From the moment Apple started to talk about Face ID, there were concerns voiced about privacy and security. It's not just security experts and potential users who have these worries; Senator Al Franken has written to Tim Cook asking for details about the safeguards Apple has put in place to protect users.
On top of this, Franken wants to know more about how Apple trained the Face ID algorithm, and seeks assurances that third parties will not be able to access or be granted access to Face ID data.
In a letter dated September 13, Senator Franken says: "As I have previously highlighted in communications with Apple regarding Touch ID, there are significant differences between the privacy and security of passwords versus that of biometric data, such as fingerprints and faceprints. Unlike a password, an individual's faceprint is permanent, public, and uniquely identifies its owner."
He goes on to say:
As a result, should a bad actor gain access to the faceprint data that Face ID requires, the ramifications could last forever, particularly if Apple's biometric technology comes to be used in other devices and settings. Furthermore, Apple itself could use the data to benefit other sectors of its business, sell it to third parties for surveillance purposes, or receive law enforcement requests to access it facial recognition system -- eventual uses that may not be contemplated by Apple customers.
Calling for transparency from Apple, Senator Franken seeks reassurance that the locally stored Face ID data cannot be extracted from an iPhone X either by Apple or a third party, remotely or locally. He also wants to know whether Apple would consider storing such data in the cloud in the future.
He asks where Apple obtains the one billion images the company said it used to train Face ID, and how racial, gender and age diversity, and bias protection is ensured. Another question asks Apple to explain how it is protecting users against photographs or masks being used to fool Face ID, and seeks confirmation that facial data will never be used for anything other than Face ID tasks.
Franken also asks:
But perhaps the most pressing question -- particularly given requests from law enforcement agencies in the past -- is "How will Apple respond to law enforcement requests to access Apple's faceprint data or the Face ID system itself?"
Franken requests that Apple responds to his questions within a month.