This week at WWDC, Apple announced a new facial recognition system — although if you weren’t watching closely, you might have missed it. It came as part of an upgrade to Photos, which will soon catalog your pictures according to the faces in them. "The big news in Photos this year is Advanced Computer Vision," Federighi told the crowd. "We’re applying advanced deep learning techniques to bring facial recognition to the iPhone."
In some ways, Apple is playing catch-up. The new Photos system is a less cloud-heavy version of the system Google Photos first unveiled last May, which in turn drew heavily on Facebook’s long-standing system of auto-tagging photos and cataloging them by person. It’s a popular feature, one that Apple couldn’t resist building into the iPhone.
"Bring facial recognition to the iPhone"
It’s also a controversial feature. Both Google and Facebook are currently facing lawsuits over their facial recognition systems, which plaintiffs claim violate Illinois’ Biometric Information Privacy Act. Recognizing a person’s face requires building a faceprint to compare it to, akin to collecting a person’s fingerprint for future reference. According to plaintiffs, that counts as collecting biometric information, which requires more notice and consent than either company is providing.
Apple’s system is more focused on privacy than Facebook's or Google’s, with stricter limits on how the data is collected and stored. Onstage, Federighi insisted that Apple’s new system only uses local data, which means the company isn’t storing faceprints on company servers — a crucial point for anyone worried about their faceprint being used for more than just cataloging photos. Faceprints are still being created and used, but it's all happening on your phone, where Apple and the rest of the world can't access it. That’s different from Google and Facebook, which store data on the cloud and get significant scale benefits as a result.
But it’s not clear those measures matter for a suit under the Illinois law. The text of the law deals with systems that try to "collect, capture…or otherwise obtain" biometric identifiers. Even if the faceprint never leaves your phone, it’s hard to say Photos isn’t collecting it. If a court decides Apple's Photos app really is collecting biometric data, the question becomes whether they’re getting informed consent for it. As long as iOS 10 is still a work in progress, it's hard to say for sure, but early indications suggest there's no separate opt-out for the Photos system. With both Google and Facebook facing suits for insufficient disclosures, that's ample reason to be concerned.
Turning photos into faceprints is a serious power
There’s a real privacy issue at stake, even beyond the possible lawsuits. Facial recognition can be put to some very creepy uses when faceprints are freely available, as we saw with a popular Russian app that summons up names and phone numbers for random passersby. It can also be genuinely useful, as we’ve seen with the new crop of smart photo apps. The trick is allowing for the good uses of the technology without opening the door to the bad ones, which generally means building in robust privacy measures like the disclosures mandated by the Illinois law.
None of this is likely to cause a major problem for Apple’s Photos app in the long term. The Google and Facebook cases are still being litigated, and the companies may still come out on top. Even if they lose, the result won’t be much worse than a fine and a new page on the Terms of Service. The law itself is also in danger, targeted last month by a hastily tacked-on amendment that would have severely limited its reach. (The amendment was later withdrawn.)
But the issue at stake is much larger than a single law or a single product. In a world of omnipresent cameras and cloud storage, turning photos into faceprints is a serious power. There are good reasons to do it, as we’ve already seen in security systems, airports and, yes, in photo-storage apps. But keeping the system in check means letting users know when and how their faceprints are being stored. So far, the tech approach has been to make the process as seamless — and invisible — as possible.