Perhaps the software is already advance enough that a user could use a more complex input into the facial recognition system. For example left eye closed. Or nose scrunched. A pout face. And so on. That way the odds of someone forcing the correct input in the limited allowed attempts greatly diminishes.
If I understand current law, one cannot be forced to supply a password or passcode because of 5th Amendment rights against forced, potentially self-incriminatory speech.
A fingerprint is regarded differently. You can be forced to supply a fingerprint because it is something you are, not something you know, the latter being speech which cannot be compelled.
One could use biometrics like facial recognition and still enjoy 5th Amendment protections if a sequence of facial gestures were required to unlock a phone. While the biometric features comprising the sequence are indeed something you are, the sequence is something you know, and constitutes speech, which you cannot be compelled to supply.
So yeah, Officer - I'll stare at my iPhone for as long as you like. It won't unlock until I blink my right eye twice within 1 second and raise my left eyebrow immediately thereafter.
I think maybe a mixture of facial and a pattern for things you specify would work wonders... Like you can unlock with just your face but not all apps should be available. To open apps not safe listed you need to put in a pattern / pin / vocal password based on your own voice or fingerprint or the inverse to open protected apps you need further authorization via other authentication approaches
This is actually significant, because as a rule of thumb the law can compell physical testimony (e.g. blood test, fingerprint), but not mental testimony (e.g. password, PIN, which finger to swipe, what face to make).
Though practically, I doubt many people will want to scrunch their face each time.
I'm reminded of the scene in "The Return of the King" where Gandalf wraps the palantir in a cloth because he's afraid Sauron might be on the other end.
New step one when seizing an iphone: wrap it in something opaque...
I find it very strange that Apple is held as a champion of privacy while simultaneously creating a culture of incredibly poor passwords. Perhaps the problem is that there are “two” privacies - the everyday protections against, say, Facebook, and the more traditional worry of a journalist in a hostile country.
Either way, I think we need to be taking this more seriously - most international borders require you now to take a picture. But forget countries, Disneyland now takes your picture by having an employee point an iPhone at you, a device equipped theoretically with the same technologies to reproduce whatever face data is necessary to get into your phone. To me, the “triumph” of FaceID and TouchID is analogous to Apple having “solved” the password problem by just auto-selecting “123” for everyone. Part of the responsibility of privacy protection is in the culture you build and how you implicitly educate your user through your designs. Apple bends over backwards telling everyone how crazy secure FaceID is, while potentially setting them up to have their data entered into incredibly easily when dealing with the most dangerous adversaries.
There was a great opportunity here to make a great feature that also educated the user: FaceID could have for example been an Apple Wallet feature. Credit Cards are a system built to expect fraud. They are expected to be stolen, and that’s why they build in a system to reverse charges. Telling a user that an Apple Pay charge can be quick and painless with FaceID (and avoid a full phone unlock) since the danger is not permanent would have still been more convenient than before. At the same time, by requiring the user to type a full password to access their data, the user would implicitly be taught that data theft is for some reason more dangerous, and thus begin to build the same intuitions computer-literate users have. In fact, if all the user did was use FaceID for their credit cards and no password for their photos, it would account for most of “normal” people’s security concerns, without also inadvertently confusing the security conversation where activists may not know the proper way to secure their data.
On the other hand, since people don’t want to bother entering a long password every time they pick up their phone, they’ll be more likely to disable it entirely.
> your face and/or your fingerprints are not passwords
How absolute do you think this is?
In the U.K. this would be an illustration that your face and/or fingerprints are passwords as the police can compel you to give any of them (or go to jail), including passwords that you don’t know.
There was recently a story of a married couple flying. The wife thought the husband was cheating, so after he fell asleep, she unlocked his phone right there and read everything. She didn't handle the news well.
Hold the lock button and one of the volume buttons for 3 seconds. This disables biometrics, and gives on-screen swipe options for MedicalID and Emergency SOS. Pressing the lock button 5 times also disables biometrics, begins a 3-second countdown to auto-call your Emergency SOS contacts and 911. One nice touch is that the language used to let you know Touch/FaceID are disabled doesn’t rat you out to the cops (just says that Touch/FaceID doesn’t recognize you, not that you intentionally disabled it). If these don’t work for you, there are options under Settings, Emergency SOS.
Correct me if Im wrong but FaceID will not work when Im dead right? The underlining software detects temperature similar to thermal detector and thats the way it builds an image of your face no?
I’ll be honest, if I’m dead... you’re welcome to it all.
I’m much more worried about a court compelling me, while alive, to provide my face or fingerprint. They can easily force biometrics out of me, but they’d have to torture a passcode out. Even if I have nothing to hide and/or give it up in the first five minutes at least that was my choice and not one made for me.
> The underlining software detects temperature similar to thermal detector and thats the way it builds an image of your face no?
No, I'm not aware of any thermal sensor used for FaceID. It builds an image of your face using an IR camera paired with an IR projector just like the first generation Kinect (made by PrimeSense that was bought by Apple in 2013). Keep in mind that this is near IR, not far IR that's used in thermal imaging.
I think the future defense against this sort of thing is more situational awareness on the part of the phone. You won't just have to fool the biometrics, you'll have to do so without making the phone suspicious at any point. My guess is that phones already have enough sensory data to pretty reliably distinguish everyday usage from being stolen or confiscated, and it's "just" a matter of fitting a model. Nor does the phone have to ignore what happens to it after it's unlocked.
No one tries this sort of thing on people or animals, and it's because they don't shut their perceptions off at all times except for a half second when they are authenticating someone.
I wonder when the app that wipes your phone if the GPS shows it to be at a police station or an evidence lockup will come out and what are the repercussions of having such an app will be.
> Apple makes it very easy to quickly disable Face ID [...] simply press and hold the side button and either power button for several seconds.
It would be nice if it were even easier. E.g a triple click of the power button — something that you could do with one hand in your pocket in less than a second.
I don't think it's actually any more effort than a triple-click. "Several seconds" actually means 2 seconds, so you can basically grab your phone and squeeze for two seconds to disable Face ID. It's probably less obvious than a triple-click too, because there's no repeated clicking noise. Whether you're attempting to triple-click or hold volume + power you'll need a good grip either way, and you may be able to triple click in one second vs. a two-second hold, but I think the probability a literal second would make a difference is pretty low.
Re rubberhose security: Face ID and Touch ID were both major security blunders by Apple because these enable security services and criminals to compel anyone to unlock their devices and incriminate/rob themselves. Only what someone knows, rather than what someone has, cannot be chopped off, presented or forcibly-applied to unlock a device... revealing information under duress is a choice, having a fingerprint taken to unlock a device is not a choice.
Apple isn’t a security focused company though, its a consumer goods company where ease of use trumps most other things. With that in mind, biometric posing as security is great for their bottom line. Security or privacy is sometimes a nice byproduct of how they want to market devices.
[+] [-] 14|7 years ago|reply
[+] [-] ridgeguy|7 years ago|reply
If I understand current law, one cannot be forced to supply a password or passcode because of 5th Amendment rights against forced, potentially self-incriminatory speech.
A fingerprint is regarded differently. You can be forced to supply a fingerprint because it is something you are, not something you know, the latter being speech which cannot be compelled.
One could use biometrics like facial recognition and still enjoy 5th Amendment protections if a sequence of facial gestures were required to unlock a phone. While the biometric features comprising the sequence are indeed something you are, the sequence is something you know, and constitutes speech, which you cannot be compelled to supply.
So yeah, Officer - I'll stare at my iPhone for as long as you like. It won't unlock until I blink my right eye twice within 1 second and raise my left eyebrow immediately thereafter.
edit to add missing word
[+] [-] giancarlostoro|7 years ago|reply
[+] [-] paulddraper|7 years ago|reply
Though practically, I doubt many people will want to scrunch their face each time.
[+] [-] sulam|7 years ago|reply
[+] [-] AnonymousPlanet|7 years ago|reply
[+] [-] andyv|7 years ago|reply
New step one when seizing an iphone: wrap it in something opaque...
[+] [-] walrus01|7 years ago|reply
[+] [-] craftyguy|7 years ago|reply
[+] [-] tolmasky|7 years ago|reply
Either way, I think we need to be taking this more seriously - most international borders require you now to take a picture. But forget countries, Disneyland now takes your picture by having an employee point an iPhone at you, a device equipped theoretically with the same technologies to reproduce whatever face data is necessary to get into your phone. To me, the “triumph” of FaceID and TouchID is analogous to Apple having “solved” the password problem by just auto-selecting “123” for everyone. Part of the responsibility of privacy protection is in the culture you build and how you implicitly educate your user through your designs. Apple bends over backwards telling everyone how crazy secure FaceID is, while potentially setting them up to have their data entered into incredibly easily when dealing with the most dangerous adversaries.
There was a great opportunity here to make a great feature that also educated the user: FaceID could have for example been an Apple Wallet feature. Credit Cards are a system built to expect fraud. They are expected to be stolen, and that’s why they build in a system to reverse charges. Telling a user that an Apple Pay charge can be quick and painless with FaceID (and avoid a full phone unlock) since the danger is not permanent would have still been more convenient than before. At the same time, by requiring the user to type a full password to access their data, the user would implicitly be taught that data theft is for some reason more dangerous, and thus begin to build the same intuitions computer-literate users have. In fact, if all the user did was use FaceID for their credit cards and no password for their photos, it would account for most of “normal” people’s security concerns, without also inadvertently confusing the security conversation where activists may not know the proper way to secure their data.
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] ams6110|7 years ago|reply
[+] [-] matthewmacleod|7 years ago|reply
Security is a continuum.
[+] [-] okket|7 years ago|reply
[+] [-] smartbit|7 years ago|reply
[+] [-] dan-robertson|7 years ago|reply
How absolute do you think this is?
In the U.K. this would be an illustration that your face and/or fingerprints are passwords as the police can compel you to give any of them (or go to jail), including passwords that you don’t know.
[+] [-] caseysoftware|7 years ago|reply
There was recently a story of a married couple flying. The wife thought the husband was cheating, so after he fell asleep, she unlocked his phone right there and read everything. She didn't handle the news well.
[+] [-] ddebernardy|7 years ago|reply
Either way if you're paranoid about security you should use a passcode on top to boot.
[+] [-] subhro|7 years ago|reply
That disables biometrics at least on iPhone 7
[+] [-] jeffhiggins|7 years ago|reply
[+] [-] function_seven|7 years ago|reply
[+] [-] badwolf|7 years ago|reply
[+] [-] ryanmonroe|7 years ago|reply
[+] [-] rubatuga|7 years ago|reply
[+] [-] village-idiot|7 years ago|reply
[+] [-] asdfasgasdgasdg|7 years ago|reply
[+] [-] joering2|7 years ago|reply
[+] [-] k_sh|7 years ago|reply
- open the deceased's eyes
- position the eyes so that Face ID thinks the eyes are "looking into" the iPhone
- pump warm blood/liquid into the deceased's face in order to fool the infrared temperate monitoring
Seems possible, but sounds like an awful lot of work unless you did something that law enforcement really wants to look into.
[+] [-] chrismeller|7 years ago|reply
I’m much more worried about a court compelling me, while alive, to provide my face or fingerprint. They can easily force biometrics out of me, but they’d have to torture a passcode out. Even if I have nothing to hide and/or give it up in the first five minutes at least that was my choice and not one made for me.
[+] [-] sorenjan|7 years ago|reply
No, I'm not aware of any thermal sensor used for FaceID. It builds an image of your face using an IR camera paired with an IR projector just like the first generation Kinect (made by PrimeSense that was bought by Apple in 2013). Keep in mind that this is near IR, not far IR that's used in thermal imaging.
[+] [-] voidmain|7 years ago|reply
No one tries this sort of thing on people or animals, and it's because they don't shut their perceptions off at all times except for a half second when they are authenticating someone.
[+] [-] dogma1138|7 years ago|reply
[+] [-] cdubzzz|7 years ago|reply
It would be nice if it were even easier. E.g a triple click of the power button — something that you could do with one hand in your pocket in less than a second.
[+] [-] ryanmonroe|7 years ago|reply
[+] [-] quickthrower2|7 years ago|reply
[+] [-] Operyl|7 years ago|reply
[+] [-] arkadiyt|7 years ago|reply
[+] [-] donarb|7 years ago|reply
[+] [-] anon7429|7 years ago|reply
[+] [-] yellow_postit|7 years ago|reply
[+] [-] quickthrower2|7 years ago|reply