My phone is a Google Pixel which I have a habit of dropping. A lot. In an attempt to keep it functional at least until the monthly payments are done, I’ve layered it up in a screen protector and a rubbery case. Somehow, I still managed to break the fingerprint sensor on the back, but that suits me just fine.
I know, I know — refusing to use a biometric login to my own encrypted device sounds like paranoid libertarianism. And maybe, at this point, it is. After all, the Obama administration’s high-profile fight to undermine encryption and the privacy protections it brings (against private criminals and government alike) ended in the feds essentially conceding defeat. Washington did not get an iPhone “master key,” and other tech giants, including Google, backed Apple’s stand for privacy.
Still, there’s good reason to think this issue is far from dead, and that the iPhone debacle was more about expanding federal authority than it was about real law enforcement aims. And that brings me to the iPhone X, Apple’s silly-expensive new phone that includes a new biometric login option: facial recognition.
FaceID is touted as a more secure option than the fingerprint login, TouchID. The technology is impressive, and its coupling with Apple’s encryption software is reassuring, but there’s no denying real risks to privacy. Deepak Dutt, who runs the tech security company Zighra and is optimistic about FaceID, describes two such risks at The Hill (emphasis added):
Apple appears to be addressing the common vulnerabilities in biometric authentication among current mobile devices. However, there are privacy concerns with respect to the need for the camera to always be turned on in order for these features to work. There is a question of what type of access third party apps — even Apple — have to the FaceID functionality and, ultimately, to one’s digital identity.
These features are just asking for exploitation, whether that be targeted surveillance, criminal activity or even companies creepily collecting data about our lives for marketing purposes. (The lengthy lists of terms and conditions on apps — which most of us don’t read — make the latter particularly plausible.)
There’s more cause for concern, too. Facial recognition has been fooled with 3D printed models of people’s heads, as well as animated 3D models on a screen. That’s doable because even the best facial recognition technology isn’t 100 percent accurate; back in 2013, for example, we learned a facial recognition software already in use by law enforcement was allowed to have up to 20 percent failure. Of course, the iPhone X’s FaceID is no doubt worlds ahead of that program, but that hardly means it’s perfect.
The most troubling implication to me, however, has to do with implications for encounters with law enforcement, which in our era of overcriminalization and mass spying is far more likely for the average person than scenarios in which someone is printing a 3D model of your head. As Jake Laperruque of The Constitution Project writes at Wired, it’s “possible police would be able to more easily unlock phones without consent by simply holding an individual’s phone up to his or her face.”
Laperruque also details the mass surveillance implications:
For the first time, a company will have a unified single facial recognition system built into the world’s most popular devices — the hardware necessary to scan and identify faces throughout the world.
Apple doesn’t currently have access to the faceprint data that it stores on iPhones. But if the government attempted to force Apple to change its operating system at the government’s behest — a tactic the FBI tried once already in the case of the locked phone of San Bernardino killer Syed Rizwan Farook — it could gain that access. And that could theoretically make Apple an irresistible target for a new type of mass surveillance order.
Again, Apple has been great about opposing this sort of federal intrusion in the past, but that is no guarantee it will continue to be able to resist Washington’s demands in the future.
Maybe caution about the iPhone X and similar biometric technologies is just paranoia. But in a post-Snowden world in which we already know our government wants to expand its biometric data collection, erring on the side of caution can’t hurt.