Dear Senator Franken,
Thank you for your interest in Apple's new Face ID feature. With Face ID, Apple
continues to offer consumers products that use cutting edge technology, including in the
provision of security and privacy features. We also continue to communicate directly
and transparently with our customers about the security and privacy-related impacts of
our products. As we have done with previous security features, we have published on
our public website both a Face ID security white paper and a Knowledge Base article to
explain how we protect our customers’ privacy and keep their data secure. | have
attached copies of both documents so that you can see the detailed information that,
answer all of the questions you raise in your letter dated September 13, 2017
As you will see there, in the same way that Touch ID revolutionized authentication using
a fingerprint, Face ID revolutionizes authentication using facial recognition. Once it
confirms the presence of an attentive face, the TrueDepth camera projects and reads
over 30,000 infrared dots to form a depth map of the face, along with a 2D infrared
image. This data is used to create a sequence of 2D images and depth maps, which are
digitally signed and sent to the Secure Enclave. Face ID data, including mathematical
representations of your face, is encrypted and only available to the Secure Enclave.
This data never leaves the device. It is not sent to Apple, nor is it included in device
backups. Face images captured during normal unlock operations aren't saved, but are
instead immediately discarded once the mathematical representation is calculated for
comparison to the enrolled Face ID data.
Face ID confirms attention by detecting the direction of your gaze, then uses neural
networks for matching and anti-spoofing so you can unlock your phone with a glance.
The probability that a random person in the population could look at your iPhone X and
unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch
1D). For additional protection, Face ID allows only five unsuccessful match attempts
before a passcode is required to obtain access to your iPhone.
‘Third-party apps can use system-provided APIs to ask the user to authenticate using
Face ID or a passcode, and apps that support Touch ID automatically support Face ID
without any changes. When using Face ID, the app is notified only as to whether the
authentication was successful; it cannot access Face ID or the data associated with the
enrolled face.The accessibility of the product to people of diverse races and ethnicities was very
important to us. Face ID uses facial matching neural networks that we developed using
over a billion images, including IR and depth images collected in studies conducted with
the participants’ informed consent. We worked with participants from around the world
to include a representative group of people accounting for gender, age, ethnicity, and
other factors. We augmented the studies as needed to provide a high degree of
accuracy for a diverse range of users. In addition, a neural network that is trained to
spot and resist spoofing defends against attempts to unlock your phone with photos or
masks.
‘As you know, Apple has always been a leader in protecting user privacy and security. At
any time, we would be happy to provide you with briefings on our products should you
desire additional information. Thank you again for your interest in Face ID.
Sincerely, 4
Cynthia C. Hogan
Vice President for Public Policy, Americas
Apple