U.S. Senator Raises Questions About Security and Privacy of Face ID

[kdarling]

Google on the other hand - They are in the business of selling your personal information to marketers.

Comments like this sometimes make me think there should be a basic knowledge test before people are allowed to post on the internet.

No, Google does not sell our personal info. If they did, they'd soon have nothing of value left. What they do, is sell anonymous ad slots.

I don't believe Apple stats either such as 1 in 1 million can't be hacked. It only takes a few people to hack it and Face ID would be over.

It's one in a million that someone else matches your template.

TouchId was hacked within two days, and nobody cared, because it required spending an hour or two making a fake print. If Face Id is similarily hacked with say, a custom made mask, most people will again think it's not a huge threat.

I also like him, but I wish he sometimes questioned the security and privacy of products from other tech companies.

He does. For example, Franken has sent at least one similar letter to Samsung before about their fingerprint sensor.

 

[fyun89]

This will be a terrible method for those who have disabilities and facial damage...

 

[jeremiah256]

- Where did the one billion images that were used to train Face ID come from, and what steps did the company take to ensure the system was trained on a diverse set of faces?

Ohh, ohh, Mr. Franken, I think I know this one! Apple's Machine Language Journal states they are working on and using simulated images for training, as many times it is difficult to get the quantity and quality of images you need.

And guys and girls, this was a good question for the government to ask for our protection and I don't believe it was covered during the event.

 

[oplix]

Ya, I would totally trust my entire biometric scanned face to Apple. Their security is so good just ask Jennifer Lawrence. It's totally not a data mine to eventually use against my knowledge for profit in advertising and movies.

 

[modemthug]

Where was he with the Samsung iris scanner or all of the Android phones you can unlock with facial recognition or fingerprint?

Publicity stunt from a blowhard

 

[Vanilla35]

But it looks bad that the government is questioning the security of their products. Even if in the end they prove to be secure, there's still a negative light brought on by the questioning. More people hear about the government questioning the security of the product than people hear the answer at the end.

That's how Washington is. You learn to not take it personally. Doesn't matter if it's in bad light; you expose the facts, and eventually, once you've gotten down to the very core of the matter, everyone ends up hating themself

 

[akadafni]

And you think a keynote for consumers is enough to truly answer his questions. Sorry but its not. Proves my point......most Apple consumers take their word without any further research.

When you have an excellent reputation with customers and provide great products and services your customers will give you the benefit of the doubt. Not there's anything wrong with asking questions.

 

[morcutt11]

And guys and girls, this was a good question for the government to ask for our protection and I don't believe it was covered during the event.

People walk around in public all of the time in front of cameras - public domain is what it is. I don't think that anyone (maybe other than Franken) would think that Apple was scanning and storing everyone's facial data...
[doublepost=1505350237][/doublepost]

This will be a terrible method for those who have disabilities and facial damage...

Why? Unless their disability constantly and significantly changed their facial features for every face scan, it would be an issue.

 

[GermanSuplex]

Wow, where do you live ? No one here gets arrested for a minor traffic infraction. Fined yes, but arrested ?

Its more to do with skipping court hearings on minor violations than actual "crimes" (forgetting to go to court for a $50 traffic ticket). But it happens.

But, where I live, I've seen people charged with obstruction for asking to tie their shoe lace. No joke. If you can get into the cop car without tripping over loose shoelaces, then you are impending their job by stooping down and tying them, you are obstructing them.

 

[Vanilla35]

Al's just looking to make an informed decision: wait for the X pre-order or go ahead and get an 8?

Can't really fault him.

Lmao, I'm in the same boat

 

[LastName]

Some of the replies here are hilarious. He's the ranking member on the sub-committee that specifically oversees this exact thing. It's his job to get on-the-record answers to these kinds of questions so that the sub-committee can be dialed into what's going on in this area in case they want to pursue regulation. Even if the info is out there, a keynote address is not an on-the-record answer.

I'm not sure Congress can be 'dialed into' much other than how to line their own pockets. As for regulation, the government would be far more likely to make regulations regarding law enforcement being able to bypass it than they would regarding our privacy. It's a nice thought to have, but they've already shown their cards and they don't give a damn about us.

 

[pat500000]

Something demonic about that picture......ugghh.

 

[jeremiah256]

People walk around in public all of the time in front of cameras - public domain is what it is. I don't think that anyone (maybe other than Franken) would think that Apple was scanning and storing everyone's facial data...
[doublepost=1505350237][/doublepost]
Why? Unless their disability constantly and significantly changed their facial features for every face scan, it would be an issue.

Look at the question in a broader sense, that can be used when addressing all the major tech companies.

If Google or FaceBook had come out with FaceID and said they used 1B images, would it be crazy to think that they might had used images for training from photos we stored on Google Drive/Google Photos and FaceBook?

For a while now (at least 5 years), iPhotos and Photos has had facial recognition software as part of the application. While out and about, you're right, you have no expectation of privacy. You probably do have that expectation with the photos you store on your Mac and in iCloud. This puts Apple on the record, forcing them to if they are or are not leveraging their access to our photos.

This question will be reused for Amazon, Google, FaceBook, and others. And it's something we should know.

 

[carrrrrlos]

Waiting for the iPhone 9, which will hopefully be the iPhone the X should have been.

 

[ani4ani]

Damn Franken, watch the keynote.

Does the keynote tell us what prevents law enforcement putting the phone up to your face to unlock it? (Perhaps without your knowledge given that it can be unlocked at numerous angles) that seems a much easier scenario than trying to force someone to expose their password / PIN or to place a finger on a reader.

What stops the phone continually registering attempts to unlock the phone when it is sitting on a table amongst a group of friends...basically using up attempts meaning it always needs a pin to unlock it?

Whilst the latter is hardly a security issue, these are to me big compromises against a basically fool proof TouchID that need explanation.

If it works so well and fast as Apple suggest then pretty easy for someone to lift it up to your face and unlock it.

 

[mariusignorello]

“...lack of diversity in the faces...”

Of course he said that. *eyes roll*
[doublepost=1505351095][/doublepost]

YESSSS. Everyone was on this forum complaining that Apple was not the first phone to do FaceID. So where were the questions for those other companies!!! We have seen PROOF that those other companies can be fooled by a picture, yet they get no questions!!!

You don’t question a company that helps you spy on people. *Google*

 

[LizKat]

Very amusing when a comedian turned politician with no technical knowledge at all asks questions that have already been answered. There is no such thing as a dumb question, just dumb people!

They only seem dumb questions because we hang out in tech forums. Most Americans don't. It won't hurt Americans or Apple either to hear Franken's questions answered publicly and so picked up in mainstream media. Americans should learn more about face recognition tech, what it's used for, what the advantages and the pitfalls are. They're probably not going to wander in here for that.

 

[Rocketman]

Al Franken is the worst politician ever and stole the erection. But he did utter this, probably with staff assistance (he has always had writers).

What safeguard has Apple implemented to prevent the unlocking of the iPhone X when someone other than the owner holds the device up to the owners face?

There's a valid question in need of a OS based override. A verbal command to lock.

 

[AdonisSMU]

And you think a keynote for consumers is enough to truly answer his questions. Sorry but its not. Proves my point......most Apple consumers take their word without any further research.

We haven't used the product in the real world yet. All we have is Apples word just like all this Senator will have is Apples word.

 

[morcutt11]

Does the keynote tell us what prevents law enforcement putting the phone up to your face to unlock it? (Perhaps without your knowledge given that it can be unlocked at numerous angles) that seems a much easier scenario than trying to force someone to expose their password / PIN or to place a finger on a reader.

What stops the phone continually registering attempts to unlock the phone when it is sitting on a table amongst a group of friends...basically using up attempts meaning it always needs a pin to unlock it?

Whilst the latter is hardly a security issue, these are to me big compromises against a basically fool proof TouchID that need explanation.

If it works so well and fast as Apple suggest then pretty easy for someone to lift it up to your face and unlock it.

Much of this has already been addressed. In terms of law enforcement, what stops them is the law and what they are legally able to do, as well as you using the Emergency SOS (five-tap of the side button) or powering off the phone, which requires the passcode - FaceID won't suffice. In terms of continuously scanning for a matching face, it has already been identified by Apple that it will scan twice and that is it - after that the passcode is required. It seems hard to believe that anyone would believe that Apple (creators of the TouchID) wouldn't think of these things.

But yes, if you let someone take your phone, hold it up to your face, and you keep your eyes open, they could unlock it. Of course, if they grabbed your finger and put it on the phone, they could unlock it too....

 

[MisterAndrew]

A very well written letter and good questions. Yes, Apple answered many in the keynote yesterday, but they were vague. I think we would all appreciate some in-depth answers from Apple. Answers delivered in an official capacity to a US Senator is quite different than answers given during a marketing presentation to the press and general public.

 

[morcutt11]

Waiting for the iPhone 9, which will hopefully be the iPhone the X should have been.

As people said about the iPhone 3, iPhone 4, iPhone 5, etc. etc.
I'm not sure what you think is missing on the X, but Apple may not share your vision, so you may not want to hold your breath.

 

[macTW]

Someone didn't do his researchhhhh

 

[The Cappy]

Did he send the same letter to Samsung? Especially after videos surfaced showing photos fooling its facial recognition?

 

[HallStevenson]

Apple / Tim Cook: Please ignore his letter