Since Apple first gave me the option to use my physical human body as a key, I’ve felt uncomfortable about it. When I got my beloved iPhone 6s, I declined to enable Touch ID, though I didn’t exactly know why. Then Face ID came along on the iPhone X, and I looked on skeptically as my clearly foolhardy friends followed the examples of Apple’s smiling models.
My uninformed but generally mistrustful feelings about biometric security only intensified on Wednesday as Apple went all in with Face ID, touting one’s face as the preferred and secure way to lock away your darkest digital secrets. With Face ID now available on all three new models of the iPhone, it’s about to be a Face ID-secured world, people. And we’re just livin’ in it.
Still, there are plenty of criticisms about this new technology. No one asked for this future! It is glitchy as hell! Your password is way, way too public! Face ID normalizes surveillance via widespread facial recognition, which is a tool of oppression, y’all!
However, as I sized up the arguments for and against, I’ve begrudgingly come to the conclusion that my fear of Face ID is just the teensiest bit irrational.
…But no way in hell does that mean I’m going to use it.
If you’re a normal person, Face ID is basically safe.
It was a hard thing to admit, but at least some percentage of my fear of Face ID has been formed by Face/Off. You know, the Nicolas Cage and John Travolta thriller in which enemy cop Travolta vs. criminal Cage swap, erm, faces. Great film, really couldn’t recommend it enough.
But anyway, not that I thought someone was going to full on Face/Off me, but even making a 3D image of my face seemed inherently unwise. How did I know that Cage wasn’t going to come looking to steal my life and family vis-a-vis my face?
Digging into Face ID I realized that even if a maniacal criminal with a plastic surgery unit at his disposal was intent on stealing my identity — or, say, a financial criminal, or a security firm or government agency looking to create a database of faces — they wouldn’t be able to do it using Face ID.
Apple doesn’t actually have any record of your face; using Face ID does not mean that you’re “giving Apple your face” like I thought it did. Instead, it only stores a mathematical representation of your face locally, on your personal device. Your face doesn’t go into any database, it doesn’t leave your hardware, and it’s only a mathematical representation, not even an actual 3D image.
I was forced to conclude that using Face ID did not mean I was handing a key to my phone (and LIFE) to Apple, or any governments, corporations, or criminals unhappy with their own visages.
Still, with Face ID, my face IS my passcode. There is absolutely nothing secret about it! Maybe nefarious entities didn’t need an image from Apple to penetrate my digital secrets. They could always make their own 3D scan of my face, and make a Charlie’s Angels-esque silicone mask. Nice try, Apple! But the truth is that… I am a middle class journalist who likes yoga, dogs, and a good pair of Swedish clogs. No one is going to the effort to steal my phone and make a flawless mask in order to access the SEVERAL thousands of dollars in my bank account. If you’re an international spy or President Obama, though, Face ID is probably unwise. (Security firms agree with this assessment).
But what about law enforcement, I thought! I had heard that police did not need warrants to open phones that could unlock with biometrics. But did need warrants to unlock phones with passcodes.
It turns out that the law is slightly better than that. Law enforcement cannot legally obtain permission to open your phone with a passcode at ALL, because it’s considered a form of self-incrimination. However, cops can actually get warrants for you to produce your fingerprint or your face. Which is a pretty dumb loophole.
But if I’m being honest, I have to ask, how risky is this for me, really? I’m a law-abiding citizen. I would submit to a search warrant if it were produced. How does this legal difference actually impact my life in reality? Up to this point, and in the foreseeable future, it doesn’t.
The other big concern about Face ID is that it can be tricked. Twins can open each other’s phones. I even have a pair of cousins who are not twins, but look similar enough that Apple doesn’t recognize the difference.
But I don’t have a twin. And my sister and I don’t look startlingly similar. So… there’s really no issue for me there, either.
Combing through this information, I realized that Face ID is basically safe for me to use. It might even be nice, and convenient, and perhaps more secure than my probably-too-obvious passcode!
But even if Face ID’s defenses rebuffed my attacks, I’m still not capitulating to the Face ID dogma.
Mostly, because safety with Face ID will always depend on Apple’s word.
Despite facing the facts that Face ID is probably safe for me to use, I still will not use the technology. I will instead let the irrational fear (and more rational arguments) defend me from the dark technological future Apple has created, the future that I did not ask to live in.
Let’s start with the irrationals: I just. don’t. want. to. give. a. DAMN. computer. my. FACE!!
Listen, the machines are going to rise. It’s not a question of if, it’s a WHEN, amirite?! I don’t need to give the tech industry, let alone our future tech overlords, a blueprint into becoming Rachel Kraus. Some things are just sacred, ok!? Faces are one of them.
Second irrational fear: maybe a criminal or an enemy will make a copy of my face using a 3D printer (they’re more affordable than ever before, guys!) Maybe this will become a hot new crime wave: look for friendly drunk girl. Take hi-res photo. Steal phone. Print her face. Steal EVERYTHING. Minority Report is not that far from reality, I’m just saying.
Much less irrational: just because I do not have any reason to fear a law enforcement search of my phone now doesn’t mean I won’t in the future. I have sources to protect and an identity that has been persecuted in the past. Plus, my country is run by a bloated authoritarian regime that’s hostile to protesters. If I can easily protect my data from government entities by using a slightly more involved passcode for my phone, there’s no reason I shouldn’t do it. Having “nothing to hide” is no reason to not demand the highest levels of privacy.
Bordering on rational: Strong passcodes are still the most secure way to protect your data. Face ID does not improve upon this technology. There is no reason to downgrade my security for the sake of a new gadget.
Rational as the number “2”: Apple is a trillion dollar corporation. It is way too rich and powerful for me to blindly trust that the largely privacy protecting policy it maintains today will remain its agenda down the line. The security of my identity depends on the priorities and business strategy of a corporation. If I am wary about a corporation collecting an image of my face at all, I should not let the assurances of said corporation assuage those misgivings.
Face ID may be convenient, and is probably safe, as long as your nickname isn’t 007. The majority of us probably have nothing to hide, probably don’t have much that would motivate a very technologically intense crime, PROBABLY won’t get on the wrong side of the government. But when it comes to protecting the our phones, our identities, and our lives, probably just isn’t good enough.