Rhiannon Williams writes for iNews on the new iphone X.  

iPhone X: Is facial recognition safe? 

Even 10 years ago, the notion of your phone scanning your face to verify your identity seemed far-fetched. While it’s slowly crept into handsets from Sony, Samsung and others over the past few years, Apple’s adoption in the form of the forthcoming iPhone X will push the technology into mainstream consciousness.

The iPhone X, revealed onstage in California last month, will be the first iPhone to feature Face ID, a facial recognition system which replaces Touch ID, the fingerprint scanning verification available in iPhones since 2013. Face ID works by projecting 30,000 infrared dots onto your face to create a 3D map, which is securely stored in the handset’s updated A11 Bionic processor –  not stored in a potentially hackable database.

Like Touch ID, it will be used to unlock the handset, verify Apple Pay purchases and unlock secured apps, bypassing the need to input a passcode once the phone goes on sale from 3 November.

When Touch ID was first announced, it triggered an online backlash over the possibility of thieves forcing iPhone owners to press their fingers to the home button to unlock it, and Face ID has been met with similar scepticism. So, how secure is Face ID, exactly? 

Apple has confirmed the data collected by its facial scanning technology won’t be shared with the cloud, instead storing it directly on the device, so it won’t be susceptible to remote hacking. The company also boasted its 3D motion tracking camera couldn’t be tricked by holding up a photograph of a face, unlike Samsung’s facial recognition technology, which has been duped in this manner.

It also only works when your eyes are open, meaning someone couldn’t attempt to unlock your iPhone X by holding it up to your sleeping face. As with any kind of biometric security, including fingerprint and iris scanning, the likelihood of someone else being unable to unlock your phone quickly is dramatically lowered by the virtue of your unique biological attributes needing to be present to unlock the device.

That’s not to say it couldn’t technically be fooled, but the likelihood is extremely low. The chances of another person cracking your Touch ID are around one in 50,000, Apple’s Phil Schiller explained, while Face ID’s chances are around one in a million thanks to the extra level of security in capturing a 3D model. So it would be virtually impossible for a third party to successfully bypass Face ID unless they were physically pointing it at your face, in which scenario, you’ve probably got bigger problems to deal with.

In the scenario of someone attempting to force you to unlock your iPhone X biometrically, pressing the power button five times in succession disables both facial and fingerprint recognition features: an inbuilt kill-switch.

There are, of course, other ways to keep your phone safe. You can set an six or four digit passcodes, or alphanumeric mixes of numbers and letters to unlock your iPhone. A six digit code would take a computer on average 11 hours to break, or a hacker around 17 days, according to security experts. Throw case-sensitivity into a six character alphanumeric code, and it could take a computer up to 72 years, or a human up to a staggering 2,700 years, to eventually crack it.

Policy and security experts have voice concern the presence of facial scanning technology in phones will normalise the practice.

“The fact that facial recognition is being sold as a tool for personal security is one thing, but the fact that we see it being rolled out by the police as a tool for surveillance shows that it is a technology which has conflicting benefits: security and privacy on one hand, security by surveillance on the other,” 

UK civil rights group Big Brother Watch said.

“This raises complex moral and ethical questions which need to be discussed sooner rather than later, before our face is used for purposes outside of our control.”

Defendants’ refusal to allow the police access to their phones is a major barrier in many legal cases, Edward Connell, criminal barrister, explains.

“Defendants refusing to hand over PIN codes is a very common legal scenario. When combined with the fact the police’s tech knowledge is often behind the curve, defendants often face trial before their phones have been cracked or before an attempt has been made, because it is a slow, costly procedure which is – understandably – reserved for more serious instances, like terror cases.

“The failure to provide a PIN is viewed similarly to people who fail to provide a specimen of breath – i.e. the logical conclusion is that you are failing to provide it, as you fear the reading if you do.”

Ultimately, how you choose to unlock and protect your phone is entirely up to you. Face ID is all about convenience. Tapping in lengthy passcodes is perceived as being a pain, holding your handset to your face, painless. Due to the lack of a hackable database, it’s a secure and viable security method which has been designed to work as conveniently and efficiently as possible. If you’re really that worried about it, the solution is simple – don’t use it.

This article first appeared on iNews website, on 30 October 2017, and is accessible online here.

Edward Connell is a criminal barrister and sits as a Recorder at the Crown Court hearing the full range of criminal cases, including sexual offences and appeals.  Throughout his career Edward has both prosecuted and defended. His approachable nature has meant that he has been regularly instructed in cases involving vulnerable witnesses and defendants.