New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

U.S. Senator Raises Questions About Security and Privacy of Face ID

Wednesday September 13, 2017 4:48 pm PDT by Juli Clover
Just a day after Apple unveiled its new flagship iPhone X equipped with a facial recognition system, United States Senator Al Franken (D-MN), who is a member of the Senate Judiciary Committee on Privacy, Technology, and the Law, sent a letter [PDF] to Apple CEO Tim Cook with some questions on the privacy and the security of the Face ID feature.

Face ID is designed to take a 3D face scan that determines the structure of a person's face and transforms it into a mathematical model for device authentication and unlocking purposes. Apple has said that Face ID is protected by the same Secure Enclave that keeps Touch ID data safe, and that all processing takes place on the device itself with no data uploaded to the cloud. Furthermore, Apple says Face ID can't be fooled by a photo or a mask.


In his letter, Franken raises concerns about how Apple plans to use facial recognition data in the future, the diversity of its training, how Apple will respond to law enforcement requests for Face ID data or the Face ID system, and if it might be fooled by a photo or a mask.
Since the announcement, however, reporters, advocates, and iPhone users have raised concerns about how Face ID could impact Americans' fundamental right to privacy, speculated on the ways in which Apple could use faceprint data in the future, and questioned the quality and security of the technology.

For example, it has previously been reported that many facial recognition systems have a higher rate of error when tested for accuracy in identifying people of color, which may be explained by variety of factors, including a lack of diversity in the faces that were used to train a system. Furthermore, some have expressed concern that the system could be fooled, and thus the device unlocked, by a photo or a mask of the owner of the device.
Franken asks Cook to respond to a series of 10 questions, many of which have already been addressed by Apple. Among the questions:

- Can Apple extract Face ID data from a device, will Apple ever store Face ID data remotely, and can Apple confirm that it has no plans to use faceprint data for purposes other than Face ID?

- Where did the one billion images that were used to train Face ID come from, and what steps did the company take to ensure the system was trained on a diverse set of faces?

- Does Face ID perpetually search for a face, and does Apple locally retain the raw photos of faces used to unlock the device? Will Apple retain the faceprints of individuals other than the owner of the device?

- What safeguard has Apple implemented to prevent the unlocking of the iPhone X when someone other than the owner holds the device up to the owners face? How does it distinguish a user's face from a photo or mask?

- How will Apple respond to law enforcement requests to access Apple's faceprint data or the Face ID system itself?

Back when Touch ID was first announced as a new feature in the iPhone 5s, Franken sent Cook a similar letter asking for clarification on how the Touch ID feature works.

Franken asks Tim Cook to respond to all of his Face ID questions by October 13, 2017. Apple is not obligated to respond as this is not a subpoena, but the company will likely cooperate with the request for information.

Related Roundup: iPhone X
[ 307 comments ]


Top Rated Comments

(View all)

Avatar
cmChimera
25 months ago
I like Al Franken. I kind of know the answers to these questions being an Apple fan, but I think it's important to make sure the answers to these questions are as widely known as possible. It's a win for everybody too. Apple ends up looking like privacy advocates and important questions are answered before the next FBI case.
Rating: 66 Votes
Avatar
physicsguy13
25 months ago
The government is suddenly worried about protecting our privacy? Maybe they should look at how they invade the privacy of citizens every day.
Rating: 46 Votes
Avatar
m4mario
25 months ago
Thank you Senator, for giving the opportunity for Apple to tell the answers we all already know.
Rating: 42 Votes
Avatar
griz
25 months ago
Congress should be looking closer at the Equifax mess nevermind the iphone. Besides, TouchID was only secure to 1 in 50,000(Which I had no idea of) and FaceID is 1 in 1,000,000.
Rating: 41 Votes
Avatar
itguy06
25 months ago
Al should stick to his bad comedy routines...
Rating: 39 Votes
Avatar
kmkjams
25 months ago
new headline: resident old person didn't watch the keynote and is confused about face scanning phone
Rating: 36 Votes
Avatar
briloronmacrumo
25 months ago
Someone needs to explain to Franken how serious the Equifax breech is and why it is a better use of his time.
Rating: 35 Votes
Avatar
jacobh101
25 months ago
Apple's stance on how it uses customer information is absolutely crystal clear...It has no plans nor does it have the ability to access your information on the device. Google on the other hand - They are in the business of selling your personal information to marketers.
Rating: 34 Votes
Avatar
avanpelt
25 months ago
Leave it to Stuart Smalley to go after Apple about this. :rolleyes:
Rating: 33 Votes
Avatar
Sharkoneau
25 months ago
Damn Franken, watch the keynote.
Rating: 29 Votes

[ Read All Comments ]