Written by Joel Engardio for Tascent

Understanding the Concerns of Apple’s Face ID

The recent launch of iPhone 8 will make facial recognition technology a real, every day event for millions of people. Users can now simply look at their phone to unlock the device, instead of typing a password or using their fingerprint.

While Apple’s unveiling of the iPhone 8 had much fanfare, facial ID is not a new concept. Many companies have been working on facial recognition as a biometric to prove a person’s identity. And there have been plenty of news stories and Hollywood scripts that imagine what a future with facial biometrics will look like.

The popular culture fixation on facial ID over the years has caused some people to express concern about the concept. Without a tangible product on the scale of the iPhone for consumers to experience facial ID firsthand, fears about the technology have been left to conjecture for many.

But now that the iPhone 8 is in the world, and we’re confronted with facial recognition in a mainstream device, let’s look at the top facial ID concerns and see how they measure up to reality:

Could my facial image be stolen or end up in a Big Brother-like database?
With Face ID, the image of your face never leaves the iPhone. It isn’t stored in the cloud or on a server. Face ID for your phone will work much like Apple’s current Touch ID system, which stores a hashed version of your fingerprint on the phone. So the iPhone does not create a master database of facial IDs. The data is in the phone’s Secure Enclave. That is a chip, according to page seven of Apple’s iOS Security Guide, which is the most secure part of the phone — resistant to analysis at the circuit level. This is good news if you’re worried about hackers getting access to your facial image. There isn’t a central database of images to hack because your image only resides on your phone.

Can my phone be tricked into thinking it sees my face?
Someone won’t be able to unlock your phone by pointing it at you while you are sleeping because the system won’t recognize faces with eyes closed. What about using a photograph in place of your face? This is an issue in two-dimensional facial recognition systems. But Apple’s Face ID uses 3-D motion sensors. It also projects a grid of 30,000 infrared dots on your face to measure depth, so it won’t work with a photo.

What if a thief takes my phone and points it at me to open it?
Face ID doesn’t work unless you look directly and steadily into it with your eyes open. This would be hard to do if you’re being accosted by a thief. You’d need to be forced to stare at the phone. You can also disable Face ID by pressing the power button rapidly five times.

Could a police officer or court force me to look into my phone to get access to it?
While you have a Constitutional right (Fifth Amendment) to not give up the password to your phone, based on the protection of self-incrimination, it is unclear whether this will apply to an image of your face. You can opt to not use Face ID and stick with typing in a password if this is a significant concern.

What are the implications for facial recognition when I’m walking down the street?
As people get more comfortable with using facial recognition on their phones, they will be more relaxed about the technology when it’s used to keep them safe boarding airplanes or entering any location where security is needed. Some are concerned the technology could also be used by the government to identify protesters in a crowd. That could make people less comfortable exercising their First Amendment right of free speech if they are unhappy with the government on a particular issue. This is why sensible regulation of facial recognition technology, which might include user opt-in and removal, as well as a means to control how your biometric data is used, is important.