Apple’s X-Cellent Response to Sen. Franken’s Queries Regarding Facial Recognition Technologies
Recently, I wrote an article outlining the growing body of state legislation designed to address and mitigate emerging privacy concerns over facial recognition technologies. It now appears that the issue will be examined at the federal level. In September, Senator Al Franken of Minnesota, concerned that certain Apple technologies would be used to benefit other sectors of its business, as a “big data” profit center or to satisfy law enforcement agency requests, issued a series of pointed questions to Apple regarding its iPhone X’s FaceID. That letter included the following questions:
- Is it possible for Apple or a third party to extract faceprint data from iPhone X?
- How was the FaceID algorithm developed and how did Apple gather data for the algorithm?
- How does Apple protect against racial, gender or age bias in FaceID?
- How does FaceID distinguish between an actual face of a person, as opposed to the photograph of that face?
- Can Apple assure users that it will never share faceprint data?
- Does FaceID cause the device to continually “look” for a facial profile and in doing so, does it record other faces as well?
The response from Apple, made public on October 17th, was quite illuminating:
- FaceID works by using iPhone X’s TrueDepth camera to scan and analyze a user’s face based on depth perception maps and two-dimensional technology. That scan is then authenticated with images stored in iPhone X’s Secure Enclave.
- Data from the Secure Enclave is never backed up to the cloud, does not leave the device and isn’t even saved in device backups. Scanned faces are deleted after being used to unlock iPhone X.
- The neural network that helps to form the algorithm was created from over a billion images from individuals who provided specific consent to Apple. Further, a broad cross-section of individuals spanning gender, race, ethnicity, and age, was leveraged to create the algorithm.
- Passcodes will still be available to unlock devices if users choose not to use FaceID.
- Any third party applications that leverage FaceID for authentication don’t actually access FaceID; rather, those apps are notified only as to whether authentication was approved.
As ranking member on the Judiciary Committee, Subcommitee on Privacy, Technology and the Law, Senator Franken’s foray into technology and privacy matters is not new. In 2013, he presented a similar set of questions when Apple introduced the iPhone 5S Touch ID fingerprint scanner. Shortly after that inquiry, Apple published a white paper outlining the steps it had taken with Touch ID to assure Senator Franken that privacy concerns were of the highest priority to Apple. The collaboration between Senator Franken and Apple is vital in a time when a body of privacy laws to address facial recognition technologies is still emerging and protections are lacking in most jurisdictions. It will be interesting to see if other technology providers embrace a similar level of transparency in their product rollouts.