One of the most private personal possessions people own — their smartphone — can now be unlocked with perhaps the most public thing about them: their face.
Apple announced a premium new iPhone X on Tuesday that comes with facial recognition technology, ditching the Touch ID button on older iPhones that let people in by using their fingerprints.
Although this is the first time Apple has put facial recognition technology into its smartphones, other companies — including Samsung, LG, Microsoft with its Windows Hello, and Google back in 2011 — have all shown off their spin on a technology that experts say isn't always perfect.
How It Works
Right now, facial recognition technology across the industry is "a little bit hit or miss," said Andrew Blaich, a security researcher at Lookout, a mobile security company. He cited occasions when researchers successfully tricked facial recognition technology on a smartphone by holding up a photo of the user's face to the screen.
Apple is hoping its Face ID won’t be so easily fooled.
When you glance at your iPhone X, a high tech suite of tools at the top of the device will detect your face, setting off a high-tech process, including an augmented-reality image and a pattern of 30,000 dots to create a mathematical model of your face. If it matches the face print stored on your device, the phone unlocks in real-time.
Face ID will still unlock your phone even if you can change your hair, wear make-up or go bare-faced, and even put on a hat, according to the Apple demonstration on Tuesday. But if you close your eyes, you'll be locked out.
Phil Schiller, Apple's senior vice president of global marketing, said Face ID is so accurate that there's only a one in a million chance of someone else being able to unlock your iPhone. Those odds are smaller, he said, if the person happens to be related.
However, with facial recognition likely to become a standard security option, it raises questions about privacy. For example, can authorities can compel you to open your phone simply by putting it in front of your face?
The short answer is no, said Nate Cardozo, senior staff attorney at the Electronic Frontier Foundation. Authorities would first need to get a warrant, he said.
"The legal analysis of Face ID is the same as Touch ID," Cardozo said. "There is no legal difference between the finger printing and facial recognition."
A U.S. Supreme Court case from 2014, Riley vs. California, held that the search and seizure of a person's smartphone while under arrest — and without a warrant — is unconstitutional.
But then the law gets murky.
"The area where the law is less clear is whether you can be forced to use your fingerprint or face to unlock a phone," once authorities have a warrant, Cardozo said.
"It's going to be a very interesting question for the industry," said Blaich, a security researcher at Lookout, a mobile security company. "It wasn't until the tech got implemented into an iPhone that people started to consider the ramifications of this sort of thing."
On Wednesday, Sen. Al Franken sent a letter to Apple CEO Tim Cook requesting the company respond to questions about Face ID and user privacy.
"While details on the device and its reliance on facial recognition technology are still emerging, I am encouraged by the steps that Apple states it has taken to implement the system responsibly," Franken wrote. "However, substantial questions remain about how Face ID will impact iPhone users' privacy and security."
Even if you're not worried about the potential for law enforcement accessing your phone, Franken raised the question of who might potentially have access to a person's face print and how Apple might potentially respond to law enforcement requests for access to face print data or the Face ID system.
The answer: They can't access Face ID data since it's encrypted and never leaves the device.
Apple has a history of taking a strong stance on encryption. The company declined to help authorities crack into an iPhone used by one of the San Bernardino shooters in 2015, arguing that creating a back door into the devices lead to a slippery slope when it comes to user privacy.
Authorities ultimately said they were able to access the iPhone without Apple's assistance.