
How law enforcement is trying to avoid disabling Face ID - okket
https://9to5mac.com/2018/10/13/cops-disable-face-id/
======
14
Perhaps the software is already advance enough that a user could use a more
complex input into the facial recognition system. For example left eye closed.
Or nose scrunched. A pout face. And so on. That way the odds of someone
forcing the correct input in the limited allowed attempts greatly diminishes.

~~~
sulam
Or if you're me and millions like me -- take off your glasses. Works like a
charm! (By which I mean it doesn't ever work.)

~~~
matthewmacleod
That’s interesting - I don’t experience any difference between unlocking with
glasses on and with them off.

I actually thought I did at first, and was a bit annoyed. But it turned out I
was just holding the phone far too close to my face when I didn’t have glasses
on.

~~~
dan-robertson
Also if you fail with a sufficiently similar face and then quickly unlock with
passcode then it will remember your “new” face and unlock for it. This is to
allow the phone to work with eg changes of appearance that a slow (eg growing
hair) or sudden (eg cutting it)

------
andyv
I'm reminded of the scene in "The Return of the King" where Gandalf wraps the
palantir in a cloth because he's afraid Sauron might be on the other end.

New step one when seizing an iphone: wrap it in something opaque...

~~~
walrus01
Serious answer, small faraday cage bags with velcro+zippers are already sold
to law enforcement who need to seize a powered-on phone.

~~~
yjftsjthsd-h
How have network dead man switches not become popular? "If this phone has had
no network access for 4 hours, power off" (assuming encrypted storage).

~~~
Marsymars
You wouldn't even need to power off, just require passcode. You'd also need to
require passcode to enter airplane mode.

Passcode requirements are pretty opaque though - as is, my Android and iOS
devices ask for passcode (vs biometrics) randomly (from my perspective). Would
be nice to have proper documentation of all the conditions that force passcode
entry.

~~~
BoorishBears
>You must enter your passcode or password for additional security validation:

\- after you restart your iPhone, iPad, or Mac;

\- when more than 48 hours have passed from the last time you unlocked your
device;

to add or delete a fingerprint to use with Touch ID;

\- to change the iPhone or iPad passcode or Mac system password, and for other
security settings like FileVault on your Mac;

\- when there have been more than five unrecognized Touch ID authorization
attempts in a row;

\- after you log out of your Mac.

[https://support.apple.com/en-us/HT204587](https://support.apple.com/en-
us/HT204587)

Face ID has the same document:

[https://support.apple.com/en-us/HT208108](https://support.apple.com/en-
us/HT208108)

~~~
Marsymars
Cool, thanks. Seems the Android heuristics for requiring passcode entry are
fuzzier.

------
tolmasky
I find it very strange that Apple is held as a champion of privacy while
simultaneously creating a culture of incredibly poor passwords. Perhaps the
problem is that there are “two” privacies - the everyday protections against,
say, Facebook, and the more traditional worry of a journalist in a hostile
country.

Either way, I think we need to be taking this more seriously - most
international borders require you now to take a picture. But forget countries,
_Disneyland_ now takes your picture by having an employee point an iPhone at
you, a device equipped theoretically with the same technologies to reproduce
whatever face data is necessary to get into your phone. To me, the “triumph”
of FaceID and TouchID is analogous to Apple having “solved” the password
problem by just auto-selecting “123” for everyone. Part of the responsibility
of privacy protection is in the culture you build and how you implicitly
educate your user through your designs. Apple bends over backwards telling
everyone how crazy secure FaceID is, while potentially setting them up to have
their data entered into incredibly easily when dealing with the most dangerous
adversaries.

There was a great opportunity here to make a great feature that _also_
educated the user: FaceID could have for example been an Apple Wallet feature.
Credit Cards are a system built to expect fraud. They are expected to be
stolen, and that’s why they build in a system to reverse charges. Telling a
user that an Apple Pay charge can be quick and painless with FaceID (and avoid
a full phone unlock) since the danger is not permanent would have still been
more convenient than before. At the same time, by requiring the user to type a
full password to access their data, the user would implicitly be taught that
data theft is for some reason more dangerous, and thus begin to build the same
intuitions computer-literate users have. In fact, if all the user did was use
FaceID for their credit cards and no password for their photos, it would
account for most of “normal” people’s security concerns, without also
inadvertently confusing the security conversation where activists may not know
the proper way to secure their data.

------
ams6110
Another illustration that your face and/or your fingerprints are not
passwords. You should disable all that and set a PIN of at least 6 digits.

~~~
matthewmacleod
On the other hand, since people don’t want to bother entering a long password
every time they pick up their phone, they’ll be more likely to disable it
entirely.

Security is a continuum.

~~~
okket
Also, even if you are not famous or in the spotlight too often: I can think of
many occasions in the public where I rather look at my phone to unlock it,
then enter a complex number/password.

------
caseysoftware
Touch ID is no better.

There was recently a story of a married couple flying. The wife thought the
husband was cheating, so after he fell asleep, she unlocked his phone right
there and read everything. She didn't handle the news well.

~~~
ddebernardy
Doesn't FaceID require you to actively watch the phone? That would seem a few
notches above what you described...

Either way if you're paranoid about security you should use a passcode on top
to boot.

~~~
philjohn
It does.

Eyes closed, or even eyes looking away, and it just doesn't unlock in my
experience.

The best advice if you think you're about to be stopped and have a digital
device confiscated is to shut it down, requiring a passcode to open.

~~~
Operyl
Or five button presses of power button on iOS.

------
subhro
Ask your phone: Hey Siri, whose phone is this?

That disables biometrics at least on iPhone 7

~~~
jeffhiggins
Hold the lock button and one of the volume buttons for 3 seconds. This
disables biometrics, and gives on-screen swipe options for MedicalID and
Emergency SOS. Pressing the lock button 5 times also disables biometrics,
begins a 3-second countdown to auto-call your Emergency SOS contacts and 911.
One nice touch is that the language used to let you know Touch/FaceID are
disabled doesn’t rat you out to the cops (just says that Touch/FaceID doesn’t
recognize you, not that you intentionally disabled it). If these don’t work
for you, there are options under Settings, Emergency SOS.

------
asdfasgasdgasdg
Honestly, despite the shortcut, you should not be using FaceID if you're
worried about your phone being unlocked while you're under duress.

------
joering2
Correct me if Im wrong but FaceID will not work when Im dead right? The
underlining software detects temperature similar to thermal detector and thats
the way it builds an image of your face no?

~~~
chrismeller
I’ll be honest, if I’m dead... you’re welcome to it all.

I’m much more worried about a court compelling me, while alive, to provide my
face or fingerprint. They can easily force biometrics out of me, but they’d
have to torture a passcode out. Even if I have nothing to hide and/or give it
up in the first five minutes at least that was my choice and not one made for
me.

~~~
sbr464
Saying the below potential ideas with the tin-foil hat aside, just potential
worst case scenarios.

Could access Employee/Employer/Client Data?

Open the password manager with access to vendor/company login info, ssh keys.
Could access company systems with access to more data. Could change
data/commit code etc to those systems remotely/temporarily.

Be able to open 2 factor apps that could enable access to financial info
(tax/theft etc), which could hurt loved ones/heirs. If you were an investment
advisor/trader the offender could make trades/wire money on client accounts.

I think law enforcement is one concern but a wealthier/powerful user could
attract other parties.

If you died over a long holiday weekend or vacation, that access could go
undetected long enough to have consequences.

------
voidmain
I think the future defense against this sort of thing is more situational
awareness on the part of the phone. You won't just have to fool the
biometrics, you'll have to do so without making the phone suspicious at any
point. My guess is that phones already have enough sensory data to pretty
reliably distinguish everyday usage from being stolen or confiscated, and it's
"just" a matter of fitting a model. Nor does the phone have to ignore what
happens to it after it's unlocked.

No one tries this sort of thing on people or animals, and it's because they
don't shut their perceptions off at all times except for a half second when
they are authenticating someone.

~~~
dogma1138
I wonder when the app that wipes your phone if the GPS shows it to be at a
police station or an evidence lockup will come out and what are the
repercussions of having such an app will be.

~~~
s73v3r_
There was the guy who sold the "secure" phone (it was targeted at drug dealers
and cartel members). He would remote wipe them if they were in police custody.
He's now going to jail.

Courts take an extremely dim view of the willful destruction of evidence.

~~~
dogma1138
That’s a bit different if he actively wipped them once he knew they were in
police custody that is tampering with evidence.

However a self destruct mechanism that is either on a rolling timer or event
driven for which you don’t need to take an action to initiate it but must take
an action to stop it could be a legal loophole but it sure won’t look good in
court.

------
cdubzzz
> Apple makes it very easy to quickly disable Face ID [...] simply press and
> hold the side button and either power button for several seconds.

It would be nice if it were even easier. E.g a triple click of the power
button — something that you could do with one hand in your pocket in less than
a second.

~~~
arkadiyt
That's what it used to be (5 power clicks) before the iPhone X/XS - shame that
they changed it.

~~~
kkielhofner
It's still five on my iPhone X. It defaults to going into some sort of
emergency alarm with a blaring horn but that can be disabled in settings.

------
donarb
Or maybe they can just place their thumb over the sensor.

------
anon7429
Re rubberhose security: Face ID and Touch ID were both major security blunders
by Apple because these enable security services and criminals to compel anyone
to unlock their devices and incriminate/rob themselves. Only what someone
knows, rather than what someone has, cannot be chopped off, presented or
forcibly-applied to unlock a device... revealing information under duress is a
choice, having a fingerprint taken to unlock a device is not a choice.

~~~
yellow_postit
Apple isn’t a security focused company though, its a consumer goods company
where ease of use trumps most other things. With that in mind, biometric
posing as security is great for their bottom line. Security or privacy is
sometimes a nice byproduct of how they want to market devices.

