Facial recognition is, in general, a huge privacy risk. Does this mean we should be concerned when using facial recognition as a form of authentication on private devices?
The answer is, probably not. Let’s consider Apple’s Face ID.
For most people and in nearly all cases, using Face ID is secure, extremely private, and actually one of the best uses of the technology. Face ID avoids the two largest risks of facial recognition; it won’t contribute your photo or face (or more specifically the mathematical description of your face) to any databases that will be used for any other purpose, and it can’t be used for any purposes other than unlocking your phone or specific apps on your phone. Nobody is going to use Face ID technology or data to identify you when you’re lingering at the news-stand or to figure out who you’re having lunch with in a restaurant.
These safeguards are true not because the technology isn’t capable of being used for dangerous purposes, but because it’s been built by Apple, they have strictly limited how and where the technology can be used, and how the data is managed and protected. Essentially, Apple’s strong pro-privacy policies protect Face ID from being misused.
Personal facial recognition is not the same as corporate or federal facial recognition
There’s a big difference between the use of facial recognition (FR) technology to authenticate access to a personal device (all the data stays on the device) and the use of FR technology on a widespread level. FR technology has been used to identify individuals in a crowd, to obtain a search warrant for an investigation, as part of boarding in an airport, and even to identify suspicious individuals as they enter stadiums, concert halls, or buildings.
When applied to such a widespread population and in public areas, privacy concerns—such as consent, opt-in/out options, and accuracy and biases—must be considered.
Those considerations don’t really apply when it comes to technologies like Face ID. That’s because iPhone users aren’t forced to use Face ID—they have other options to access their device. So consent and a clear opt-out option are present. And the FR technology is using a database of one—your own face. It’s not trying to identify you by cross-referencing thousands or millions of faces in its database.
This also means that a hacker can’t ‘hack’ into a central Face ID database and leak millions or billions of facial recognition data points. Apple hasn’t compiled such a database. Unfortunately, that’s a real risk to consider when it comes to the more traditional ways facial recognition technology is used. The FR technology they use at the airport, for example, adds your photo and facial recognition data into one at least one database, and we don’t know if that data is kept in other locations or if it’s shared with anyone else..
How Face ID works to keep your data secure
According to Apple’s own Face ID knowledge site, Apple has taken a few precautions to keep your information secure. It claims that your “Face ID data, including mathematical representations, are encrypted and protected with a key available only to the “Secure Enclave,
a hardware-based key manager and processor that lives outside of the iPhone’s main processor (the chip powering the phone’s technical capabilities). The Secure Enclave is designed solely for privacy and security. For a more thorough (and technical) explanation, visit this page.
Face ID’s technology is also built to evade spoofing, using techniques like detecting when your eyes are open and when your attention is directed towards Face ID.
Your Face ID information stays on your device and doesn’t get backed up to iCloud. Data will only leave the device if you want to send diagnostic info to AppleCare—you can opt to review and approve the data before it’s sent.
Third-party apps that use Face ID for authentication cannot access the associated Face ID data. The apps are only told that the authentication is successful. This is extremely important to ensure your biometric data isn’t accessed or collected by third-party apps.
Can law enforcement access your data through Face ID?
As this Wired article details, law enforcement can force you to unlock your phone with Face ID. Essentially, the Fifth Amendment protects you if you have a passcode on your device, as giving up your password is tantamount to self-incrimination. However, Face ID as a form of authentication isn’t protected in the same way.
There’s no single law that directs whether or not law enforcement can force you to unlock your phone, so if you’re in a situation where your phone is relevant to an investigation, you may be forced to unlock it if you have Face ID enabled. However, many iPhones have a feature that allows you to quickly disable Face ID—for whatever reason. Here’s an article that shows you the different ways you can do it.
The verdict? Face ID is good for privacy
Given the core architecture and then layers of additional protection that have been added, we think Face ID is a strong, secure, and privacy-friendly form of security. The fact that the information never leaves your device and isn’t accessible to third-parties means there doesn’t appear to be any way for bad actors to potentially intercept the data or even get your Face ID data by way of Apple’s servers.
Even if your device is somehow compromised, it wouldn’t be an easy task for someone to get your Face ID data, given that it’s stored via the Secure Enclave.
The only possible downside or risk based on Face ID that as mentioned above, law enforcement may use it to gain access to your device without your permission. But as highlighted, that’s not important for everyone and there are protective measures available.
So if you use Face ID, or are considering it, go for it—it’s safe, secure, and practical enough for us to recommend it.