Apple Says New “Face ID” Makes iPhones More Secure; Just One Problem

It’s that time of year: Apple has just unveiled its latest iPhone models, the fanciest (and most expensive) being the new iPhone X. It has all sorts of fancy features, including a new glass body, an HDR color screen, revamped touch-gesture controls, more sophisticated cameras…and a new security feature that could carry an unexpected downside.

Current iPhones use Touch ID — pressing the owner’s fingerprint to the Home button — to unlock and be used instead of passwords for certain functions. The iPhone X, however, is replacing Touch ID with Face ID, which is exactly what it sounds like:

Touch ID support has also been removed in favour of Face ID, which Apple promises is fast, accurate, and highly secure. Where Touch ID had a duplication rate of 1 in 50,000, Apple claims Face ID has a one in one million chance of being triggered by another face, and has been specifically engineering to not be fooled by photos or even three-dimensional masks. The FaceID system works in combination with an advanced front-facing “TrueDepth” camera system and the A11 Bionic neural engine that can handle 600 billion operations per second with real-time processing.

So what’s the problem? Well, according to Noah Kulwin at Vice News, there’s a pretty significant privacy concern to go with the iPhone X and its thousand-dollar price tag:

Groups like the Electronic Frontier Foundation have generally praised Apple’s privacy technology and resistance to law enforcement intrusion, even when it comes to facial recognition. But when Samsung introduced a comparable feature earlier this year, legal analysts said that the rights that courts traditionally afford to someone for their passcode-protected content might not apply to information that can be unlocked by facial recognition technology.

Say what? How can that be? That link goes to an April 2017 report from Adi Robertson at the Verge, who explains:

The Fifth Amendment, which protects people from having to incriminate themselves, holds that passwords or passcodes are “testimonial” evidence. In other words, you can refuse to give up your PIN because doing so would mean answering a question based on the contents of your thoughts, not providing a physical piece of evidence. But as early as 2013 — the year Apple announced its Touch ID sensor — security experts were warning that fingerprints wouldn’t fall under this rule. So far, this theory has held up. A Virginia judge let police use a fingerprint to unlock a phone in 2014, and similar requests were granted by other courts in 2016 and 2017.

“The self-incrimination analysis for biometric and face scanning would be the same as for Touch ID,” says Jeffrey Welty, a law and government professor at UNC-Chapel Hill. “Standing there while a law enforcement officer holds a phone up to your face or your eye is not a ‘testimonial’ act, because it doesn’t require the suspect to provide any information that is inside his or her mind.”

The principles of liberty don’t change over time (despite the claims of living-constitution liberals), but technological changes inconceivable to the Founders’ era can change how those principles are applied to certain situations. However, this is why society can’t depend on the judiciary as the sole arbiters of privacy issues like this. Instead of leaving ourselves at the mercy of a convoluted web of case law, statutes can be written and amended to unambiguously identify new forms of device locking as affirmative efforts to protect one’s information that carry a reasonable expectation of privacy.

Are you interested in an iPhone X, and if so, does this news change your mind? Let us know in the comments!