After a US Senator wrote to Apple CEO Tim Cook, conveying concerns on users’ security with Face ID biometric security in iPhone X, Apple has responded to him, detailing Face ID’s built-in security features. In September, Senator Al Franken (Democrat-Minnesota) had asked several questions related to Apple’s implementation of the Face ID technology. Franken had asked Cook to reply to his concerns by October 13. According to a report in Appleinsider on Tuesday, Apple Vice President for Public Policy Cynthia Hogan has clarified Franken’s concerns in a letter.
“Face ID confirms the presence of an attentive face (via gaze detection), projects and reads a depth map of a user’s face and sends that information to the Secure Enclave for processing. “Face ID data, which includes a mathematical representation of a user’s face, is encrypted and never leaves the device,” Hogan wrote. “Data sent to the Secure Enclave is not sent to Apple or included in device backups. Further, 2D face images and corresponding depth map information captured for normal unlock operations are immediately discarded once the mathematical representation is calculated for comparison against an enrolled Face ID profile,” Apple said in the letter.
Franken also issued a statement regarding Apple’s response. “I appreciate Apple’s willingness to engage with my office on these issues, and I’m glad to see the steps that the company has taken to address consumer privacy and security concerns,” said Franken, who is the member of the Senate Judiciary Subcommittee on Privacy, Technology and the Law. Face ID uses ‘TrueDepth’ camera system made up of a dot projector, infrared camera and flood illuminator, and is powered by A11 Bionic to accurately map and recognise a face. Face ID projects more than 30,000 invisible IR dots.
The IR image and dot pattern are pushed through neural networks to create a mathematical model of your face and send the data to the secure enclave to confirm a match, while adapting to physical changes in appearance over time. Apple has always been reluctant to let enforcement agencies get into its hardware security technology. In 2016, Apple refused to comply with a court order after federal prosecutors tried to unlock an iPhone tied to a 2015 terrorist attack in San Bernardino, California.