U.S. Senator Raises Questions About Security and Privacy of Face ID

[oldwatery]

He is not required to watch the damn keynote. Some of us have better things to do with our lives. He is a member of the commission and it would be remiss if he did not ask some questions. What the hell is the big deal if it is secure? Is he not allowed to ask? He is not accusing your beloved Apple of anything. Talk about bitching over a petty issue.
[doublepost=1505356779][/doublepost]Apple is Big Brother....ironic eh ;-)

 

[pedzsan]

Don't you figure he doesn't really care about the answers. Its just an opportunity for free press and to impress the 8 people left on the planet that mistakenly believe that he is pertinent.

 

[JamesPDX]

I am sure if Senator Franken raised security and privacy questions a month ago about Equifax, we'd be reading very similar responses in the same critical-of-Franken voice, but only prior to the Cluster-Frak Data Breach of the year.

Relax fanboys, he's on your side. You just can't quite see it. Yet.

Trust, but verify.

 

[usarioclave]

I am sure if Senator Franken raised security and privacy questions a month ago about Equifax, we'd be reading very similar responses in the same critical-of-Franken voice, but only prior to the Cluster-Frak Data Breach of the year.
.

He's been a Senator for a couple of years. Where is his questionnaire from Equifax?

 

[jinnj]

Regarding the specific questions, my guess is that Face ID data can be extracted in principal but Apple will make it hard to do so, hopefully though encryption; that the billion training images were carefully diverse; that the device retains no faceprint other than the owner's; and that Apple must of course comply with individual warrants. I doubt that Apple has a solution to the crook who grabs your phone, holds it up at your surprised face, and then runs off with it unlocked. But in any case, I look forward to reading what Apple has to say about all of this, and I'm glad there's someone with enough clout asking these questions to compel a detailed response.

The data is encrypted. You can't access the ID data in the enclave without the passcode. An Israeli company that the FBI has used in the past was talking about "de-capping" the enclave (micro-drill the top layer of the enclave chip and probe it at a micron level). iOS loses access to the enclave once you shutdown your phone. You can do this at any time. iOS 11 will now lock access to the enclave after 5 clicks to the home button. This feature has been dubbed the cop-lock because a cop can force you to unlock a phone using TouchID/FaceID but they can't force you to enter you passcode.

 

[CarlJ]

new headline: resident old person didn't watch the keynote and is confused about face scanning phone

Age is immaterial. As a senator, it's not a good use of his time to spend 2 hours watching the keynote. Senator Franken is not a Unix guru but he is clueful about tech, he's asking reasonable questions, he would like Apple to be on the record, with congress, in answering them. He's not being accusatory, just seeking clarification. Apple will answer reasonably, everyone will be happy. Except you, apparently.

He's a smart, fair, and honest representative. We could use a few hundred more like him in congress.

 

[jhwalker]

Just a day after Apple unveiled its new flagship iPhone X equipped with a facial recognition system, United States Senator Al Franken (D-MN), who is a member of the Senate Judiciary Committee on Privacy, Technology, and the Law, sent a letter [PDF] to Apple CEO Tim Cook with some questions on the privacy and the security of the Face ID feature.

Face ID is designed to take a 3D face scan that determines the structure of a person's face and transforms it into a mathematical model for device authentication and unlocking purposes. Apple has said that Face ID is protected by the same Secure Enclave that keeps Touch ID data safe, and that all processing takes place on the device itself with no data uploaded to the cloud. Furthermore, Apple says Face ID can't be fooled by a photo or a mask.

In his letter, Franken raises concerns about how Apple plans to use facial recognition data in the future, the diversity of its training, how Apple will respond to law enforcement requests for Face ID data or the Face ID system, and if it might be fooled by a photo or a mask.Franken asks Cook to respond to a series of 10 questions, many of which have already been addressed by Apple. Among the questions:

- Can Apple extract Face ID data from a device, will Apple ever store Face ID data remotely, and can Apple confirm that it has no plans to use faceprint data for purposes other than Face ID?

- Where did the one billion images that were used to train Face ID come from, and what steps did the company take to ensure the system was trained on a diverse set of faces?

- Does Face ID perpetually search for a face, and does Apple locally retain the raw photos of faces used to unlock the device? Will Apple retain the faceprints of individuals other than the owner of the device?

- What safeguard has Apple implemented to prevent the unlocking of the iPhone X when someone other than the owner holds the device up to the owners face? How does it distinguish a user's face from a photo or mask?

- How will Apple respond to law enforcement requests to access Apple's faceprint data or the Face ID system itself?

Back when Touch ID was first announced as a new feature in the iPhone 5s, Franken sent Cook a similar letter asking for clarification on how the Touch ID feature works.

Franken asks Tim Cook to respond to all of his Face ID questions by October 13, 2017. Apple is not obligated to respond as this is not a subpoena, but the company will likely cooperate with the request for information.

Article Link: U.S. Senator Raises Questions About Security and Privacy of Face ID

Glad he's taking this on - I like that our government is asking questions like this.

 

[carpleror]

Congress should be looking closer at the Equifax mess nevermind the iphone. Besides, TouchID was only secure to 1 in 50,000(Which I had no idea of) and FaceID is 1 in 1,000,000.

Exactly! This guys worried about FaceID, meanwhile someone stole the social security and drivers license numbers of have the US population...

 

[jinnj]

Funny how the 1:50,000 failure rate of TouchID was kept secret

They mention this about a year ago.

 

[roland.g]

This is a coattail moment. Get his name in the news following the announcement. Additional legitimacy by association.

Shame on MR for adding to it.

 

[CE3]

I’m a little surprised and unsettled by the how many here seem to have an issue with someone simply asking legitimate questions about this technology. Apparently we should just blindly accept whatever Apple tells us, and if they vaguely address something at a keynote that counts as research.

Apple embracing Face ID is very likely going to catapult facial scanning into the mainstream. It’s perfectly understandable to have questions and concerns about technologies that keep our cameras and microphones on 24/7 standby mode, looking for our faces and listening for our verbal cues.

Of course I want to believe Apple takes the privacy and security of its customers very seriously, but I also remember that Apple—along with all the other tech giants—were willing participants in the NSA’s Prism Program, which compromised the security and privacy of lord only knows how many people. So at the end of the day I take everything Apple says on customer privacy and security at face value (no pun intended) and hope for the best.

 

[JoEw]

What a hack.

 

[Sikh]

He is not required to watch the damn keynote. Some of us have better things to do with our lives. He is a member of the commission and it would be remiss if he did not ask some questions. What the hell is the big deal if it is secure? Is he not allowed to ask? He is not accusing your beloved Apple of anything. Talk about bitching over a petty issue.
[doublepost=1505356779][/doublepost]Apple is Big Brother....ironic eh ;-)

Dont see anyone asking Samsung or Microsoft how their Iris Scanning system works, can it be fooled, where is the info going, etc.

We all know samsung's phones can most likely be "hacked" and the iris data can be pulled if its not already being sent to Android.

Kind of BS that Apple gets a ton of **** but no one else does. Touch ID had a secure enclave, Android finger print sensor did not. None of them do. Samsung "Knox" isn't that secure either before you mention that trash. Nexus / Pixel's dont have a secure area to store data so most likely Google has your finger prints and will sell them in a heart beat since thats their business model

 

[jeremiah256]

Exactly! This guys worried about FaceID, meanwhile someone stole the social security and drivers license numbers of have the US population...

The entire Congress is going to be knee deep in Equifax’s business very soon. That’s a major issue that needs a major response. This is the type of inquiry that is normal for individual Representatives.

 

[JamesPDX]

One priority of AI will be to inevitably crack any encryption or opposing weak AI (like Siri) at any given level, even ones IT engineers haven't yet thought of... It's just a question of how many processing cores you want to aim at a particular, eh... Service.

Until that time, AI will continue to catalog and analyze faces. The world has given AI so many selfies to build profiles from, that many will find unexpected data is being correlated. -And that's why AI should not be anthropomorphized; it doesn't have feelings or a conscience. It simply learns, adapts, and learns and adapts better.

I think that's what Senator Franken is getting at, but indirectly.

 

[developer13245]

They mention this about a year ago.

Announced with all the fanfare of Tuesday?
And TouchID has been around for 4 years...

 

[Just1n12]

Well Apple did say that your FaceID is stored on your phone in a secure enclave and not on servers at Apple so there's no real way for someone to hack in unless they look like you and they steal your phone. Which is a 1-1,000,000 chance they look like you like Apple said.

 

[Balooba]

Many weird comments here. It's one thing to talk in front of press and employees and a very different thing to testify in front of Congress. If it was Google or Amazon who suddenly released a face-scanning device we would all welcome Al Franken's requests for answers. His questions are legit and valid and are well put together. Especially given Samsung's easily spoofed technology and Microsoft's fiasco with people of color not being recognized.

I look forward to Tim Cook's responses, which of course will serve as an extra opportunity to explain how much further ahead Apple is of the competition.

 

[BeefSupreme]

Tim should just email him back, “RTFM!”

 

[Tiger8]

I am sure if Senator Franken raised security and privacy questions a month ago about Equifax, we'd be reading very similar responses in the same critical-of-Franken voice, but only prior to the Cluster-Frak Data Breach of the year.

Relax fanboys, he's on your side. You just can't quite see it. Yet.

Trust, but verify.

Thank you for that! I am surprised how many 'how dare he question God (Apple)?' Responses are in this thread. Yet at the same time, same people are blaming the government for not doing enough to protect citizens from things like the Equifax data breach. Hilarious.

 

[patrickbarnes]

The number of "stick to sports" type replies here is just depressing.

None of these are stupid questions. Part of his job on the committee is to ask exactly these sorts of questions.

The type of answer Apple would give in response to a letter from a US Senator would be far more detailed than what was provided in the keynote. Why wouldn't you want to know these things?
[doublepost=1505360001][/doublepost]

Tim should just email him back, “RTFM!”

Where in the manual is the question about law enforcement answered?

 

[trusso]

Apple's stance on how it uses customer information is absolutely crystal clear...It has no plans nor does it have the ability to access your information on the device. Google on the other hand - They are in the business of selling your personal information to marketers.

If you think that Apple is merely an innocent lamb compared to Google's ravenous wolf, you must live in a different world from (most of) the rest of us. John Adams once wrote that, as a maxim, one ought to trust no man alive with power. Corporations are only as honest as the people who work within them, and it is the responsibility of all informed adults to hold our fellow adults accountable for what they do and do not do.

Even if - which I do not grant - Apple were as pure as you say, the technological infrastructure they command could easily be used for far more nefarious purposes in the wrong hands. I hold that eternal vigilance is the best route that any of us can choose if we do not wish to become pawns in someone else's game.

 

[Steve686]

Grandstanding stunt.

It's always Apple. They just can't seem to let Apple launch without questioning some of the technology.

But, I am sure Apple has seen its legal team already prepared for several months to deal with these monotonous inquiries.

 

[Swift]

View attachment 717547 View attachment 717546

I think he'll be quite happy to answer Al's questions. And we should have lots of public comment on everything. This is an important issue. It strikes a lot of people as weird. Certainly, a company that introduced an ID system so poor that it can be fooled by a picture is not secure.
[doublepost=1505362304][/doublepost]

Just like TouchID was hacked... NOT!!!

Seems to me that, with a token made from a very complex mathematical points from the owner's face, it's much more secure than a passcode of four or six numbers, or however many points they use from your fingerprint. They said it was about a one in a million at the keynote. That would be good. The data stays on your phone, in the Secure thingie. Hasn't been breached yet, as far as I know.

 

[holysmokes]

Really none of his or the government's business. Pound sand.