On September 12, Apple rang in its 10th anniversary with a slew of much-awaited launches—iPhone X, iPhone 8, Series 3 Apple Watch, Apple TV 4K, iOS 11 and watchOS 4. Undoubtedly, Series 3 of the Apple Watch, with the ability to make calls from a wristwatch, gave life to sci-fi imaginations from popular fiction and comics, and garnered the most attention during the launch. On the popularity index, the watch was closely followed by iPhone X because of two reasons—price and Face ID.
The facial recognition solution, Face ID, introduced by Apple in iPhone X, has put the spotlight back on facial recognition technology. Apple did not pioneer facial recognition. Prior to iPhone X, rival Samsung’s Galaxy C8 was the latest one to have facial recognition to unlock the handset using the user's face.
However, the facial recognition security feature was often bypassed by hackers, and hence, there has been palpable scepticism among the public regarding the use of this technology.
How does the technology work?
In facial recognition, the software scans specific critical points of the face, such as retina, nose, lips and ears. These are points that cannot change in an instance, and thus ensure that changes to the face over a period of time do not impact the recognising capabilities. Once these points are identified, a proportionate map of the face, which is unique for a person, is generated. This map is identical to the one used in fingerprint identification, where the value is calculated based on the differences in shapes of the rings of the finger.
Based on this map, a complex algorithm is generated with a specific value, unique for each face. The first such algorithm generated is registered in the device. The next time a face comes in front of it, the device checks if it matches with the registered face and unlocks if it is a match.
While most of the facial recognition technology solutions used for commercial purposes use a 2D image, what sets Apple’s Face ID apart is that it uses a 3D image. According to Apple, its camera works on generating a detailed, in-depth map of the face. iPhone X is equipped with a dot projector, infrared camera and flood illuminator for this. The dot projector builds the unique facial map by projecting more than 30,000 invisible dots on to your face. The infrared camera generates the dot pattern of your face, captures an infrared image and then sends the data to the chip within the device to confirm a match. The flood illuminator uses invisible infrared light that helps identify your face even when it’s dark.
To allay security fears, Apple has the 3D facial map stored and authenticated within the chip of individual devices and not on a cloud.
In addition, Face ID also demands a ‘liveness test’ for it to function. This essentially means that you will be able to unlock your phone only if your eyes are open and needs your attention to function. “With Face ID, iPhone X unlocks only when you’re looking at it,” claims Apple.
Thanks to this feature, Apple confidently claims that its facial recognition technology is the most secure and can’t be ‘fooled’ using a mask or photo, and keeps a check on fraudsters.
Face recognition vs fingerprints
Facial recognition is not new in the world of technology and has been researched upon for decades. The earliest known research on facial scanning and automated identification dates back to the 1960s.
Facial recognition technology, at present, scores well above fingerprints when it comes to security against bypassing | File
Since the 1990s, the technology has been actively pursued and put to use by defence departments of various governments around the world. A couple of years back, Facebook and Google introduced features that were automatically able to identify and tag users in pictures uploaded.
Meanwhile, the world began to increasingly adopt biometrics as a security feature. However, the solutions used for intelligence purposes such as those used by police and investigative departments differ from those rolled out for commercial purposes, including phones, attendance system and online payments. While the security agencies use 3D images, those for the latter purpose, till recently, used 2D images. “So, it was easy to bypass a device using a photo,” says cyber security expert Rakshit Tandon. “However, with Face ID, this is fast-changing. 3D is expensive, but encrypting and decrypting will also get tougher.”
Facial recognition, at present, also surpasses fingerprints when it comes to security against bypassing. Apple claims that the overall risk of another person unlocking the phone is one in a million. “Apple’s high-speed processor and RAM helps it to successfully implement such a robust solution on its device,” says Sanjay Kumar Gupta, managing director at Inttelix Security Solutions, an Indian company that develops solutions based on face recognition.
Security concerns
That said, security fears associated with facial recognition technology are the same as those with any external biometrics. One of the major problems is the lack of consent needed to capture face and identify the same. With the popularity of CCTVs, it doesn’t take much to track down a person’s movement throughout the day.
Another major concern that comes coupled with the technology is the kind of information that is gathered from a face. Recent researches say that facial scanning can even predict one’s personal and intimate characteristics, including criminality and sexuality. “There are things that our faces convey, which we have no option of hiding anymore and could lead to discrimination,” says Pranesh Prakash, policy director at the Centre for Internet and Society, a non-profit organisation that engages in policy research.
While these are the two broad categories of privacy concerns, these could have implications on a plethora of unprecedented problems in our day-to-day lives.
“However, with Face ID, the larger concern is that it normalises facial recognition. While it might be better compared to Facebook and Google with its decentralised storage feature, on the other hand, it is normalising the technology, without alleviating its irrevocability factor,” adds Pranesh. Once established and registered, facial recognition-based identity cannot be reversed or replaced, because one cannot replace one’s face.
How do you stay secure?
As far as India is concerned, as long as there is no data protection and privacy policy in place, citizens have limited options to protect themselves and stay guarded against possible violations. The following approaches must help, as precautionary measures:
Utilise the luxury of choice: You always have a choice to use face recognition as an unlocking tool or rather conform to the age-old passcodes/passwords. If you believe there are situations where you could be forced or are susceptible to threats of identity fraud, it is ideal you choose the security of a passcode over the convenience of a face recognition tool.
Catalyse policy-making: Encourage and engage in widespread debates about the use of biometrics and the creeping nature of surveillance entities, including governments and private actors such as Facebook, Google, or companies such as Boeing and Crossmatch, which develop biometric security features. Identify instances where your biometrics could be used without proper oversight or accountability. Dialogues and increased awareness would eventually lead to better legal regimes and better guard against fraudsters.
