How Face ID affects the Fifth Amendment and opens the door for law enforcement to have easier access to your phone
By now, you’re likely familiar with the iPhone X’s ability to use facial recognition technology to unlock your phone with “just a look.” You’ve also probably seen the commercials where “animojis” (Apple’s animated emojis) jam out to Big Boi’s “All Night,” perfectly matching their owners’ facial expressions. It’s all fun and games, and just one more development from Apple, perhaps in an attempt to reverse the direction of plateauing iPhone sales over the past few years.
As we continue to develop smartphones that requires less and less effort from us to bypass security measures, we are opening ourselves up to a range of problems — from Fifth Amendment implications to privacy concerns. Apple’s Face ID program is perhaps the highest-profile example of consumer-oriented facial recognition programs like these, but in a competitive smartphone industry, others are likely to follow suit and develop similar ones.
It’s almost too easy to willingly sign up. When you get your phone, you’re asked to enroll in the Face ID program. The phone will then collect infrared images and mathematical representations of your face, according to a security guide on the Face ID feature released by Apple. This information is then stored on your phone, and — according to Apple — encrypted and available only to the Secure Enclave, the system responsible for processing your facial information. The company claims this data never leaves the device and is not sent to Apple or included in backups to other devices.
In 2016, Apple refused to to unlock the San Bernardino gunman’s iPhone, going against a governmental order and, in doing so, winning some reputational points in the eyes of many. The Washington Post published an op-ed on how Apple was protecting everyone’s security — a good thing, they argued. Apple’s “pro-privacy” stance when it comes to these kinds of events has resulted in the security of its phones being a selling point for customers. However, the Face ID program opens up a legal gray zone with regard to the privacy of your phone and what’s on it.
The Fifth Amendment protects individuals from being compelled to be witnesses against themselves in a criminal case, and this same type of protection extends to the information in our phones. You don’t have to unlock your phone for a police officer, but the law isn’t clear about the implications of biometrics, such as fingerprint or facial recognition.
“The Fifth Amendment implications of using a biometric to lock your phone are unclear, because we don’t have any Supreme Court cases directly on this point,” says Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation. “Based on the reasoning in old cases, it’s possible courts would find that a phone locked with a passcode is protected, while a phone locked with a biometric is not.”
Meanwhile, the government claims the Fifth Amendment does not protect you from being forced to use a biometric to unlock your phone, according to Lynch.
“They regularly include language in search warrant applications to allow federal officers conducting a search of a home or business to make anyone present during the search unlock their phones using their fingerprints,” Lynch says.
“Historically, courts have held that people can be compelled to produce biometric or physical evidence, like their fingerprints or a voice exemplar,” adds Rachel Levinson-Waldman, senior counsel at the Liberty and National Security Program of the Brennan Center for Justice at NYU School of Law. “Because of that, the recommendation for best privacy protection has been to use a strong alphanumeric password rather than a fingerprint or facial recognition to unlock phones, on the theory that, as long as they have a warrant, the police could press your finger against the phone or hold the phone up to your face and automatically unlock it.”
Levinson-Waldman notes, however, that one court has recognized that biometrics are different: “Where biometric data is used not only to identify someone but to give access to their phone—which, as the Supreme Court said in Riley v. California, ‘hold[s] for many Americans the ‘privacies of life’’—the constitutional protections might be more robust. But the law in this area is still unsettled.”
This is one reason why numerous protest organizers have recommended you turn off any biometric unlocking system and use a numeric passcode when attending a protest, as electronic surveillance is increasingly being turned on at public gatherings.
But it’s not just the immediate legal implications of the move that warrant attention, as this foreshadows a future where facial recognition technology and its capabilities are much more widespread. We’ve already seen facial recognition tech spread to airports, social media, and traffic stops, just to name a few.
Levinson-Waldman worries that Apple’s use of Face ID will only further normalize facial recognition.
“Whatever a technology is used for at first, it rarely remains limited to that use. If facial recognition begins to be used to confirm train tickets, for instance, which is already happening in China, it’s a pretty short leap from that to serving up advertisements and more,” she says. “An even bigger concern would be building the kind of widespread facial recognition network that’s being built in China, which could be used to identify people at protests and more — it would spell the end of anonymity, which is a cherished American value.”
Levinson-Waldman also points to the fact that this technology doesn’t work as well on people of color, something that Wired recently wrote about with regard to Face ID and has lived implications, which I’ve previously written about for Medium.
Even though Apple’s program seems to maintain a high level of security, the company has made Face ID the new bar to hit in the smartphone market, and you can bet other companies will follow suit. Unlike Apple, though, they may not all have the same security standard.
“I’m more concerned about the larger privacy issues around facial recognition technologies, including compelled unlocking and — in the context of face ID databases — the risk from hacking and identity theft when there’s no way to change your faceprint,” says Lynch.
Indeed, were there to be a database breach, we’ve already seen how facial recognition programs could be used in deeply unsettling ways.
For example, as the Guardian reported in 2016, FindFace (a facial recognition app that is increasingly popular in Russia) allows users to photograph people in a crowd and work out their identities, with 70 percent reliability. And this is merely a public-facing app. Other applications, programs, and governments won’t be as forthright about the existence of such programs and capabilities.
So, while it may seem innocuous and fun, Apple’s Face ID program is one more step down the road toward, as Levinson-Waldman puts it, “the end of anonymity,” which should give everyone additional pause.
Gurupriyan is a Software Engineer and a technology enthusiast, he’s been working on the field for the last 6 years. Currently focusing on mobile app development and IoT.