Customers who shell out $999 for an iPhone X when it comes out in November will have a new party trick in their pockets: They’ll be able to unlock the phone with nothing more than a quick glance at the screen. When they look away, it will lock up again.
When new features like this one, which Apple is calling Face ID, make it easier to unlock a phone, they save time; Apple says iPhone users unlock their phones an average of 80 times a day. But make it too easy to get into a phone and people start to get nervous.
Apple executives emphasized the security of Face ID as they announced the latest generation of iPhones on Tuesday. Once a phone learns to recognize its owner, using a 3-D map made up of more than 30,000 infrared dots projected onto a person’s face, it’ll only unlock itself when it senses that the owner is looking straight at the device. The map can’t be fooled by photos or masks, said Phil Schiller, Apple’s senior vice president for marketing, at Tuesday’s event, and it’s stored locally in a secure part of the device. Locking the phone just requires closing your eyes or glancing away, so waving a phone in front of its sleeping owner won’t unlock it.
Even if Face ID is advanced enough to keep pranksters out, many wonderedTuesday if it would actually make it easier for police to get in. Could officers force someone they’ve arrested to look into their phone to unlock it?
That’s a question with no easy answer. Technologists had a similar question a few years ago when smartphones started rolling out fingerprint readers: Could cops make someone scan their thumbprint to unlock their phone? The answer, it turned out, is ... maybe. In several cases since 2014, state and federal judges have signed search warrants that compelled fingerprint unlocks. The Fifth Amendment protects people from having to give up information that could incriminate them, like a password or PIN code. But a thumbprint isn’t something you know, which would be protected by the Constitution; it’s something you are. Like DNA or your handwriting, physical attributes are usually considered outside the boundaries of Fifth Amendment protections.
Despite the judges’ decisions, some legal scholars disagree with the idea that the government should be able to use a search warrant to force people to unlock phones secured with biometric authentication, which relies on physical characteristics. The fact that a physical attribute is used for unlocking a device changes how it should be treated under law, the argument goes.
“When you put your fingerprint on the phone, you’re actually communicating something,” Albert Gidari, the director of privacy at Stanford University’s Center for Internet and Society, told me last year. “You’re saying, ‘Hi, it’s me. Please open up.’” That communication should be protected under the Fifth Amendment, just like a password, he said—and the same would hold for any other way of unlocking your phone using physical characteristics, including facial recognition.
Whether law enforcement could legally get someone to unlock their phone with their face will remain an open question until it’s been litigated. Presumably, this uncertainty wouldn’t be the deciding factor for most people buying the new phone, especially those who are already comfortable using their fingerprints to unlock their devices. (It’s far more likely the deciding factor would be the phone’s nearly four-digit price tag.)
In fact, the most meaningful changes in Apple’s digital security won’t arrive with its new flagship phone, but with iOS 11, the company’s new mobile operating system, which will be available for free next week on newer iPhone models.
With this upgrade, users will be able to click the power button five times fast to enter an emergency mode, with options to make an SOS call or display a medical ID. It also disables the fingerprint reader, immediately requiring a password to get back into the phone. (In the past, disabling Touch ID required restarting the phone, or waiting 48 hours.) It’s not clear yet whether emergency mode will also disable Face ID, but it seems likely that it would. And since constitutional protection for passwords is set in stone, those five clicks would quickly move an iPhone user out of the gray area of biometrics.
A second change, which was discovered last week by ElcomSoft, a Russian cybersecurity company, adds a simple step when a person connects their device to a computer. Before, the phone only required a user to unlock it—which could be done with a fingerprint scan—and then tap “trust” to establish a connection. Now, the process requires the user to enter the phone’s PIN or passcode, again avoiding the legal gray area.
This extra layer of protection may be especially useful at the U.S. border, writes Nicholas Weaver, a computer-security researcher at the International Computer Science Institute in Berkeley, in Lawfare. Taking advantage of a broad exception at the border to the Fourth Amendment, which protects against warrantless searches, border agents regularly look through passengers’ devices as they enter or even exit the country. Often, they copy the entire contents of a device to a computer using forensic software, where they can scan it thoroughly for keywords or contacts.
But at the border, the Fifth Amendment also isn’t always honored the way it would be elsewhere. Agents have shown that they’re more than willing to ask passengers for their phone PINs, which would nullify the protection of iOS 11’s extra password prompt.