recommended reading

Five Privacy and Security Concerns About Apple’s New FaceID Facial Recognition

Phil Schiller, Apple's senior vice president of worldwide marketing, announces features of the new iPhone X at the Steve Jobs Theater on the new Apple campus on Tuesday, Sept. 12, 2017, in Cupertino, Calif.

Phil Schiller, Apple's senior vice president of worldwide marketing, announces features of the new iPhone X at the Steve Jobs Theater on the new Apple campus on Tuesday, Sept. 12, 2017, in Cupertino, Calif. // Marcio Jose Sanchez/AP

Apple on Tuesday (Sept. 12) unveiled its new FaceID facial recognition technology for the iPhone X—the successor to the iPhone TouchID fingerprint scanner. The company says FaceID is 20 times more secure than TouchID, and can be used for unlocking apps and using ApplePay.

Still, this kind of technology (which you can read more about here) raises a lot of questions. Here’s what we’re wondering:

Where will the data be stored?

Apple has traditionally stored biometric data on its Secure Enclave, which is like a separate encrypted computer on your phone. If the data is only held on your iPhone, its far safer than in the cloud.

What are the legal implications of opening your phone with your face?

Will police be able to use your face to unlock your phone without a warrant? Matthew Segal, a legal director for the Massachusetts ACLU, says it’s not yet lcear how this might work in practice. (I’m sure we’ll find out when the lawsuits start rolling in.)

What else will Apple use the data for, even if it’s just on our phones?

Apple executive Craig Federighi said that the sensors used for FaceID are also used elsewhere, like to track your face on Snapchat and to make Animojis. Will Apple also use that data to track which parts of an app you’re looking at, or to gauge your emotion when interacting with the phone?

Who else will have access to those sensors?

Will apps not made by Apple be able to tap into FaceID to authenticate who you are, and could other developers access that to collect advertising metrics? Emotional feedback and predicted interest in content could be valuable data for advertisers, but would also essentially turn your phone into a spying tool for any app you use.

Does facial recognition this effective really make sense in real-life scenarios?

Say someone snatches my phone out of my hand, points it at my face to unlock, and then runs away? What happens if someone gets in an accident and can’t use facial recognition? What weather and lighting conditions does it work in, realistically? What issues have we not anticipated, because mobile facial recognition isn’t widespread?

We’ve reached out to Apple with ours, and will update if they respond with meaningful comments.

Threatwatch Alert

Software vulnerability

Apache Bug Could Leak Data

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov