{"id":34607,"date":"2017-10-05T14:30:49","date_gmt":"2017-10-05T03:30:49","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=34607"},"modified":"2017-10-05T10:50:36","modified_gmt":"2017-10-04T23:50:36","slug":"apple-face-id-and-privacy","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/","title":{"rendered":"Apple, Face ID and privacy"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"450\" class=\"size-full wp-image-34614 aligncenter\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/10\/999787816_6887eb7048_o.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/10\/999787816_6887eb7048_o.jpg 600w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/10\/999787816_6887eb7048_o-205x154.jpg 205w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n<p>I\u2019ve seen a number of <a href=\"https:\/\/hackernoon.com\/dear-apple-the-iphone-x-and-face-id-are-orwellian-and-creepy-bfca99c61fca\">crazy<\/a> <a href=\"https:\/\/www.wired.com\/story\/apples-faceid-could-be-a-powerful-tool-for-mass-spying\" target=\"_blank\" rel=\"noopener\">media <\/a>pieces arguing that Apple\u2019s Face ID technology has privacy implications and will enable government mass surveillance.<\/p>\n<p>I disagree, and I think there\u2019s a more sensible way to think about Face ID, phones and privacy.<\/p>\n<p>Smartphones contain a great deal of personal information that is worth protecting, but because they\u2019re so portable they\u2019re often lost or stolen. Ideally, a phone would work only for its legitimate owner and no one else.<\/p>\n<p>Fundamentally, the problem that PINs, Touch ID and Face ID are trying to solve is whether you are the phone\u2019s owner.<\/p>\n<p>Teaching an inanimate object how to recognise someone is a difficult problem. So in the smartphone world we\u2019ve relied on proxies for identity:<\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">something you know, such as a PIN or a password<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">some property of you, such as your fingerprint (Touch ID) and maybe now your face (Face ID).<\/span><\/li>\n<\/ul>\n<p>In the real world, we quite often use \u2018something we have\u2019 as an assertion of identity (for example, a passport, driver\u2019s licence or access card), but I\u2019m not aware of that being used for smartphone identification.<\/p>\n<p>All of these mechanisms are actually proxies for who you are, and don\u2019t necessarily guarantee anything. PINs and passwords are often forgotten but can also be shared, stolen or guessed. Fingerprints can be copied and <a href=\"https:\/\/web.archive.org\/web\/20170324173742\/https:\/blog.lookout.com\/blog\/2013\/09\/23\/why-i-hacked-apples-touchid-and-still-think-it-is-awesome\/\" target=\"_blank\" rel=\"noopener\">spoofed<\/a>. Identical twins and doppelgangers exist, and no doubt someone will spoof Face ID.<\/p>\n<p>One big advantage that biometric authentication methods such as Touch ID and Face ID have, to my mind, is that they directly address the question of who I am by looking at me. Authentication by PINs and passwords, by contrast, relies on arbitrary shared secrets that have absolutely nothing to do with me.<\/p>\n<p>In my own life I recognise people by looking at them and that seems to work out okay, so at first glance it seems at least plausible that facial recognition might be an acceptable way to arrive at identity.<\/p>\n<p>Assuming that the Face ID implementation is good enough for the average person\u2014that is, there\u2019s a low false positive rate (unlocking for the wrong person) and it\u2019s hard to spoof\u2014what are the implications for mass government surveillance?<\/p>\n<p>The most worrisome scenario is that governments would immediately be able to access all Face ID data instantly for all users. I don\u2019t believe that scenario: Face ID and Touch ID data is kept only on phones in Apple\u2019s Secure Enclave; Apple <a href=\"http:\/\/www.abc.net.au\/news\/2016-03-29\/us-authorities-crack-shooters-iphone-drop-apple-iphone\/7280598\" target=\"_blank\" rel=\"noopener\">fought government efforts<\/a> to get data from a single phone; and Secure Enclave hasn\u2019t publicly been hacked. Even if states have exploits, they are likely to be very high value and therefore not widely deployed because every time an exploit is used there\u2019s a risk of discovery.<\/p>\n<p>However, let\u2019s assume I\u2019m wrong and <em>all <\/em>smartphone data is accessible by governments. In that scenario governments already have your location, photos, messages, emails, chats, contacts and more. What extra information does Face ID provide? What other privacy concerns are there?<\/p>\n<p>Governments will have better models of the shape of your head and Face ID will make them more confident that you are actually in possession of your phone, at least compared to a PIN. It\u2019ll be easier for them to identify you.<\/p>\n<p>But there are limits. It\u2019s not clear that Face ID data would help pick you out of a crowd; Face ID will be optimised for authentication (Are you Tom? Yes\/no) rather than identification (Who is this person?).<\/p>\n<p>Remember also that governments potentially already have access to large datasets\u2014such as driver\u2019s licences, passports and mugshots\u2014that they already own and can use without the need to either compel Apple or somehow subvert Apple\u2019s infrastructure. Australia\u2019s federal government, for example, already has passport data and is reportedly <a href=\"http:\/\/www.9news.com.au\/national\/2017\/10\/03\/17\/58\/chris-uhlmann-pm-to-use-counter-terror-meeting-to-push-for-drivers-licence-photo-database\" target=\"_blank\" rel=\"noopener\">seeking access to driver\u2019s licence photos<\/a> from state governments for a national facial recognition database.<\/p>\n<p>Really, though, if you\u2019re concerned about mass surveillance and government access to smartphone data you should be throwing away your phone rather than worrying about the incremental privacy problems of Face ID.<\/p>\n<p>Personally, I\u2019ll wait and see how well Face ID is implemented when the iPhone X is released. If it works well as an authentication mechanism, I\u2019ll consider using it. But I won\u2019t worry about mass surveillance.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I\u2019ve seen a number of crazy media pieces arguing that Apple\u2019s Face ID technology has privacy implications and will enable government mass surveillance. I disagree, and I think there\u2019s a more sensible way to think &#8230;<\/p>\n","protected":false},"author":618,"featured_media":34614,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[1500,391,95,215,500],"class_list":["post-34607","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-apple","tag-cyber","tag-cyber-security","tag-privacy","tag-surveillance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Apple, Face ID and privacy | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple, Face ID and privacy | The Strategist\" \/>\n<meta property=\"og:description\" content=\"I\u2019ve seen a number of crazy media pieces arguing that Apple\u2019s Face ID technology has privacy implications and will enable government mass surveillance. I disagree, and I think there\u2019s a more sensible way to think ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-05T03:30:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-10-04T23:50:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/10\/999787816_6887eb7048_o.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tom Uren\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tom Uren\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/10\/999787816_6887eb7048_o.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/10\/999787816_6887eb7048_o.jpg\",\"width\":600,\"height\":450},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/\",\"name\":\"Apple, Face ID and privacy | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/#primaryimage\"},\"datePublished\":\"2017-10-05T03:30:49+00:00\",\"dateModified\":\"2017-10-04T23:50:36+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple, Face ID and privacy\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a\",\"name\":\"Tom Uren\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g\",\"caption\":\"Tom Uren\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/thomas-uren\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apple, Face ID and privacy | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/","og_locale":"en_US","og_type":"article","og_title":"Apple, Face ID and privacy | The Strategist","og_description":"I\u2019ve seen a number of crazy media pieces arguing that Apple\u2019s Face ID technology has privacy implications and will enable government mass surveillance. I disagree, and I think there\u2019s a more sensible way to think ...","og_url":"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2017-10-05T03:30:49+00:00","article_modified_time":"2017-10-04T23:50:36+00:00","og_image":[{"width":600,"height":450,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/10\/999787816_6887eb7048_o.jpg","type":"image\/jpeg"}],"author":"Tom Uren","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Tom Uren","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/10\/999787816_6887eb7048_o.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/10\/999787816_6887eb7048_o.jpg","width":600,"height":450},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/","url":"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/","name":"Apple, Face ID and privacy | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/#primaryimage"},"datePublished":"2017-10-05T03:30:49+00:00","dateModified":"2017-10-04T23:50:36+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/apple-face-id-and-privacy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Apple, Face ID and privacy"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a","name":"Tom Uren","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g","caption":"Tom Uren"},"url":"https:\/\/www.aspistrategist.ru\/author\/thomas-uren\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/34607"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/618"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=34607"}],"version-history":[{"count":9,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/34607\/revisions"}],"predecessor-version":[{"id":34626,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/34607\/revisions\/34626"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/34614"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=34607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=34607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=34607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}