U.S. Senator Raises Questions About Security and Privacy of Face ID

[Marco0107]

What safeguard has Apple implemented to prevent the unlocking of the iPhone X when someone other than the owner holds the device up to the owners face?

This is a good question asked by the Senator. Face ID will give access to the device when it is simply held up to an owner's face. No longer is a physical connection required between the device owner and their device. I, too, would like to know what safeguards are in place... if any.

 

[tentales]

Our online privacy is already dead

Just our online privacy ?

 

[GermanSuplex]

So they want this tech for their own. Imagine if a traffic-cam catches you turning right on a "don't turn right" sign and registers your face to get you arrested for a traffic violation on a "turned right on a red light" warrant.

This is another "backdoor" argument.

 

[jamesrick80]

This is a good question asked by the Senator. Face ID will give access to the device when it is simply held up to an owner's face. No longer is a physical connection required between the device owner and their device. I, too, would like to know what safeguards are in place... if any.

Exact reason why Touch ID will make it's pivotal return back next year to the iPhone X2.

 

[lazyrighteye]

Al's just looking to make an informed decision: wait for the X pre-order or go ahead and get an 8?

Can't really fault him.

 

[dancefreak]

So they want this tech for their own. Imagine if a traffic-cam catches you turning right on a "don't turn right" sign and registers your face to get you arrested for a traffic violation on a "turned right on a red light" warrant.

This is another "backdoor" argument.

I've received that ticket. Granted it wasn't my face, it was my license plate that earned me the ticket in the mail, but my face is in the picture looking like a doofus.

 

[Tech198]

Actually believe it or not pas-code is "better" always has been

 

[tentales]

So they want this tech for their own. Imagine if a traffic-cam catches you turning right on a "don't turn right" sign and registers your face to get you arrested for a traffic violation on a "turned right on a red light" warrant.

This is another "backdoor" argument.

Wow, where do you live ? No one here gets arrested for a minor traffic infraction. Fined yes, but arrested ?

 

[iapplelove]

Just our online privacy ?

Our entire digital life is wide open. If you use the internet no info is safe.

 

[redmac]

I also like him, but I wish he sometimes questioned the security and privacy of products from other tech companies.

He seems like he doesn't care if Google records everything it learns about you and never deletes your private data, or how they upload your photos to Google servers, identify faces and learn who you know, where you have been. Also no mention of Samsung phones that can be tricked by low resolution photos.

Not that their users don't deserve that, but I really want to know why he only questions Apple and gives free pass to everyone else?

 

[Jbusick7944]

OMG. A, He is a comedian. How can we take him seriously? B, of course something racial had to come up.

C, and most importantly, what happened to personal accountability? Apple isn't forcing you to buy this. They aren't forcing you to use face ID. You have the "freedom" to not buy it.

I can understand a complaint if it was mandatory that all people had to own one. This is far from it.

 

[radiology]

What a joke! Here's my advice to you: if you are concerned about it, do use it. In fact don't pre-order the phone so I have a better chance of getting my phone sooner.

 

[Tech198]

Our entire digital life is wide open. If you use the internet no info is safe.

no privacy, but depends on how many ways you protect THAT privacy, and how far you go, is important.

you may not be able to protect it all, but you can do a darn good job to keep it minimized.

 

[FrontFoot]

Damn Franken, watch the keynote.

I get it. His questioning seems redundant. But a Keynote is a commercial. It's a curated marketing event. Apple only presents what it wants to present. They are not forums for consumer questions and/or concerns. Franken's inquiry is a response to the Keynote. While it may seem trivial in the totality of a Senator's portfolio, Apple sells millions of these devices (to us!) and among Apple's customers are Franken's constituents. Asking these questions of Apple in a context separate from a marketing event is appropriate and responsible, particularly when privacy is involved. Apple is a great American company pushing the boundaries of technology. Responding to and reassuring consumers, and the elected officials by whom they are represented, is merely one of the duties of a company with the reach, impact and size of Apple.

 

[mariusignorello]

Didn’t they do this crap with Touch ID too?

 

[iapplelove]

no privacy, but depends on how many ways you protect THAT privacy, and how far you go, is important.

you may not be able to protect it all, but you can do a darn good job to keep it minimized.

There is no protection, only the illusion of protection.

 

[morcutt11]

Al Franken - figures. He's concerned about a device that scans your face, which could be done by anyone and anything when your in public. How is there more of a concern than with fingerprints, which everyone freaked out about originally when Apple rolled it out. As I recall Apple had to send letters to congressmen, explaining how the secure enclave in the device worked. Looks like they forgot all of that already.

 

[Tech198]

There is no protection, only the illusion of protection.

False... there is always protection if people wanna explore it. Just not "full protection" we would like to have. and would not apply globally to everyone... it would depend. But its possible to have the protection we like.

 

[morcutt11]

Didn’t they do this crap with Touch ID too?

Yup, they sure did and Apple will have to explain it all over again....

 

[iapplelove]

False... there is always protection if people wanna explore it. Just not "full protection" we would like to have. and would not apply globally to everyone... it would depend. But its possible.

There is protection just not "full" protection ? Stop and think please.

 

[BornAgainMac]

The keynote also showed that the parallel universe Spock with a beard can use Spock iPhone communicator so Spock would need to create a 5 digit passcode in those situations.

 

[morcutt11]

This is a good question asked by the Senator. Face ID will give access to the device when it is simply held up to an owner's face. No longer is a physical connection required between the device owner and their device. I, too, would like to know what safeguards are in place... if any.

You realize it works just like fingerprints in terms of how the information is stored in the phone right? Apple stated that the face image of the owner is stored in the secure enclave, just like fingerprints were. That is a one-way storage; the information can't be extracted - all you can do is scan another image and ask the enclave to compare them for a match. It isn't storing everyone's faces, facial data can't be extracted, etc. The phone can't be held up to their face while their sleeping to knock the phone (whereas you could use someone's fingerprint while they were sleeping), etc. So there are plenty of safeguards...

 

[davidwes]

I also like him, but I wish he sometimes questioned the security and privacy of products from other tech companies.

He seems like he doesn't care if Google records everything it learns about you and never deletes your private data, or how they upload your photos to Google servers, identify faces and learn who you know, where you have been. Also no mention of Samsung phones that can be tricked by low resolution photos.

Not that their users don't deserve that, but I really want to know why he only questions Apple and gives free pass to everyone else?

YESSSS. Everyone was on this forum complaining that Apple was not the first phone to do FaceID. So where were the questions for those other companies!!! We have seen PROOF that those other companies can be fooled by a picture, yet they get no questions!!!

 

[supercoolmanchu]

Some of the replies here are hilarious. He's on the sub-committee that specifically oversees this exact thing. It's his job to get on-the-record answers to these kinds of questions so that the sub-committee can be dialed into what's going on in this area in case they want to pursue regulation. Even if the info is out there, a keynote address is not an on-the-record answer.

Actually as pointed out before, Franken seems to entirely ignore many bigger tech security issues, that would be much more dire and relevant to the focus of his sub-committee.

If you haven’t figured this out already, he’s only using Apple product rollouts for free media time and political attention whoring. Consider the content history of his statements and actions, it would be foolish to assume his interest is noble or any deeper than this.

 

[nexesnex]

I like Senator Franken, but Apple has already addressed essentially everything in his list. Some of his questions make it clear he didn't read one iota of the release information about FaceID...

There's a big difference between expecting him to do tons of research before raising a concern and expecting him to at least be aware of the most basic basics which were presented AS the service was announced.

We don't need to be "crying wolf" right now when there are plenty of REAL wolves out there to deal with.

I blame this one on his aides. They really should have spent 10 minutes reading about FaceID before spending probably 2 hours writing this for him.... or, maybe, one of them missed the keynote. And, this is their way of receiving the cliff-noted version .