On the face of it: Misunderstanding the point of Face ID

macalope
IDG

Whenever Apple introduces a new technology to its devices is a good time to freak out about said technology.

Writing for Mashable, Jack Morse declares “I’ll never use Apple's Face ID.” (Tip o’ the antlers to Tibor Csapo, SamT, James and Brian.)

And I’ll never love again. Unrelatedly. Well… mostly unrelatedly.

The first batch of shiny new iPhone Xs is slated to ship on November 3…

November 4th: Skynet become active.

…the Cupertino-based company has assured everyone that the system is mostly secure and that it presents no real privacy concerns. Unfortunately, the arguments aren't all that convincing…

Apple was very transparent about the inherent security of Face ID. Is it impossible to trick? No. Guess what, though: it’s not supposed to be. And if the privacy features of the company most concerned about privacy aren’t good enough, then perhaps technology is not for you.

…it's clear that Face ID makes a device less secure, opens you up in new ways to coercion, and sticks you with an unchangeable password that everyone knows. 

If you want to live in a world of perfect, Platonic security, don’t use Face ID. Or Touch ID. Or short passcodes. Don’t own a smartphone at all. Also best to randomize your own memory if at all possible.

Morse’s complaints about Face ID are mostly true. It’s not perfect and you can be forced to unlock your phone with biometric data by law enforcement. The only problem with this article is the fact that it totally misses the point of Touch ID and Face ID. Other than that, A-O-K. Good stuff. Other than totally missing the point.

Essentially, Schiller is admitting Face ID can be tricked.

Yes. They said that on stage. They told people that. Very shady.

Simply disable Face ID before politely handing your smartphone over to the authorities and you're good to go! Yeah, that doesn't work in the real world.

If you’re worried about that, and maybe you should be, do not use Face ID. Because perfect security is not what it’s for. And nobody said it was.

Apple created Touch ID and Face ID not as the best ways to secure your iPhone but as better ways than you were probably using. These are conveniences, not foolproof security systems. When Apple shipped Touch ID, it knew that most people weren’t using a 128-character alphanumeric passcode, they were using 4-digit numeric passcodes (if anything). Why? Because they wanted to unlock their phones quickly. MY SANDWICH MUST BE INSTAGRAMMED AS FAST AS IS HUMANLY POSSIBLE. 4-digit numeric passcodes are terrible security. They are easy to guess, hack or simply jack by watching someone type it in. Fingerprints and faces are not perfect, but they are considerably better for most security situations.

This semi "always on" nature of Face ID is a huge red flag for privacy experts.

Privacy experts that love to jump immediately to vast global conspiracies, possibly involving space aliens.

Morse takes the time to explain how the secure enclave, created by Apple for Touch ID and now used with Face ID, works by turning each set of biometric data into a mathematical representation. Or, at least how it works if you believe the man. We then get this gem:

But the face is different than a thumbprint…

Sure, my hard drive may be able to store all these fancy cat pictures, but can it store pictures of teacup poodles?! Probably not because they are different! Back here in the non-hyperbolic part of the universe, the secure enclave works exactly the same way with both fingerprints and faces, as outlandish as that sounds. That’s how Face ID works out of the box with everything you’ve already set up to use Touch ID.

Morse also insinuates that because Senator Al Franken asked questions of Apple about their potential use of Touch ID data, we should all be very concerned that Apple will one day have a big database of our fingerprints and faces that they will sell to balaclava-clad ne’er-do-wells. Also, possibly space aliens.

It is ironic that, at the same time as people are railing against the low security of Face ID, the iPhone is also being criticized for being the phone of choice among sexual predators because it’s so secure. They have achieved a positively Schrōdinger-like level of security.

Franken is right to ask the company about its intentions. But Apple isn’t an advertising company and has turned privacy into a cornerstone of its marketing. The amount of attention they get on these matters is completely out of proportion to their likelihood to be acting outside the interest of the people who use their products compared to their competitors. Amazon, a company that loves to feed the Macalope’s search data over to Instagram ads, just announced a camera that will sit next to your bed, for crying out loud.

The only concern that Morse unceremoniously dumps into this manically boiling pot of concern soup that resonates comes from Edward Snowden. Snowden praises Apple’s implementation and then makes the point that Apple successfully marketing facial recognition technology will normalize it, making it easier for companies that would love to collect all our data to sell their own privacy-free versions.

Security measures are on a sliding scale. Is facial recognition as strong and secure as only using a complicated and long passcode? Or eschewing all technology and living in a cave in the Canadian Rockies? No. No, no, no, no, no, no, no. But it could very well be better than what you’ve been using. And that’s the point.

  
Shop Tech Products at Amazon