Along with its announcement of the iPhone X, Apple revealed that a new technology would be utilized by users to unlock their phones. Due to the lack of a button, Apple’s Touch ID software could no longer be used, thus Apple introduced Face ID. Users will now simply need to look their phone in the eye, swipe up on the display, and then they can go about their business. The privacy concerns about this technology became apparent immediately, and they are two-fold. There is the privacy one expects between oneself and other private individuals, and there are the privacy expectations one has against government intrusions into his or her private affairs. While Apple’s Face ID technology is not necessarily new (Android has had facial recognition software since as early as 2012), it is certainly the most secure in terms of privacy concerns amongst private individuals.

A brief overview of evolution of this facial recognition technology will help to show why Apple is excelling in providing its customers security against intrusions from other private individuals. Android first released the ability to unlock one’s phone through facial recognition in version 4.0, Ice Cream Sandwich. All this software did was store data points collected from a picture of one’s face within the phone and then compare a new picture with the stored data points. This technology was very limited security-wise, though, as it was possible to fake credentials (“spoof”) with nothing more than a printed picture of the phone owner’s face.

Next, Samsung released iris scanning with its Galaxy Note 7 in 2016, which greatly enhanced the security offered by facial recognition unlocking technology. Iris scanning uses infrared lights to store data points from the phone user’s iris (which is more individualized than one’s own fingerprints) within the phone, and then compare new scans against these data points much like the initial Android technology did. In order to spoof this technology, however, one would need an incredibly high resolution photo of the phone owner’s eye, and a contact lens to simulate the curvature of the eye ­– something a potential intruder is highly unlikely to possess. Where Samsung’s technology offered increases in security, it decreased efficiency because there is a very limited sweet spot wherein the phone can accurately scan the user’s iris. Apple has been able to maintain the security of Samsung’s technology while also keeping the efficiency of the early Android technology.

Apple’s Face ID technology makes use of an infrared scan of the phone user’s face similar to Samsung’s facial identification software, but instead of being limited to the iris, it captures the phone user’s entire face. The infrared floodlight marks the edges of the user’s face such that an outline and the curvature of the face are recorded as data. Any time the user attempts to unlock the phone, another infrared floodlight is flashed upon the user’s face and the data points are then considered against the points stored within the phone to authenticate access. Likely the only means by which a phone thief would be able to fake Face ID is by having a lifelike 3-D rendering of the phone owner’s head, which is even less likely than having the necessary spoofing materials to bypass Samsung’s facial recognition software.

While Apple can tout that its facial recognition software offers the highest possible security to date against intrusions from other private individuals, no matter what technological innovations it makes, it will always be on the same level as its competitors when it comes to privacy intrusions by the government.

The most pressing issue when it comes to government intrusions within one’s phone is whether the government can compel someone to unlock his or her phone after obtaining a lawful warrant to search the phone. The issue implicates the Fifth Amendment rather than the Fourth Amendment, which has yet to be determined by the courts, despite the fact that this technology has been available since 2012. Specifically, the Fifth Amendment issue is whether using whatever biometrics (fingerprints, voice sample, DNA samples, and possibly one’s face) that protect a user’s phone can be considered testimonial. Testimonial evidence is that which can be considered to reveal the contents of one’s mind. Proponents of the testimonial view of biometric protections argue that biometrics such as Face ID translate formerly unintelligible data into evidence of the contents of the user’s mind. These protections would be inherently testimonial, thus garnering Fifth Amendment protection. To the contrary, those arguing that these biometrics should not be considered compelled testimonial evidence analogize to the collection of fingerprints and blood—both of which the Supreme Court has already considered nontestimonial. As it stands, this issue is limited to the realm of academic debate. With the popularity that Apple will bring to this technology, however, it is almost certain that courts will need to decide this question in the near future.

Chris Burkett

Tagged with:

Comments are closed.