U.S. Senator Raises Questions About Security and Privacy of Face ID

[Swift]

The government doesn’t need to invade privacy. Most of us freely give up tonnes of Information on social media everyday.

And Google knows hundreds of times more about the average person than the Government does. People have been convinced in the present atmosphere that the government wants to surveil half the population of the globe. It doesn't, and it can't anyway. The truth about digital society, though, is that we leave tons of data and metadata around every second. There's so much that most of it just lies there. When you do something that makes a spy agency interested in you, well, you're probably in espionage or something like that. If somebody robs a 7/11, management and the cops look at the tapes to see who did it. Are the cameras invading the average citizen's security? No. Have you seen yourself on a 7/11 tape? Boring.

 

[AlexH]

I'd rather my government work on a new ID system to replace SSNs. Something encrypted, perhaps.

 

[ImBuz]

Very amusing when a comedian turned politician with no technical knowledge at all asks questions that have already been answered. There is no such thing as a dumb question, just dumb people!

Plus one for this--I have no words for this "Gentleman"

 

[jinnj]

I figured Apple may be doing something fishy as well with face ID. Is all of that processor speed helping with their probable spyware? I don't believe Apple stats either such as 1 in 1 million can't be hacked. It only takes a few people to hack it and Face ID would be over. We will see soon once this device gets released.

Apple has given people more reason to hack them as well. Any company against them could use this as a advantage. A hacked Face ID would completely blow up in Apple's face and change the world's perception of them. I don't want to lose my privacy.

Just like TouchID was hacked... NOT!!!

 

[Swift]

I like Senator Franken, but Apple has already addressed essentially everything in his list. Some of his questions make it clear he didn't read one iota of the release information about FaceID...

There's a big difference between expecting him to do tons of research before raising a concern and expecting him to at least be aware of the most basic basics which were presented AS the service was announced.

We don't need to be "crying wolf" right now when there are plenty of REAL wolves out there to deal with.

I don't think he's doing this. It's just the truth that politicians use public events to hang their concerns on. An Apple Keynote means that for one day, everybody thought about tech and wondered these things too. So, hold a hearing. Not to crucify anybody. I think Apple has good answers for all these questions. It's a way of bringing up the topic.

 

[jamesrick80]

Just like TouchID was hacked... NOT!!!

By play doh... it was

 

[JosephAW]

I love how Apple comes up with these numbers out of thin air. 50,000 & 1,000,000
What they didn't tell you that there are groups of people who have identical DNA. Truth is we have more similarities than differences.

 

[jinnj]

Franken actually tries to put energy into privacy issues (however behind the curve he might be) and as cmChimera noted, this will give Apple some additional publicity with their answers (that won't be like anyone else's).

Yes, its all mostly answered, but its good to give some additional publicity on this stuff and it gets to be on the record - to prevent future attacks by reps who favor more monitoring... JMHO...

Agreed but the problem is the media. It's a big deal until proof is shown and then the story disappears. You never hear that everything is alright.
[doublepost=1505354755][/doublepost]

By play doh... it was

Source? Link to this hack?

 

[manhattanboy]

Franken asks Cook to respond to a series of 10 questions, many of which have already been addressed by Apple. Among the questions:

- Can Apple extract Face ID data from a device, will Apple ever store Face ID data remotely, and can Apple confirm that it has no plans to use faceprint data for purposes other than Face ID?

Apple's plans for Face ID are the company's information. Why not just request the blueprints for the next iPhone as well.

- Where did the one billion images that were used to train Face ID come from, and what steps did the company take to ensure the system was trained on a diverse set of faces?

Who gives a crap. If it doesn't work for "diverse" people it will be a crapstorm that Apple will spend many months cleaning up.

- Does Face ID perpetually search for a face, and does Apple locally retain the raw photos of faces used to unlock the device? Will Apple retain the faceprints of individuals other than the owner of the device?

It probably does retain some RAW information to be able to tell gradual changes over time. But it does not retain other individuals as this would quickly eat the storage of the separate secure enclave module.

- What safeguard has Apple implemented to prevent the unlocking of the iPhone X when someone other than the owner holds the device up to the owners face? How does it distinguish a user's face from a photo or mask?

Apple has instituted the same safeguards that are used when another person forces the user's finger onto the touchID pad.

- How will Apple respond to law enforcement requests to access Apple's faceprint data or the Face ID system itself?

^^THIS is a valid question and really should have been the ONLY question that Franken asked.

 

[Mtmspa]

I like Al Franken. I kind of know the answers to these questions being an Apple fan, but I think it's important to make sure the answers to these questions are as widely known as possible. It's a win for everybody too. Apple ends up looking like privacy advocates and important questions are answered before the next FBI case.

Franken was a bad comic turned stupid politician.what a d-bag.

 

[gwangung]

I think Franken critics are way off base. And not particularly astute at politics.

As a public official, he MUST ask these questions officially and not just refer to Apple PR. It MUST be official and it MUST be on the record, with room to add technical details if asked for. Otherwise, he risks being attacked for not being thorough in his approach. And it pins Apple down in official communications to the government.

APPLE KNOWS THIS. And is happy to repeat their answers in another place to another set of questions. And Franken knows Apple knows this. It's a bit of kabuki theatre, but both parties are quite content to put this on the official record.

Please remember...not everyone is an Apple technophile, following or referring to the keynote to the answer to every question. Some would prefer written statements, with all the information gathered in one spot.

 

[Ghost31]

Apple: our system is super secure let me tell you all about it

(After hearing all about it)

Franken: but is it secure?! I don't get it

 

[jinnj]

Our entire digital life is wide open. If you use the internet no info is safe.

Facebook and AR are going to make things worst. Already seen a product being touted as a live cam that you clip on your shirt and stream live! What we need to make sure is that the companies who facilitate this are not protected by some BS law and can be sued.

 

[oplix]

The difference between touch ID and face ID is that there is no way to extrapolate your fingerprint. There are many ways to extrapolate your 3d scanned face.

 

[elvisimprsntr]

I wish Al Franken would devote as much time and resources concerning the Equifax or OPM security breach.

 

[maknik]

I personally think these are great questions. I no longer trust Apple to design products I like very much, but I do actually trust Apple to have thought through privacy issues, and I think they will have good answers to most of these questions. Furthermore, those answers should be publicized -- these are important issues -- and Senators asking for them or holding hearings is a good way to do that. This is the way government is supposed to work. Perhaps you feel that Franken himself is insincere or that government can never successfully restrain business, but while that may be the cynical truth, at least this has the form of what one should want from a functioning government. I hope Apple responds soon, and I personally look forward to seeing what they have to say.

Regarding the specific questions, my guess is that Face ID data can be extracted in principal but Apple will make it hard to do so, hopefully though encryption; that the billion training images were carefully diverse; that the device retains no faceprint other than the owner's; and that Apple must of course comply with individual warrants. I doubt that Apple has a solution to the crook who grabs your phone, holds it up at your surprised face, and then runs off with it unlocked. But in any case, I look forward to reading what Apple has to say about all of this, and I'm glad there's someone with enough clout asking these questions to compel a detailed response.

 

[jonnysods]

I like Senator Franken, but Apple has already addressed essentially everything in his list. Some of his questions make it clear he didn't read one iota of the release information about FaceID...

There's a big difference between expecting him to do tons of research before raising a concern and expecting him to at least be aware of the most basic basics which were presented AS the service was announced.

We don't need to be "crying wolf" right now when there are plenty of REAL wolves out there to deal with.

This guy reminds me of the people on here that don't search the forum for the already existing answer, they create a new thread because they didn't want to do the work looking.

 

[jinnj]

Much of this has already been addressed. In terms of law enforcement, what stops them is the law and what they are legally able to do, as well as you using the Emergency SOS (five-tap of the side button) or powering off the phone, which requires the passcode - FaceID won't suffice. In terms of continuously scanning for a matching face, it has already been identified by Apple that it will scan twice and that is it - after that the passcode is required. It seems hard to believe that anyone would believe that Apple (creators of the TouchID) wouldn't think of these things.

But yes, if you let someone take your phone, hold it up to your face, and you keep your eyes open, they could unlock it. Of course, if they grabbed your finger and put it on the phone, they could unlock it too....

Plus iOS 11 now has the "cop-lock" feature to let you lock the phone from TouchId/FaceID without having to shut it off.

 

[JackRipper]

I had a lot of respect for Mr. Franken. I enjoy his comedy.

I am baffled by his questions. He basically is asking for a TL;DR of the keynote and the pages Apple put on the website explaining the process. While I do understand that questions are part of the learning process, if you can't be bothered to do your own research, isn't this the same as bully getting you to do their homework??

 

[MacKyle]

OMG.. China and Russia are hacking our sensitive systems and this dumb comedian is complaining about Apple.

 

[adib]

Thank you Senator, for giving the opportunity for Apple to tell the answers we all already know.

You know where the "the one billion images" that Face ID was trained from? These things can cause legal issues by itself.

 

[developer13245]

A political circle-jerk.

Stuart Smalley needs to look like he's doing something useful, instead of looking like the dangerously incompetent senator that he truly is. Tim will Kowtow in faux-respect, while getting the opportunity for more press coverage marketing for face ID.

 

[smorrissey]

Go Senator Go! i can see the police putting the phone X in front of suspect people....its gonna be "fun".

 

[jcshas]

This is best comedy routine Franken has come up with since his time on SNL.

 

[developer13245]

Funny how the 1:50,000 failure rate of TouchID was kept secret until they needed to make TouchID looks like it sucks, just so they can sell you a better 1:1000,000 system....