We Asked 6 Privacy and Legal Experts About Apple’s New Face ID
Here’s an answer to every question you have about Apple’s latest innovation.
Immagine: Shutterstock/Apple / Composition: Louise Matsakis
Apple executives stood on stage Tuesday and revealed the way we'll unlock the brand new iPhone X: with our faces, using a new feature called Face ID.
It utilizes the selfie camera's "TrueDepth" camera system—a set of sensors and a dot projector—to create a super detailed 3D map of your mug. The dot projector places 30,000 digital points onto your face, capturing the contours and features that make you unique. The system is designed to learn and improve each time it looks at you, and Apple says it should still work even if you change your hairstyle or get glasses.
Like the facial recognition tech in Samsung's Galaxy S8's—which was shockingly easy to hack—the iPhone X's Face ID is raising concerns about privacy, especially in situations where law enforcement is involved. I reached out to six privacy and legal experts to see what they thought about the new technology, and how it might come into play in court cases.
Can law enforcement force you to open your iPhone X with your face?
In some cases it's possible that law enforcement could compel you to open your iPhone X with your face, but legally, they will always need a warrant first. The landmark 2014 Supreme Court case Riley v. California ruled on Fourth Amendment grounds that cops need to obtain a warrant in order to search your device, even if it's protected with biometric locks.
"There's no question at all that at least within the United States that law enforcement needs to get a warrant on probable cause to get you to open your phone," Nate Cardozo, a senior staff attorney at the Electronic Frontier Foundation (EFF) told me over the phone. At the border, on the other hand, authorities have far more leeway, though that authority is currently being challenged.
The situation gets tricky when it comes to the Fifth Amendment, which, in part, protects you from "self incrimination." This is the what gives you the right to remain silent when you're arrested.
When it comes to your cellphone, courts disagree about exactly what self-incrimination means. They've generally ruled that they can't compel you to give up your password, but that giving up your fingerprint, like with Touch ID, is a not a form of testimony. Therefore, it's not subject to Fifth Amendment protections. The same could probably be argued about your face.
"Typically in a Fifth Amendment analysis, the government can compel you to produce passwords and signatures (and even blood) but not engage in a 'testimonial act' (spoken words) that might incriminate you," Marc Rotenberg, the president and executive director of the Electronic Privacy Information Center (EPIC) told me in an email. "Under a traditional analysis, you could likely be required to open your phone with your face because it is not a testimonial act."
Courts have disagreed over how to interpret the Fifth Amendment, however.
"The Fifth Amendment is really slippery...this is a very unsettled area," Brett Max Kaufman, a staff attorney at the American Civil Liberties Union's (ACLU) Center For Democracy explained on a phone call. The debate is still very much undecided over whether unlocking your phone with a password or biometrics—like a face—should count as identification or testimony.
"Our argument has been in these cases that when you decrypt data [by opening your phone] you're transforming the information and you're doing it with a translation that's your own," Kaufman told me. "We think that raises to the level of being testimonial under the Fifth Amendment."
Another scenario is one where your iPhone is already in police possession, say through a previous lawful search and seizure. In that case, "they might be able to hold it up to your face identifying you as the user or owner of the phone without running into legal hurdles," Ahmed Ghappour, an expert in criminal law and computer security and an associate professor of law at Boston University told Motherboard over Twitter DM. "Though I suspect that they would have obtained a search warrant in advance."
Another, more abstract consideration is that courts have generally said we don't have a "reasonable expectation of privacy" to our faces. There's "lots of legislation on the books protecting fingerprints, but not a similar body of legislation recognizing that our face is a biometric," Clare Garvie, a lawyer and an associate at the Georgetown Law School Center on Privacy & Technology, where she researches face recognition use by law enforcement, said on a phone call.
Is Face ID different, from a legal standpoint, than Touch ID?
From a legal perspective, Touch ID and Face ID are very similar. Face ID is "not much different from TouchID," Orin Kerr, a research professor at George Washington University Law School and the Director of the Cybersecurity Law Initiative told me in an email.
"From a legal perspective, I don't see any difference," Cardozo said. "The legal analyses that apply to Touch ID apply to Face ID."
One difference, though is that, well, you only have one face. With Touch ID, you could use an unusual finger, like your pinky, and if law enforcement tried to compel you, the phone would lock after they tried five of your fingers. "So those sorts of run arounds to make it harder to unlock the phone aren't available if it's using our face," Garvie said.
How have courts ruled in cases involving Touch ID in the past?
Generally, as mentioned above, courts have ruled that with a warrant, cops can compel you to give up biometrics like fingerprints. In the very limited amount of cases where Touch ID has come into play, fingerprints have often been viewed as a form of identification, and aren't protected by the Fifth Amendment in the same way that a passcode would be.
In 2014, a Virginia judge ruled that police can force people to unlock their devices using their fingerprints, and two years later, in a case originally reported by Forbes, a judge in the District Court in the Central District of California issued a warrant to allow cops to use a person's fingerprint to open an iPhone.
The issue is still murky, however. Earlier this year, a federal judge in Illinois denied a warrant demanding that everyone in a Lancaster, California, building attempt to unlock an encrypted phone with their fingerprint. The judge ruled that the warrant application did not establish sufficient probable cause, and raised Fifth Amendment concerns.
What are the biggest privacy concerns with Face ID?
The biggest concern is that the technology could be easily spoofed, the way that the Galaxy S8's was. But the experts I spoke to said they were impressed (at least initially) with how Apple designed Face ID. "My sense is that this is something they have actually thought very carefully about," Garvie, the lawyer from Georgetown, told me
"Instead of using a two-dimensional sensor that can be fooled with a static image or a video, the Apple system uses a number of sensors...which essentially captures a 3D face image..this makes the system a lot more secure."
Another concern is that the tech won't work very well, at least at first. "I would suggest that it's more likely we will see errors not allowing the correct person in as opposed to letting the wrong person in," Garvie told me. "It could be an access issue."
That problem seemed especially real on Tuesday, when during a demonstration of the Face ID tech, Craig Federighi, Apple's senior vice president of software engineering, couldn't get it to work.
Are there ways Face ID could be used to create facial recognition databases? Or that the underlying technology could be used to enhance already-existing surveillance techniques?
Face ID likely couldn't be used to create facial recognition databases. Similar to Touch ID, the map of your face is stored locally on your phone, not on Apple's servers, just like your fingerprints are. Which is good for privacy: It means Apple doesn't have a database somewhere of everyone's faces.
Still, as was demonstrated at the event on Tuesday, Apple plans to use the facial recognition tech for other applications, like Apple Pay. "How that information is actually shared is sort of an open question," Garvie told me.
Apple has a track record of protecting privacy that other manufacturers don't have. Is there an obvious privacy argument for moving to Face ID over Touch ID? Should we give Apple the benefit of the doubt?
As Apple explained when it unveiled the iPhone X on Tuesday, Face ID is technically much more secure than Touch ID. Touch ID had a 1 in 50,000 chance of unlocking with the wrong fingerprint, Face ID has a 1 in 1,000,000 error rate, according to Apple.
"Facial recognition should be a step forward for user privacy and security," Rotenberg, from EPIC, told me. "The key with the iPhone is that FR [facial recognition] aligns with the user's interest in robust authentication. That is good for the consumer."
Could a 3D-printed mask spoof the iPhone X's FaceID technology?
We don't know yet, and likely won't until the device gets into researchers hands in about a month. "It remains to be seen if a mask could be used to fool it or really clever makeup," Garvie said.
I want to use Face ID. But I also want my device to be as secure as possible. Is there anything I can do?
Yes, Apple has built a new feature into iOS 11 (which will be released to the public next week) that makes using biometrics on an iPhone more secure—both for fingerprints and faces. In iOS 11, when you push the power button five times rapidly, Touch ID or Face ID is disabled. It also brings up an option to call emergency services.
The new feature is a more more streamlined way to disable biometric security protocols than those available previously (like restarting the device). It likely was not designed with law enforcement in mind, but to make biometrics more secure—because now you can easily revert back to needing to enter a passcode to unlock your device.