Al Franken sure likes to write letters. Barely a day removed from Apple’s iPhone X event, the Minnesota Senator penned a letter to Apple CEO Tim Cook asking a myriad of questions about the security protocols built into Apple’s brand new Face ID technology and any resulting privacy implications. Franken also asked how Apple tested the technology during development and if we can expect the feature to perform reliably with different groups of people across race, age and gender.
While some of the questions posed by Franken are arguably redundant insofar that we’ve already been down this road with Touch ID, there are a few intriguing questions Franken managed to sneak in. It’s worth noting that the tone of Franken’s letter is not combative as much as it is inquisitive. Laid out across three pages, Franken asked Cook to answer the following 10 questions.
Franken’s questions read:
1. Apple has stated that all faceprint data will be stored locally on an individual’s device as opposed to being sent to the cloud.
a. Is it currently possible – either remotely or through physical access to the device – for either Apple or a third party to extract and obtain usable faceprint data from the iPhone X?
b. Is there any foreseeable reason why Apple would decide to begin storing such data remotely?
2. Apple has stated that it used more than one billion images in developing the Face ID algorithm. Where did these one billion face images come from?
3. What steps did Apple take to ensure its system was trained on a diverse set of faces, in terms of race, gender, and age? How is Apple protecting against racial, gender, or age bias in Face ID?
4. In the unveiling of the iPhone X, Apple made numerous assurances about the accuracy and sophistication of Face ID. Please describe again all the steps that Apple has taken to ensure that Face ID can distinguish an individual’s face from a photograph or mask, for example
5. Apple has stated that is has no plans to allow any third party applications access to the Face ID system or its faceprint data. Can Apple assure its users that it will never share faceprint data, along with the tools or other information necessary to extract the data, with any commercial third party?
6. Can Apple confirm that it currently has no plans to use faceprint data for any purpose other than the operation of Face ID?
7. Should Apple eventually determine that there would be reason to either begin storing faceprint data remotely or use the data for a purpose other than the operation of Face ID, what steps will it take to ensure users are meaningfully informed and in control of their data?
8. In order for Face ID to function and unlock the device, is the facial recognition system “always on/5 meaning does Face ID perpetually search for a face to recognize?
a. Will Apple retain, even if only locally, the raw photos of faces that are used to unlock (or attempt to unlock) the device?
b. Will Apple retain, even if only locally, the faceprints of individuals other than the owner of the device?
9. What safeguards has Apple implemented to prevent the unlocking of the iPhone X when an individual other than the owner of the device holds it up to the owner’s face?
10. How will Apple respond to law enforcement requests to access Apple’s faceprint data or the Face ID system itself?
Apple is under no legal obligation to respond to Franken’s inquiry, but it stands to reason that Apple will respond by the October 13th deadline Franken set.