U.S. Senator Raises Questions About Security and Privacy of Face ID

[WatchFromAfar]

Congress should be looking closer at the Equifax mess nevermind the iphone. Besides, TouchID was only secure to 1 in 50,000(Which I had no idea of) and FaceID is 1 in 1,000,000.

But before Apple told you touchID was 1 in 50,000 times secure you trusted your life with it. Now just because their new thing has a bigger number you're all in on that? How about asking why Apple's current line up (SE, 6S, 6S+, 7, 7+) all use a system 20 times less secure than the flagship model.

 

[carrrrrlos]

Umm Samsung has two notches one on top and bottom. Its more symmetrical but its there.

Yep, the screen allows for room on both top and bottom, but the screen is not notched off or blocked at any point.

 

[FidelSarcastro]

Good questions from Al Franken! There is a difference what a company says as marketing and to the government. Notice: someone without knowledge could not come up with these questions! It is important to get these answers official.
Not a bad thing for Apple...good job from the senator...important for us. Reread the questions! They are spot on!

ps. iam not a native english speaker

 

[MrX8503]

Another poster too lazy to research which other companies Franken has requested info from.

I'm sure he has, but Apple is held to a higher standard due to their consumer reach.

 

[dampfnudel]

Apple's stance on how it uses customer information is absolutely crystal clear...It has no plans nor does it have the ability to access your information on the device. Google on the other hand - They are in the business of selling your personal information to marketers.

It's not necessarily Apple some of us are concerned about. It's not out of the realm of possibilities that some other "actor" could gain access in the future.

 

[alexgowers]

Senator Franken is Great but he clearly doesn’t understand the basics of how biometric data is stored. The same happened with Touch ID and we know they don’t store fingerprints. The only potential difference is that you walk around with your face on show and it is scannable unlike a fingerprint but would require Apple to do some super dodgey stuff to accomplish what could be done many others ways with ease.

 

[SarcasticJoe]

Seeing how pretty much all of his questions were answered during the unveiling of the feature I'd say it's pretty clear this isn't about any real public safety or security concerns, it's really just about the politician in question trying to ensure his name is out there and people know who he is so they'll vote for him.

This person once again goes to show that term limits should be a thing for all elected positions...

 

[kdarling]

I'm sure he has, but Apple is held to a higher standard due to their consumer reach.

He's presented similar question lists to others with similar reach like Google and Samsung.

I don't agree with all his concerns, but it's part of his job.

 

[Lancer]

Were these questions asked with Samsung's face ID?

 

[kdarling]

Were these questions asked with Samsung's face ID?

Samsung claimed their fingerprint sensor was secure, so he gave them a similar questionaire on that.

Samsung never said their simple facial recog was anything more than a novelty.

 

[notabadname]

It's just an easy way for him to Granstand. He knows he gets publicity with a company like Apple. It's an easy, no-lose formula.

 

[JamesPDX]

I think he'll be quite happy to answer Al's questions. And we should have lots of public comment on everything. This is an important issue. It strikes a lot of people as weird. Certainly, a company that introduced an ID system so poor that it can be fooled by a picture is not secure.

[doublepost=1505362304][/doublepost]

Seems to me that, with a token made from a very complex mathematical points from the owner's face, it's much more secure than a passcode of four or six numbers, or however many points they use from your fingerprint. They said it was about a one in a million at the keynote. That would be good. The data stays on your phone, in the Secure thingie. Hasn't been breached yet, as far as I know.

Perhaps. But when something is breached correctly, the breached won't know about it for a long time, if ever. Like StuxNet. Here's an example of the ham-handed company whose executives dumped their stocks before going live: http://www.bbc.com/news/technology-41257576 and a company who has just been kicked off of us.gov machines: http://www.bbc.com/news/world-us-canada-41262049

Subjects of a Senate Judiciary Committee inquiry are bound under US Code, Title 18, Sections 1621 and 1001: One must answer truthfully and without omission or obfuscation; that means no marketing ploys or lying, or one will get slapped with a fine and/or go to federal prison. So, a tweeted link to a keynote speech is not going to cover the inquiry. It also goes into the Congressional Record. That's permanent retention that you can't drag to the trash or report, or down-vote. This is serious. This is for the protection of the end-user. Hopefully everyone will eventually recognize this.

 

[thekeyring]

Further proof that Face ID is a legitimate advancing of technology. The Samsung S8 didn't generate this interest from the government.

 

[Novus John]

Why? It's a scan of their face. The scans will match.

Without an in-depth analysis of the tech it's really hard to say whether people with facial damage and disabilities will be able to use the tech. Tim Cook during the presentation mentioned that it's an on-hardware neural network solution, which means that it all depends on the initial input data.

 

[Cloudane]

It's important to ask these questions and I'm glad people are as it reinforces their importance.

Even though we already know a lot of the answers - it's secured in the same way as TouchID, just with a face instead of a finger. Due to how Secure Enclave works, if asked to provide a government with the data, they literally can't.

 

[Mike MA]

What safeguard has Apple implemented to prevent the unlocking of the iPhone X when someone other than the owner holds the device up to the owners face? How does it distinguish a user's face from a photo or mask?

Did he watch the keynote?

 

[axe9920]

It must have taken longer to write the questions out than it would to have found out nearly all the answers. So desperate to be relevant he doesn't care whose time is wasted.

 

[palmerc]

Well, consumer protection is an important function of government, but to some extent the questions he's asking would require a huge amount of background knowledge to truly explain. However, in essence, this is the same thing as TouchID but with 3-dimensions instead of two and he raised similar questions when that launched.

 

[BBOY_FYC]

Congress should be looking closer at the Equifax mess nevermind the iphone. Besides, TouchID was only secure to 1 in 50,000(Which I had no idea of) and FaceID is 1 in 1,000,000.

First of all, I strongly agree on the Equifax thing; very disturbing but the news around it already faded... But this is a website about Apple related news so I will not digress.

Regarding Apple: How did they conclude the error for FaceID is 1 in 1,000,000, and for TouchID is 1 in 50,000? Is this empirical data? The security measures they have in place to prevent information leaks before products are released, also means real life testing is more limited. I feel the numbers we are given might be more extrapolations than fact. We should always be careful with taking statements as true without questioning its origin.

I also like to read more on the test groups used; diversity in race, how many people were used, what were the error ratios, etc. Although FaceID can be used in the dark, does lighting plays a role or not at all in functionality/error ratio?

Personally I am convinced that facial recognition can be safe, and safer than fingerprints if the technology is there/used correctly, and I have trust in Apple they are truthfully in the way they represent their product. I just feel that transparency regarding the development process would help them even further taking away any doubt in people.

 

[supercoolmanchu]

He's presented similar question lists to others with similar reach like Google and Samsung.

I don't agree with all his concerns, but it's part of his job.

His job also includes oversight of online data collection and privacy, which is where Equifax happened entirely during his tenure. How many other major online privacy breaches have happened under the watch of Franken? But within 24 hours, he’s press releasing obvious questions about a device feature that doesn’t ship for 6 weeks.

When people use the argument ‘he’s just doing his job’ to support him, it logically cancels because Franken clearly hasn’t been doing his job.

 

[AdonisSMU]

Yep, the screen allows for room on both top and bottom, but the screen is not notched off or blocked at any point.

It is notched off. Its called dead space. Apple gives you the option for dead space if you want it when watching videos.
[doublepost=1505387531][/doublepost]

His job also includes oversight of online data collection and privacy, which is where Equifax happened entirely during his tenure. How many other major online privacy breaches have happened under the watch of Franken? But within 24 hours, he’s press releasing obvious questions about a device feature that doesn’t ship for 6 weeks.

When people use the argument ‘he’s just doing his job’ to support him, it logically cancels because Franken clearly hasn’t been doing his job.

No one knows if he has brought up these questions with other companies. The news media doesn't report everything that happens in congress if its not a pressing issue. Behind closed doors he may have been doing plenty. I think in this case he should ask these questions especially in the wake of the Equifax scandal.

 

[Darryl.Jenks]

Every time Franken has to question security on everything Apple does. Every time.

And all of the answers to his questions are already available for anyone who knows how to use the Google or has staffers who do. The uncomfortable truth is Al's either not all that bright or a preening showman...or both. I'm going with both.

 

[Arran]

"Trust but verify", gone out of style, has it?

 

[bbplayer5]

Why all the negative comments? These questions are 100% spot on, even if we know the answers to some of them. Those of you who have never had your identity stolen, great. Those of us that have, love hearing a reassuring answer to questions like these.

 

[star_nerdy]

Al should stick to his bad comedy routines...

He has been an extremely good senator for nearly a decade and has been leading the charge to keep net neutrality.

Franken is a fantastic senator and he has a valid point.