Apple responds to iPhone X Face ID privacy concerns but dodges law enforcement request query
One of the undeniable highlights of Apple's iPhone X is Face ID -- the face recognition technology that makes it possible to unlock a phone with a glance. While exciting and impressive, many people have security and privacy concerns about the feature, and last month Senator Al Franken wrote to Apple asking a series of questions and outlining his worries.
Apple has now responded to Franken, just ahead of the launch of the iPhone X in a little over two weeks. The company points to a series of documents that have already been made public, but also goes on to provide some detail about how Face ID data is stored and used.
See also:
Apple says that the information it has already made available answer all ten questions posed by Senator Franken. Nonetheless, the company goes on to provide a little more detail for the sake of clarity, and presumably in the hope that it will put privacy concerns to bed once and for all.
The company addresses concerns that data relating to Face ID might be stored in the cloud where it could be accessed by hackers:
Face ID data, including mathematical representations of your face, is encrypted and only available to the Secure Enclave. This data never leaves the device. It is not sent to Apple, nor is it included in device backups. Face images captured during normal unlock operations aren't saved, but are instead immediately discarded once the mathematical representation is calculated for comparison to the enrolled Face ID data.
There have also been concerns about the access third party software might be given to Face ID data in case this posed a security risk. Apple says:
Third-party apps can use system provided APIs to ask the user to authenticate using Face ID or a passcode, and apps that support Touch ID automatically support Face ID without any changes. When using Face ID, the app is notified only as to whether the authentication was successful; it cannot access Face ID or the data associated with the enrolled face.
Apple has stated that the neural networks used to identify users with Face ID were trained through the use of over a billion images of people. Senator Franken and others have voiced concern about where these images came from. Apple does not give much detail here, but says the images were obtained "in studies conducted with the participants' informed consent."
The company's response also addresses concerns that have been voiced about racial diversity, and Face ID's ability to identify people of different races, ages and genders:
We worked with participants from around the world to include a representative group of people accounting for gender, age, ethnicity and other factors. We augmented the studies as needed to provide a high degree of accuracy for a diverse range of users.
In his letter, Senator Franken had asked: "How will Apple respond to law enforcement requests to access Apple's faceprint data or the Face ID system itself?" Apple failed to provide a response to this query.