For those of us who’ve lived and breathed Face ID on iPhone for a year already, or just gotten into it with iPhone XS or iPhone XS Max, this doesn’t feel like new or canny information. For the mainstream, though, it’s just beginning to enter the consciousness and the conversation.
As Apple continues to update its iPhones with new security features, law enforcement and other investigators are constantly playing catch-up, trying to find the best way to circumvent the protections or to grab evidence. Last month, Forbes reported the first known instance of a search warrant being used to unlock a suspect’s iPhone X with their own face, leveraging the iPhone X’s Face ID feature.
But Face ID can of course also work against law enforcement—too many failed attempts with the ‘wrong’ face can force the iPhone to request a potentially harder to obtain passcode instead. Taking advantage of legal differences in how passcodes are protected, US law enforcement have forced people to unlock their devices with not just their face but their fingerprints too. But still, in a set of presentation slides obtained by Motherboard this week, one company specialising in mobile forensics is telling investigators not to even look at phones with Face ID, because they might accidentally trigger this mechanism.
“iPhone X: don’t look at the screen, or else… The same thing will occur as happened on Apple’s event,” the slide, from forensics company Elcomsoft, reads. Motherboard obtained the presentation from a non-Elcomsoft source, and the company subsequently confirmed its veracity.
Biometrics, it’s important to remember, are best thought of as a username and a convenience, not a password or a security measure. They can and will be used against you, both under legal and, likely, extra-legal in-the-field situations.
That’s why you can squeeze the two side buttons to temporarily disable Face ID, or turn it off and fall back on a passcode or strong password.
For more on locking down your iPhone, watch this:
And yeah, I get that this complicates lives for investigators. So does our society’s refusal to fingerprint and DNA-database every baby born. I’ll talk about it more in the future but it’s becoming increasingly clear we need constitutional protection for our currently external but inevitably internal extended memory and computing devices.
But that’s going to be a much longer conversation.