Intrusive Law Enforcement Agencies Celebrate iPhone X

First, I want to congratulate @apple for introducing a $1000 phone with features like wireless charging and an edge-to-edge screen that my last two or three android phones have already had.  Perhaps the most, or only, interesting new feature is the facial recognition.  Apple is abandoning fingerprint scanning in favor of facial recognition to unlock the phone.

I mention the law enforcement angle in the title because it has been a bone of contention how far law enforcement can go to make someone unlock their phone.  Clearly, when unlocking was PIN only, one only had to declare they forgot and no one could really disprove that.  With fingerprint scanning, it has been a point that is still in the courts (I believe) as to whether LE can force someone to unlock the phone with their finger.  Now, however, all they will have to do is hold the phone up to the suspect's face.  This less invasive unlocking technique is probably an everyday hassle reduction, but will make the phone incrementally less secure from snooping.

Morbid postscript:  I wonder if this works on a corpse?  Is there a heat sensor of some sort, or are the kids going to be saying "let's get the eyes on dad's body open so we can get his phone unlocked".

  • me

    Couldn't agree more.

    That said, "I forgot the password" is not a valid defense, according to this currently ongoing saga, all you get for that is indefinite contempt of court: https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/

  • Jaedo Drax

    If you want to secure something, never use a biometric. If the underlying code is ever broken, you can't change the biometric.

  • David Pruett

    One item mentioned off hand was that if your eyes are closed or your face averted, face recognition would not work. Maybe they put that in just to give people an out. But, I await the real thing.

  • mogden

    If you wink five times with your left eye, it locks the phone with a passcode.

  • craftman

    There is an infrared sensor - this prevents people from using a photo of you to unlock the phone (could this be hacked by putting a hair dryer up to a photo for 10-20 seconds? Somebody get that bug bounty!)

    And someone mentioned previously that it knows if you are looking right at the phone or simply near the phone. I can't imagine that would be hard for LE to get around. During interrogation, look me in the eye, BAM! I throw the phone up in front of your face.

  • Don

    Cops on the street using the stop and frisk method won't be able to get a court order to unlock your phone. The linked article is a little different than typical police harassment and snooping dig for dirt. Apparently they got a warrant to search a house and seize personal effects such as the hard drives. I would be curious what popehat would think of this. IMO the police had a suspect and a specific item they were looking for. I would think that it meets all the rules of a reasonable search and seizure following the warrant rules. The fact that the police can't decrypt it though. That's their problem isnt it? I mean if I had documents in some language would I have to translate them for the cops? That's not my problem. I would think. But obviously those judges in philly know better than I.

  • Aggie -

    yes, let's all figure out the work-arounds that might defensively approximate the protections that we used to automatically have. I'll stick with the old forgettable pass codes on my android device.

  • Agammamon

    Edge-to-edge screen? Funny thing is, the black part around the edge of the screen, while technically part of the screen and not the bezel, is still, you know, black and doesn't function as a screen.

    As far as I can tell, *proportionally*, its still the same percentage of usable screen to unusable dead space as my Galaxy S5.

    Which also takes MicroSD.

  • Agammamon

    Its just a light to illuminate your face in dark environments - the rest of its just bog standard optical recognition. A sufficiently high resolution picture will probably be doable.

  • Q46

    On current iPhone models with finger print id, a password is required before Touch ID will work if the phone has been switched off, or if Touch ID has not been used to unlock an app or the phone during the previous 8 hours.

    I believe these are features introduced specifucally to prevent owner being forced (police) to use Touch ID.

    It seems likely this safeguard will be incorporated in facial recognition iPhones. Just switch it off then a password will be needed to open it.

  • kidmugsy

    Quick, Mr Coyote, write a whodunnit that turns on unlocking the phone using a corpse. Or even just a photograph. Or a holographic image. Quick.

  • Ruggerbunny

    "The fact that the police can't decrypt it though. That's their problem isnt it? I mean if I had documents in some language would I have to translate them for the cops? That's not my problem. I would think. But obviously those judges in philly know better than I."

    Tough question that. If true, anyone in a civil suit could quickly encrypt their files and avoid discovery. Yet destroying, read make unusable, said documents is a crime. Tough call on how to properly adjudicate that. I would fall on the warrant/discovery side requiring it, and all else not.

  • craftman

    I don't know what to say other than that is factually not true. From http://www.latimes.com/business/la-fi-apple-iphone-updates-face-id-how-the-iphone-x-s-facial-1505248709-htmlstory.html

    "The system relies on an advanced suite of tech packed into the front of the new phone. It involves an infrared camera, flood illuminator, front camera, dot projector, proximity sensor and ambient light sensor.

    The dot projector beams out more than 30,000 invisible infrared dots, and the infrared camera captures an image."

    AND

    "Schiller said Apple also worked hard to ensure the technology "can't be easily spoofed by things like photographs."

    "They've even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID," he said."

  • Dan Wendlick

    The joke bouncing around our IT department is that users will need to get plastic surgery every 90 days to comply with password expiration policy

  • ErikTheRed

    I don't get the hate on Apple adding features that other phones already have. In some cases (like wireless charging) it's a design tradeoff- the materials in the back panel of previous models didn't allow it. But many of the headline issues like the edge-to-edge OLED display have to do with component supply. The volume of even Apple's lowest-selling phones is in the tens of millions of units, and getting that many new parts out the door is a pretty substantial challenge.

    As far as heat goes, most of the FaceID work uses an infrared camera so the data is already there.

  • ErikTheRed

    Depends on the biometrics. Even if your data is stolen (and there are plenty of ways to do that) you still have to compromise the chain of trust with the biometric reader. Apple's implementation for TouchID makes that problematic by storing the actual data in an isolated on-die coprocessor with a cryptographic chain of trust to the reader, but most Windows and Android devices are susceptible to MITM attacks on the reader and have limitations on how well they can secure the data at rest. I'm not sure about Apple's FaceID. Even if they store the data in the Secure Enclave, the phone still uses the neural net coprocessor (on the same die) to handle the recognition process and there may be some novel side-channel attacks against that, tricks that can be used to pull data left in a shared cache or off-die DRAM, etc. That being said, Apple generally puts far more thought into security than any other consumer-grade OS / device maker (their methodology for maintaining cross-device trust that they can't access themselves is freaking brilliant), and they probably did a pretty good job here. We'll have to wait and see.

    In any case, for day-to-day use the risk of having your biometric data stolen and your device being hacked at a hardware level is massively lower than the risk of somebody shoulder surfing your PIN. At least in my humble opinion.

  • ErikTheRed

    I am so stealing that joke.

  • ErikTheRed

    On IOS 11 they added a feature that lets you quickly disable TouchID (requiring your PIN or passphrase to re-enable) by rapidly pressing the home button five times. Not sure about disabling FaceID.

  • ErikTheRed

    "Intrusive Law Enforcement Agencies Celebrate iPhone X"

    Geez I hate fanboi arguments (and there are plenty of things I can slag on Apple for*), but this is just dumb. The security of every version of Android prior to Oreo could, with extreme kindness, be described as "a complete fucking dumpster fire." Historically, Google has been much better at announcing security initiatives for Android than they have been at actually implementing them (device disk encryption, anyone?). Oreo added a lot of touches that appear to be well thought-out, but again, with Google's history we'll have to see how well they hold up in practice.

    *A little Apple slagging, lest the Android fanbois dox me and set fire to my house:
    1) I can't stand their cloying political correctness and Pavlovian need to make some asshat gesture of virtue signaling in response to various tragedies, like changing the pistol emoji to a squirt gun and removing any app with a confederate flag, even just as a historical photo. I don't even give a rat's ass about the confederate flag, but mindless censorship annoys deeply.
    2) They have proven time and time again that they are amazingly good at crypto (which is very difficult to pull off correctly), but they don't apply that to everything stored in iCloud.

  • Mark Alger

    I've heard MANY security types advise that one should NEVER use biometrics to secure devices. 1) They're irreplaceable. If one gets stolen or hacked, you can't get another retina for your right eye. Or a right forefinger. 2) Any biometric object is, in essence, only a bitmap. And a billion Photoshop users can demonstrate that bitmaps can be faked.

  • ErikTheRed

    That's more of an implementation question than it is a methodology question. Strictly speaking, unless you're particularly sloppy with passwords most of your biometric data (fingerprints, hand or face geometry, etc.) is easier to steal than your password - all you have to do is not be conscious, and all of us are in that state for several hours a day. With fingerprints, all you have to do is touch something, and most of us not locked in padded rooms touch stuff all day long. Your biometric data can and will be stolen, just like your date of birth, driver's license number, and social security number (or equivalent) have almost certainly already been stolen and have probably been traded around the black markets for years. And while it's possible to lift biometric data from some mobile devices, it's also possible to lift enough PIN or passphrase information based on a variety of methods like finger oil residue on the screen (or, recently, being able to read microphone and / or accelerometer data while the PIN or passphrase is entered) to give an attacker a reasonable chance at successfully compromising the device.

    The real security question, regardless of the methodology, is how difficult is it for a malicious party to pretend to be you? In the overwhelming majority of real-world cases, biometric authentication is more difficult to impersonate than PIN or passphrase authentication. Yes, there are corner cases where this is not true, such as people that are exceptionally conscientious about using random PINs and passphrases and not reusing them between devices and systems, but these people are extreme-tail-end-of-the-bell-curve rare. You have to design security for your average user, which is someone who will put the absolute minimum amount of effort into all aspects of the process other than complaining when they get locked out or when their device or account gets hacked. Even bad biometric authentication is usually better than the alternatives here. Very, very good biometric authentication (like Apple's TouchID) is an easy win in all but the most extreme circumstances - people with no fingerprints, or people with a spectacularly high probability of somebody putting significant money and effort into defeating their fingerprint authentication. Again, very rare corner cases. We'll see how well FaceID holds up, but based on Apple's reputation in this area it's probably a safe bet. There are plenty of subjective and objective reasons to be pissy with Apple, but device security is not one of them. None of their competition is even remotely competitive right now.

  • crs44

    It seems to me the Fifth Amendment would prevent them from forcing him to decrypt it.

  • Corey Snow ☁️☄

    The Samsung Galaxy S3 had facial recognition 4 years ago.