of color, which may be explained by variety of factors, including a lack of diversity in the faces that were used to train a system. Furthermore, some have expressed concern that the system could be fooled, and thus the device unlocked, by a photo or a mask of the owner of the device.

Franken asks Cook to respond to a series of 10 questions, many of which have already been addressed by Apple. Among the questions:

- Can Apple extract Face ID data from a device, will Apple ever store Face ID data remotely, and can Apple confirm that it has no plans to use faceprint data for purposes other than Face ID?

- Where did the one billion images that were used to train Face ID come from, and what steps did the company take to ensure the system was trained on a diverse set of faces?

- Does Face ID perpetually search for a face, and does Apple locally retain the raw photos of faces used to unlock the device? Will Apple retain the faceprints of individuals other than the owner of the device?

- What safeguard has Apple implemented to prevent the unlocking of the iPhone X when someone other than the owner holds the device up to the owners face? How does it distinguish a user's face from a photo or mask?

- How will Apple respond to law enforcement requests to access Apple's faceprint data or the Face ID system itself?

Back when Touch ID was first announced as a new feature in the iPhone 5s, Franken sent Cook a similar letter asking for clarification on how the Touch ID feature works.

Franken asks Tim Cook to respond to all of his Face ID questions by October 13, 2017. Apple is not obligated to respond as this is not a subpoena, but the company will likely cooperate with the request for information.

Article Link: U.S. Senator Raises Questions About Security and Privacy of Face ID

 

[avanpelt]

Leave it to Stuart Smalley to go after Apple about this.

 

[itguy06]

Al should stick to his bad comedy routines...

 

[OldSchoolMacGuy]

Every time Franken has to question security on everything Apple does. Every time. He's a great guy but seems to waste his energy on this each time.

Franken questioned the security of:

Apple Pay
Touch ID
Siri
iOS 4
Location Services

 

[filmantopia]

Franken should spend more time co-sponsoring Sanders' Medicare for All bill than criticizing tech he seems to not have done very basic research on.

 

[cmChimera]

I like Al Franken. I kind of know the answers to these questions being an Apple fan, but I think it's important to make sure the answers to these questions are as widely known as possible. It's a win for everybody too. Apple ends up looking like privacy advocates and important questions are answered before the next FBI case.

 

[amolediphone]

Leave it to Stuart Smalley to go after Apple about this.

I thought you said Stuart SMILEY! that would be an apt name.

 

[jacobh101]

Apple's stance on how it uses customer information is absolutely crystal clear...It has no plans nor does it have the ability to access your information on the device. Google on the other hand - They are in the business of selling your personal information to marketers.

 

[OldSchoolMacGuy]

I like Al Franken. I kind of know the answers to these questions being an Apple fan, but I think it's important to make sure the answers to these questions are as widely known as possible. It's a win for everybody too. Apple ends up looking like privacy advocates and important questions are answered before the next FBI case.

But it looks bad that the government is questioning the security of their products. Even if in the end they prove to be secure, there's still a negative light brought on by the questioning. More people hear about the government questioning the security of the product than people hear the answer at the end.

 

[profets]

Here we go.. like the Touch ID launch all over again. The amount of ridiculous complaints from that launch 4 years ago was exhausting.

Good thing history isn't repeating itself with Face ID.

 

[m4mario]

Thank you Senator, for giving the opportunity for Apple to tell the answers we all already know.

 

[KENESS]

I like Senator Franken, but Apple has already addressed essentially everything in his list. Some of his questions make it clear he didn't read one iota of the release information about FaceID...

There's a big difference between expecting him to do tons of research before raising a concern and expecting him to at least be aware of the most basic basics which were presented AS the service was announced.

We don't need to be "crying wolf" right now when there are plenty of REAL wolves out there to deal with.

 

[FreakinEurekan]

I'm confident that the system is both safe and secure. But I don't blame Sen. Franken at all for asking.

 

[Sharkoneau]

Damn Franken, watch the keynote.

 

[physicsguy13]

The government is suddenly worried about protecting our privacy? Maybe they should look at how they invade the privacy of citizens every day.

 

[griz]

Congress should be looking closer at the Equifax mess nevermind the iphone. Besides, TouchID was only secure to 1 in 50,000(Which I had no idea of) and FaceID is 1 in 1,000,000.

 

[johnfrombeyond]

Very amusing when a comedian turned politician with no technical knowledge at all asks questions that have already been answered. There is no such thing as a dumb question, just dumb people!

 

[macslayer118]

I’m very interested in the first part to his 4th question. It’s the only thing that concerns me about the privacy of the iPhone X.

 

[jamesrick80]

I figured Apple may be doing something fishy as well with face ID. Is all of that processor speed helping with their probable spyware? I don't believe Apple stats either such as 1 in 1 million can't be hacked. It only takes a few people to hack it and Face ID would be over. We will see soon once this device gets released.

Apple has given people more reason to hack them as well. Any company against them could use this as a advantage. A hacked Face ID would completely blow up in Apple's face and change the world's perception of them. I don't want to lose my privacy.

 

[briloronmacrumo]

Someone needs to explain to Franken how serious the Equifax breech is and why it is a better use of his time.

 

[izyreal]

It's kind of ridiculous that he cares about the privacy of FaceID given that the U.S. government is working on systems that will do facial recognition of crowds.

 

[CylonGlitch]

Needs to make these questions to Google, Samsung and most importantly Huawei. Think that any of them would even respond? Not likely.

 

[341328]

Every time Franken has to question security on everything Apple does. Every time. He's a great guy but seems to waste his energy on this each time.

Franken questioned the security of:

Apple Pay
Touch ID
Siri
iOS 4
Location Services

Questions and public debate should be encouraged on any topic.

 

[kmkjams]

new headline: resident old person didn't watch the keynote and is confused about face scanning phone

 

[Michaelgtrusa]

He has legitimate concern as anyone should, their are nefarious individuals that have access to this technology, something to keep in mind.