On Tuesday evening, the world watched in awe as Apple’s great technological circus unveiled its latest offering – a new iPhone. These slick, theatrical launches for which Apple has become known included a new feature – FaceID, or facial recognition software – to allow a user to unlock their phone simply by looking at it.
Embarrassingly, the feature did not work at first. Regardless, the existence of this facial recognition technology on the new iPhone has provoked a wave of anxiety over the potential for ‘compelled unlocking’. The idea is that you could be forced to use your face to unlock the phone, completely undermining any privacy and security protections. The concerns are similar to those raised when fingerprint technology was unveiled as standard in iPhones in 2013.
This revelation over the use of facial recognition as a tool to unlock your phone might come as a surprise to those who use Google’s Android phones, considering that the Android system has been running its own version of facial recognition technology, ‘Face Unlock’, since 2012. This was supposedly ‘state of the art’ facial recognition technology, but relied on fairly simple image recognition.
The Android-running Samsung Galaxy Note 7 – when it wasn’t spontaneously combusting – also had a facial unlock feature, which has been continued into more recent versions. However, videos have surfaced of users easily fooling the unlock feature by merely using 2-D pictures of themselves, videos, or even 3-D face replicas. So not ideal for personal privacy or security. Even Google officially recognises that Face Unlock, or ‘Smart Lock’ as the feature is now known, is ‘less secure’ than using a PIN or password.
The technology behind the Apple version of facial recognition differs from Google and Samsung’s technology, as it uses infra-red system to identify tens of thousands of tiny details of your face in order to map a 3-D image of your face. This is supposedly extremely hard to fool compared to the simpler image recognition – Edward Snowden tweeted that it appeared ‘surprisingly robust’. Apple says that even wearing a hat, glasses, or changing your hairstyle will not fool its FaceID. Perhaps the new equivalent security policy should be to go in for plastic surgery every 90 days.
Apple has said it won’t send face-print data to the cloud, so the data stays on your phone. The indication is that, like Touch ID, the data is hashed (turned into incomprehensible code) and then stored on the phone’s security chip, which means it would be almost impossible to hack into it and then reconstruct a face from the data.
For those who have questioned the ease with which someone else may easily unlock your phone by holding it in front of your face – for example the police (without judicial approval), or perhaps an abusive partner wanting to know who you are communicating with, where you are going and what you are doing online – Apple have included a ‘panic disable’ feature. This enables you to press the side or power button 5 times to disable the biometric features – facial and fingerprint recognition.
Of course, the easiest way to avoid any of these issues is just not to use facial recognition technology on your devices – and use proven security measures, such as a PIN or a password, which can, for the time being at least, still be used on the new iPhone’s. The question is one for the individual user – in using facial recognition technology on your devices, are you happy to trade convenience for security?
However, what this move by Apple shows is that facial recognition is going mainstream, and will become normalised as a process of living in a connected world.
The fact that facial recognition is being sold as a tool for personal security is one thing, but the fact that we see it being rolled out by the police as a tool for surveillance shows that it is a technology which has conflicting benefits: security and privacy on one hand, security by surveillance on the other.
This raises complex moral and ethical questions which need to be discussed sooner rather than later, before our face is used for purposes outside of our control.