Wow. I get to offer a response to a U.S. Senator.
- Can Apple extract Face ID data from a device, will Apple ever store Face ID data remotely, and can Apple confirm that it has no plans to use faceprint data for purposes other than Face ID?
The system works identically to the current Touch ID system featuring the secure enclave technology. To date, it hasn't been compromised in a meaningful way. That is security that speaks for itself.
- Where did the one billion images that were used to train Face ID come from, and what steps did the company take to ensure the system was trained on a diverse set of faces?
Apple's technology does not work based on images the way we generally think of the the term. With a mix of 3D face mapping technology first used in the motion capture industry and an infrared camera, the system can easily work with any face even in the dark. This is an important step beyond earlier systems that attempted to process raw image data for analysis. The darker skin tone made this difficult in low light environments. It was generally never about training data or diversity. It was simply a limitation of using an ordinary imaging camera sensor and analysis software for face unlock.
- Does Face ID perpetually search for a face, and does Apple locally retain the raw photos of faces used to unlock the device? Will Apple retain the faceprints of individuals other than the owner of the device?
Apple's Face ID waits for the raise to wake or button press before attempting to unlock the phone. It wouldn't be "searching" when it is off in your pocket. That would drain the battery unnecessarily. After raise to wake, the phone will search for a face if Face ID is activated.
The Face ID "faceprint" isn't stored in any form as we would understand it. A hash of data is stored in the secure enclave similar to how a hash of a fingerprint is stored. This means the data stored securely on the processor can't be back engineered into a "faceprint". It is one way encryption.
- What safeguard has Apple implemented to prevent the unlocking of the iPhone X when someone other than the owner holds the device up to the owners face? How does it distinguish a user's face from a photo or mask?
The Amimoji system showcases the leap forward in 3D face mapping that the iPhone X uses. This allows it to map over 50 facial muscle movements making it very hard for a mask or artificial prosthesis to mimic. Facial movement itself is the key. That is why the system improves on Touch ID's security to 1:1000000. Adding an infrared camera to that mapping makes it even more challenging to defeat as your skin is a lot warmer than photo paper.
- How will Apple respond to law enforcement requests to access Apple's faceprint data or the Face ID system itself?
This would also be handled similar to Touch ID. Apple is unable to process any requests for the data due to the security built into the system. If Apple could access it, anyone could potentially access it. Backdoors are bad design.
The questions are generally answered in the documents. Face ID is neat, but it isn't magic. The face capture technology pioneered a long time ago has just been made smaller and cheaper. Welcome to the future.
