PINDROP BLOG

Senator Seeks Privacy Answers on Face ID

As tech enthusiasts pour over the design details of the iPhone X and swoon at the thought of a quarter-inch more screen space, some lawmakers are asking Apple for more details about the way the phone’s new Face ID authentication system works and what might be done with users’ faceprints.

Face ID is the biggest technical change in the new top-end iPhone model, replacing the Touch ID system, which relies on the fingerprint sensor in the home button. The iPhone X does away with the home button in favor of a larger screen, so Touch ID is gone, as well. Face ID uses a new, sophisticated camera system in order to create a facial map of the phone’s user, which is then used to unlock the device. Apple officials said the face map is stored in encrypted form on the phone and never leaves the device, so the authentication operation is all done locally and doesn’t involve Apple’s cloud servers.

“With Face ID, iPhone X unlocks only when you’re looking at it. It’s designed to resist spoofing by photos or masks. Your facial map is encrypted and protected by the Secure Enclave. And authentication happens instantly on the device, not in the cloud,” Apple says on the iPhone X site.

Still, the new system has raised some questions about the security and privacy of users’ facial maps, and Sen. Al Franken (D-Minn.) is among those looking for answers. Franken on Wednesday sent a letter to Apple CEO Tim Cook with 10 questions about the details of Face ID, specifically how the faceprint data is stored and what the data may be used for.

“Unlike a password, an individual’s faceprint is permanent, public, and uniquely identifies its owner. As a result, should a bad actor gain access to the faceprint data that Face ID requires, the ramifications could last forever, particularly if Apple’s biometric technology comes to be used in other devices and settings,” Franken said in his letter to Cook.

“Furthermore, Apple itself could use the data to benefit other sectors of its business, sell it to third parties for surveillance purposes, or receive law enforcement requests to access it facial recognition system – eventual uses that may not be contemplated by Apple customers. For these reasons, it is incumbent on Apple to provide as must transparency on this complex new technology as possible.”

In the letter, Franken asks Cook to clarify two important points about the way that Face ID data will be stored, and who could potentially access it:

a. Is it currently possible – either remotely or through physical access to the device – for either Apple or a third party to extract and obtain usable faceprint data from the iPhone X?

b. Is there any foreseeable reason why Apple would decide to begin storing such data remotely?

Apple officials said the facial map data is encrypted and stored in the Secure Enclave, a separate processor on the iPhone that handles key management and is the storage location for Touch ID data, too.

“The Secure Enclave provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised. Communication between the Secure Enclave and the application processor is isolated to an interrupt-driven mailbox and shared memory data buffers,” Apple says in its iOS security guide.

Franken also asks Cook how Apple will respond “to law enforcement requests to access Apple’s faceprint data or the Face ID system itself”. The way that Apple has described the operation of Face ID, this wouldn’t be an issue right now, as the faceprint is stored on the local device in encrypted form. Apple wouldn’t have the ability to grant access to those faceprints.

Image: Apple