Apple's annual September hype event always builds up to the reveal of a stunning new type of technology. This year's was an entire additional phone, the iPhone X, and its new facial recognition tech Face ID, which reads your face before unlocking your phone. With the exception of identical twins, the tech seems to work well. But what kind of privacy concerns does the AI behind it raise?
Technology experts at NextAdvisor.com have taken a deep dive into the new face recognition of the iPhone X, examining how it works, what sets it apart from past phone tech and what privacy implications it surfaces. I talked with NextAdvisor.com's Michael Osakwe to ask him whether you should be using the new technology.
How does the iPhone X face recognition work?
Consumers just need to know a few bullet-points in order to understand how Face ID functions. One of the more important factors: It's attention-based, meaning it only works when your gaze is on the phone. If your eyes are closed while you sleep, or if you're being forced to look at it, the phone won't open.
Another big revelation: Face ID creates a mathematical representation of the user’s face, meaning the phone doesn't store a security image, and there's no database of Apple users' faces somewhere out on the cloud.
“Face ID has depth perception,” Michael explains, “meaning it creates a depth map of your face while its infrared scanners also create an infrared image – some experts suspect this is to help Face ID distinguish between something like a facial mask or mold imitating your face. This level of complexity means it’ll likely be more difficult to crack than existing smartphone facial recognition systems, such as the Samsung S8, which was fooled by a picture before its update.”
Face ID uses two neural networks. One recognizes your face despite a wide variety of complications — different lighting, different facial hair, different jewelry — while a second one is defensive, fighting off attempts to spoof or replicate the image in order to access your phone.
“Face ID, like the existing Touch ID, has its data stored in the ‘secure enclave,' a system isolated from iOS with its own storage and memory. This means that software on your phone can’t access any data stored here and that this system has to be physically tampered with in order for its data to be taken. Apple doesn’t even send data in the enclave to its cloud servers.”
The bottom line: There's just a one-in-a-million chance that a stranger’s face could unlock your phone.
How is it different from other phone technologies?
Face ID represents a step forward in unlocking technology… and in letting neural networks influence our lives.
“Earlier implementations of smartphone facial recognition didn’t seem to have hardware dedicated solely to the function. As such, things like attention-based/gaze-based activation, neural networks and infrared mapping are new, unique and far more robust than any previous facial recognition features.”
What are the privacy implications here?
Face ID appears to be a secure biometric system for the average individual — after all, Apple is rolling out to everyone. However, certain “more speculative and long-term concerns” have privacy and security proponents like Michael a little concerned. First of all, it's always on.
“Because Face ID is attention-based, much like voice recognition systems, this means some aspect of the technology has to always be on. Some are creeped out by the idea of facial recognition system potentially scanning everything it sees, which seems like a legitimate concern.
“The increasing usage of biometrics for consumer security will likely reignite the Apple vs. FBI debate. Some also fear that easy-to-use biometric systems, like Face ID, might wind up being used against consumers if they’re put into situations where they’re unable to act quickly enough to disable Face ID and are compelled to unlock their phone against their will.”
In short, just the process of normalizing facial recognition tech could open the door to government overreach or advertising hyper-targeting, a point Edward Snowden has made in the past.
How infallible is Face ID and its single point of failure after all?
But an entirely different secondary concern centers on whether the facial recognition tech will prove itself as infallible as it claims to be. Could makeup artists pick up a second career as face forgers?
“Although Apple says it’s worked with Hollywood makeup and design artists to tests its systems against spoofed faces, it’s getting frighteningly easier to create facial molds and models. For example, in 2013, artist Heather Dewey-Hagborg created an art exhibit using residual DNA from leftover hair and other artifacts to 3D print the faces of strangers. Her exhibit was created to demonstrate the amount of information we tend to leave behind and how we’ll need to carefully guard it from the surveillance systems of the future. With 3D printing and DNA phenotyping becoming more common, the long-term viability of facial recognition as a security measure is at the very least questionable.”
Worse, Face ID has a single point of failure, your face. Should you lose to mathematical model that the tech relies on to a hack, you can't exactly change your face like you can a password.
So, given all that, should our readers be using this new technology?
What's the bottom line? It's a mixed bag, according to Michael.
“Because so many of the concerns surrounding Face ID are speculative, it’s extremely difficult to say. While it’s likely that individuals using Face ID will make their devices more secure, in a broader sense, an argument could be made that the privacy implications of introducing this technology for society as a whole are currently unknown.”
But while you're waiting to find out how strong a shadow facial recognition will cast on privacy concerns around the globe, maybe get to know a makeup artist or two. Hey, it can't hurt.
Read more about the future of privacy here at TechCo