So we have had the annual hype-fest about the latest set of new Apple products – chief amongst which is the new iPhone X.
A lot has been said and written about the new features, in particular the new facial recognition software which Apple claims is 20x more secure than its touch ID. As far as I can tell there is no publicly available empirical evidence to back this up (or indeed of the safety of touch ID) so it looks like we will have to believe Apple for now on this one.
However the increased use of biometrics to replace passwords on our personal devices does raise some important questions which are worth taking stock of if we are intending to use these systems.
Biometrics can be copied
It is technically possible to produce a copy of a finger print using a 3D printer – technology that is now readily available to the public. Facial recognition technology is far harder to fool this way (unless you are the unfortunate owner of a Samsung Galaxy S8) so it is certainly an improvement in this respect. Apple has invested in 3D camera technology to overcome the issues with the earlier Samsung devices. However it is still relatively untested technology and only time will tell if it can be tricked. One thing is clear – if your biometrics are ‘cloned’ you cannot change them. You can of course change a password.
One thing is clear – if your biometrics are ‘cloned’ you cannot change them – unlike a password
Your phone or applications could be unlocked against your will
Imagine a situation where a mugger steals your phone then manages to unlock it by pointing it at your face. Or worse still a situation where you phone is stolen at knifepoint then the facial recognition used to access your bank accounts.
Whilst I accept these situations could happen using passwords or pin numbers, facial recognition could make life easier for the criminal. Furthermore it is possible than enforcement agencies could confiscate your phone and unlock it against your will without the need for any compliance on your part. Whilst you could argue if you have nothing to hide this should not be a problem it is a somewhat troubling thought in a world ever more obsessed with surveillance.
Apple are collecting data on your physical identity
This is only partially true. The data your iPhone builds up on your facial features (as it is with touch ID) is stored on a highly secure chip on the phone and is not transmitted to Apple or any other cloud location. However this information has the potential to be used in other ways to – such as to gather deeply detailed usage habits (for instance by tracking your emotions). In fact Apple have already hinted they will use the camera in this way to integrate with SnapChat.
With large corporations increasingly exploiting the technology we use on a daily basis to gather detailed data on our behavior it is not beyond the realms of expectation that facial recognition will be used in this way too.
So what can we conclude from this? Well like any new technology there are always risks with being an early adopter. If you do decide to use Apple’s new facial recognition software to protect your phone and possibly bank accounts too, you need to be aware that there are potentially risks in doing so. Having said that there is no doubt that it is far more difficult to break into a device secured this way than using a traditional password or pin code (although the chances are you will still need a pin code for your new iPhone X…).
Privacy issues are more worrying as we have little visibility about how data being collected on us is being used. Facial recognition data is another dimension to this and we must trust that the technology giants are complying with privacy laws in the way they handle it.