What you should know about privacy and Apple’s FaceID on iOS 11 -

What you should know about privacy and Apple’s FaceID on iOS 11

Credit: arstechnica.com

  • About: 10 days ago
  • 4 views

During and after yesterday's Apple announcement of its FaceID unlocking feature for its new iPhone X, some brief discourse began on the Ars #staff Slack channel concerning legal rights when your face is your new passcode. It's a big deal, as this is the future of smartphone unlocking—largely because Apple says so.

"This is the future of how we'll unlock our smartphones and protect our sensitive information," Apple VP Phil Schiller said.

So let's start off with one fear an Ars colleague brought up. He suggested that the cops could take your phone and hold it up to your face to unlock it. Presumably, a mugger or nefarious actor could do the same thing.

But remember the Supreme Court is on your side, at least when it comes to the authorities searching your phone. In 2014, the high court ruled that the authorities need a warrant to search your phone incident to an arrest. It's probably one of the biggest privacy decisions for the digital age.

"Prior to the digital age, people did not typically carry a cache of sensitive personal information with them as they went about their day. Now, it is the person who is not carrying a cellphone, with all that it contains, who is the exception," the court ruled.

This right to privacy isn't the same when it comes to being at the US border, however. A quirk in the law allows authorities at the border to search your phone without a probable cause warrant. The law doesn't care about the method by which the phone is locked, either.

Before we get into the obvious questions about the Fifth Amendment implications for refusing to unlock your phone when ordered, it should be noted that Apple has instituted some new privacy features for iOS 11, which rolls out next week. Let's assume you unlock your phone for the authorities, whether they have a warrant or not. If you have TouchID enabled on a non-iPhone X phone, the passcode is now required when the phone is connected to a new computer. "Trust This Computer" pops up on the computer's monitor, requiring the password. That wasn't the case before. This means the authorities would need your passcode again to siphon data from your phone beyond just reading its contents manually.

One researcher who has written about this suspects the same will apply to the iPhone X and its FaceID—that a passcode will be required when connecting it to a new computer.

Nicholas Weaver, a computer scientist at the International Computer Science Institute in Berkeley, California, told Ars in an e-mail that "There is no way I could see Apple making FaceID bypass the iOS-11 passcode needed to trust this computer change."

Apple did not immediately respond for comment.

Spoofing

To be sure, there are all types of technological reasons to fear FaceID, just like a fingerprint scanner. Spoofing is probably among the biggest concerns. Apple's TouchID has been spoofed with a fake fingerprint. And it's only a matter of time before FaceID is fooled, too.

Technological concerns aside, let's address the hot-button topic about what happens if you refuse to unlock your phone. This has been an ongoing topic here at Ars. And it's headed to the Supreme Court.

So are Fifth Amendment rights any different depending on whether a device is locked via a passcode, a fingerprint, or your face?

For starters, the cops don't see any difference.

There's a man imprisoned for two years now for refusing to abide by a court order to unlock his passcode-protected hard drives. Last week, the child-porn suspect, named Francis Rawls, lost his bid to be released pending his appeal to the Supreme Court, which has never ruled on whether forcing someone to unlock hardware amounts to a Fifth Amendment breach of the right to be free from compelled self-incrimination.

One positive ruling on the issue has come, however. A federal appeals court in 2012 declared that forcing somebody to decrypt a passcode-protected device was a constitutional violation.

But privacy seems to be losing in these decryption cases. Last year, for example, we brought news that federal prosecutors in Los Angeles were successful in getting judicial approval to force two people, who were inside their California homes, to press their fingerprints on a seized smartphone in a bid to unlock them.

Compelled decryption

But even civil rights activists acknowledge there might be a legal distinction between being compelled to state what is in your mind compared to being forced to use one's body to unlock a device.

In the Rawls child-porn case, the Electronic Frontier Foundation said (PDF) that "compelled decryption is inherently testimonial because it compels a suspect to use the contents of their mind to translate unintelligible evidence into a form that can be used against them. The Fifth Amendment provides an absolute privilege against such self-incriminating compelled decryption."

Matthew Segal, legal director of the American Civil Liberties Union in Massachusetts, said in a telephone interview that he believes an argument could be made that forced decryption is a Fifth Amendment violation no matter what. "Compelling somebody to decrypt something, whether it's with their thumbprint, or their face, or with a passcode, is asking them to translate scrambled data," he said. The act of decrypting a device, he added, is "rearranging data to be intelligible to the computer."

One of the first to raise the issue that biometric-protected devices bring fewer Fifth Amendment protections over passcodes was Marcia Hofmann, a San Francisco lawyer and formerly of the EFF. When TouchID came out four years ago, she said:

But a communication is "testimonial" only when it reveals the contents of your mind. We can't invoke the privilege against self-incrimination to prevent the government from collecting biometrics like fingerprints, DNA samples, or voice exemplars. Why? Because the courts have decided that this evidence doesn’t reveal anything you know. It's not testimonial.

Your face is no different.

Follow Us on Twitter

Related stories with What you should know about privacy and Apple’s FaceID on iOS 11

Tunisia parliament approves controversial amnesty for Ben Ali-era corruption -World News
Tunisia parliament approves controversial amnesty for Ben Ali-era corruption 10 days ago
Tunisia's parliament on Wednesday approved a controversial law granting amnesty to officials accused of corruption during the rule of autocrat Zine El-Abidine Ben Ali, triggering angry protests from the opposition and activists outside.
2017 Evian Championship: Favorite to Win -World News
2017 Evian Championship: Favorite to Win 10 days ago
Charlie Rymer, Robert Damron, and Damon Hack reveal their favorites to win the Evian Championship.
Thousands of Elasticsearch Servers Hijacked to Host PoS Malware -World News
Thousands of Elasticsearch Servers Hijacked to Host PoS Malware 10 days ago
Over 4,000 insecure Elasticsearch servers have been hosting the point-of-sale malware Alina and JackPoS.
How Apple's iPhone Is Leading Our Grand March Into Mass Mediocrity -World News
How Apple's iPhone Is Leading Our Grand March Into Mass Mediocrity 10 days ago
Thanks to 10 years of Apple's iPhone, you no longer need to buy flashlight batteries, a camera or GPS ... but your reception still stinks! Cartoon by Ted Rall.
Hammond says rejects 'protectionist' EU agendas after Brexit -World News
Hammond says rejects 'protectionist' EU agendas after Brexit 10 days ago
LONDON (Reuters) - Britain will reject "protectionist" agendas from the European Union in favour of "forward-leaning" proposals when it comes to supervising cross-border financial markets after Brexit, UK Chancellor of the Exchequer Philip Hammond said on
Personal touch: Modi chooses where Abe should eat, what he should visit -World News
Personal touch: Modi chooses where Abe should eat, what he should visit 10 days ago
In what was probably the first such welcome accorded to a head of government on Indian soil, Japanese PM Shinzo Abe and his host and counterpart Narendra Modi participated in a roadshow from Ahmedabad airport to Sabarmati Ashram.
Two BSF jawans among five injured in Pakistan shelling along LoC, International Border -World News
Two BSF jawans among five injured in Pakistan shelling along LoC, International Border 10 days ago
They fired mortar shells along the IB, forcing the BSF to retaliate, resulting in exchange of fire, a police officer said.
Ryan's northern zone head sent to three-day police custody, HR head to judicial custody -World News
Ryan's northern zone head sent to three-day police custody, HR head to judicial custody 10 days ago
Gurgaon Police had arrested Francis and Jeyus following the gruesome murder of a seven-year-old student.
Zubeen Garg says sorry: A filmi colonel brought down to earth by real Major -World News
Zubeen Garg says sorry: A filmi colonel brought down to earth by real Major 10 days ago
The officer, a major stationed in Arunachal Pradesh, asked the singer to remove the Army cap as it was illegal for a civilian to wear a military outfit.
Assam teacher accuses colleagues of rape and conversion threats -World News
Assam teacher accuses colleagues of rape and conversion threats 10 days ago
The teacher has accused her co-workers of threatening her with rape and murder and pressurizing her to eat beef and convert to Islam.
RTI activist Akhil Gogoi arrested by Assam police, sedition charge slapped -World News
RTI activist Akhil Gogoi arrested by Assam police, sedition charge slapped 10 days ago
Police said Akhil Gogoi 'instigated the common people to wage war against the nation'.