Siri, define privacy: Why Canadian law isn’t ready for the iPhone X

Apple’s latest iPhone is going to launch in a brave new world that is unprepared to legislate biometric security like Face ID

iPhone X Face ID settings

At its core, Apple’s Face ID is a facial scanner that unlocks the iPhone X when the device recognizes the user’s face.

You no longer need to press your finger against a fingerprint sensor — like with Touch ID — and users don’t need to type in a password — like with locked computers or smartphones. All it takes for the owner of an iPhone X to unlock their smartphone is to raise the device to their face, allow the phone’s TrueDepth camera to scan their facial features, and briefly wait for the device to unlock.

Apple claims that the process is almost instantaneous and that there’s a one-in-one-million chance that someone else will be able to unlock the phone using their face. Apple has also reassured any potential owners that Face ID can’t be fooled by a photograph, like other similar features that currently exist in the market.

In a recent security briefing, Apple clarified that the iPhone X’s facial recognition biometric data is not stored in the cloud. Instead, facial data will be kept onboard the iPhone X’s A11 Bionic chip — meaning that Apple won’t be able to use any user’s biometric data without their consent.

Apple has further clarified that you can disable Face ID by pressing a number of different button combinations — the easiest of which is holding down the device’s right-side button along with the volume down key.

These facts are meant to alleviate concerns related to losing the phone, as well hesitancy related to switching away from Touch ID — biometric technology that arguably led to the widespread adoption of fingerprint sensors on modern smartphones.

While comforting, Apple hasn’t actually addressed the larger privacy concerns raised by the presence of their facial scanner on the iPhone X — namely that privacy legislation currently doesn’t outline any specific rules stopping government actors from abusing software that automatically unlocks a phone as soon as the device recognizes its owner.

As a matter of fact, there’s very little privacy legislation outlining any specific rules about fingerprint sensors and other biometric security measures, either. That’s the central problem, and in Apple’s defence, there’s very little that the company can do to actively change Canada’s, or the U.K.’s, or even the U.S.’s privacy legislation — which was outdated when Touch ID launched on the iPhone 5S in 2013 and that has changed very little since then.

Canadian law enforcement addresses the legality of warranted and warrantless searches

In Canada, law enforcement at any level — whether municipal, provincial or federal — is beholden to the existing legal infrastructure established by the laws of the land (including acts of Parliament), case law and the Charter of Rights and Freedoms.

The RCMP, therefore, “allows for search of material relevant to the investigated offences only.”

According to an RCMP spokesperson, Canada’s federal police force also “uses a search warrant to access data on lawfully seized devices.”

This falls in line with Section 8 of the Canadian Charter of Rights and Freedoms, which clearly outlines that “Everyone has the right to be secure against unreasonable search or seizure.”

It’s right there in the Charter’s text, immediately following Section 7’s establishment that “Everyone has the right to life, liberty and security of the person… in accordance with the principles of fundamental justice.”The RCMP clarified that there are a number of circumstances by which the force “may conduct a search of a personal item contained within a prisoner’s personal effects, including a prisoner’s wallet or cellphone” — including a search without a warrant in circumstances when a search is incidental to arrest.

To be clear, the RCMP is allowed to search material that is deemed relevant to the investigation at hand. This can include things like a person’s home, car and, of course, their electronic devices.

“Such a search must be done promptly upon arrest or as soon as practicable after arrest, i.e. with proper justification it can be conducted in cells,” explained an RCMP spokesperson, in an email exchange with MobileSyrup.

The RCMP can also search devices without a warrant if “reasonable grounds exist to obtain a warrant to search an item, yet the delay necessary to obtain a search warrant would result in danger to human life or safety (including the prisoner’s), and/or loss, destruction, disappearance or removal of evidence.”

Admittedly, that’s a very complicated statement. In short, the RCMP is allowed to search electronic devices without a warrant if it makes sense to search an electronic device, but waiting to get a warrant could endanger someone’s safety or ruin evidence.

“…there exists no legislative compulsion to force a person to unlock their phone for police.”

Obviously, the RCMP can also search an electronic device if they’re given consent by the legal owner of the device, “which at times may be a person other than the prisoner.”

It’s also important to note that, according to the RCMP, “there exists no legislative compulsion to force a person to unlock their phone for police.”

This means that there’s currently no law in place that compels individuals under arrest to unlock their devices for an officer. That is to say, if asked by the RCMP to provide a password for a locked device, an individual can’t be forced to turn over the password.

However, Face ID isn’t technically a password or passcode.

Theoretically speaking, if RCMP officers felt it was justified to search your iPhone X, it would not necessarily be unconstitutional for RCMP officers to point the locked phone at your face in order to access its contents. After all, are you being forced to unlock your phone if it can be unlocked by simply pointing it at your face?

Then again, Face ID only works if your eyes are open. You could always close your eyes the entire time you’re under arrest.

MobileSyrup also asked if the RCMP takes into consideration the different kinds of biometric security protections on a smartphone before determining how to proceed with the investigation of the device.

The mounted police replied with a single word: “No.”

As representatives of the Canadian Civil Liberties Association (CCLA) and OpenMedia — two Canadian civil rights advocacy groups — will later elaborate, these distinctions matter, because biometric security can be bypassed by the simple DNA that law enforcement collects during routine arrests.

Electronic devices at the Canadian border

Of course, the RCMP wasn’t the only federal agency that has an established position on electronic devices.

According to a Canada Border Services Agency (CBSA) spokesperson, anyone trying to enter Canada is beholden to a complete search of any goods they may be attempting to carry into the country. If requested, you have to submit to a CBSA search.

“Electronic devices and media, including laptops, cell phones and other devices are classified as ‘goods’ in the context of the border, and CBSA officers have the lawful authority under Section 99 of the Customs Act to examine them as part of a routine examination,” said a CBSA spokesperson, in an email exchange with MobileSyrup.

Section 99 of the Customs Act enumerates the circumstances in which CBSA officers may search the belongings of someone attempting to cross into Canada. It’s a lengthy section, with multiple subsections broken down into further sub-subsections; however, it’s Section 99.1.a that really matters.

Interestingly enough, the CBSA clarified that Section 99 of the Customs Act doesn’t require the agency to establish reasonable grounds to “suspect or believe that a contravention has occurred.” In this case, the phrase “reasonable grounds” refers to the legal definition of the term, meaning that, once again, the CBSA technically doesn’t need to have a reason beyond suspicion to issue a search.

However, it is CBSA policy that an individual’s electronic devices will only be examined “where there is a multiplicity of indicators, or [to further] the discovery of undeclared, prohibited, or falsely reported goods.”

As for passwords, the CBSA will only “make note of passwords to gain access to information or files if the information or file is known or suspected to exist within the digital device or media being examined.”

“Passwords are not to be sought to gain access to any type of account (including any social, professional, corporate or user accounts), files or information that might potentially be stored remotely or online,” said the CBSA spokesperson.

All of which is to say that, if a CBSA officer asks you to unlock your device, you legally have to comply, but you don’t have to turn over any social media passwords, passwords to email accounts or passwords of any other variety.

“Modern law treats the contents of our phones and laptops […] as no different from the contents of a suitcase.”

It’s also important to note that CBSA policy mandates that a border officer disable a device’s wireless communications during a search. That still doesn’t change the fact that you have to submit to a search if requested.

Crossing into the U.S. from Canada is a completely separate issue, handled by U.S. Customs and Border Protection. However, Privacy Commissioner Daniel Therrien has previously said that Canadians should be “very concerned” about having their digital devices searched at the U.S. border.

Parliament is also currently debating preclearance measures for individuals entering the U.S. via Canada that should more firmly establish the rules for searching electronic devices.

As a quick note, MobileSyrup did reach out to the Office of the Privacy Commissioner of Canada (OPC) in researching this story. However, the OPC was unable to coordinate a phone or email interview.

Biometric security and privacy from the perspective of Canadian civil liberties groups

The Canadian Civil Liberties Association (CCLA) is a not-for-profit organization that works through Canada’s legal system to ensure that the human rights and democratic freedoms of anyone who calls Canada home are secure at all times.

Brenda McPhail has been the director of the CCLA’s privacy, technology and surveillance project since June 2015. She has a masters of information studies in library and information science from the University of Toronto, as well as a Ph.D. from the University of Toronto’s faculty of information.

“…it still is a very unsettled area of law.”

Understandably, McPhail has some noteworthy opinions on digital privacy and, to her credit, when asked about law enforcement authority to compel prisoners to unlock their devices — with or without a warrant — she matter-of-factly told MobileSyrup to consult a defence attorney.

Still, McPhail was able to shed some insight on the subject of Canadian privacy law and biometric security, beginning with the fact that “it still is a very unsettled area of law.”

“In general, fingerprints and other physical biometrics are treated differently in law than a passcode,” said McPhail, in a phone interview with MobileSyrup. “You actually have more privacy protections in the passcode than the biometrics.”

That’s because there’s little Canadian case law on the subject, and according to current precedent established in places like the U.S., biometric data is considered part of an individual’s body.

“Police can, with a warrant when it’s necessary, collect DNA,” said McPhail. This includes DNA like a fingerprint, or a breath sample at an impaired driving checkstop.

“A passcode is a product of your brain.”

In contrast, “a passcode is a product of your brain,” explained McPhail.

“So there are constitutional arguments that you shouldn’t be able to provide a passcode in a confrontation if providing a passcode is giving evidence against yourself,” said McPhail. “[There are] potential arguments to be made around passcodes and protecting passcodes that you can’t make with biometrics with the way jurisprudence is going.”

When McPhail says that there are potential arguments to be made, she means that quite literally. In many cases — both legal cases and the colloquial definition of the term — the important, essential arguments haven’t been made yet, because Canada’s legal framework hasn’t gotten to the point where it seriously needs to start legislating things like passwords versus biometric security on electronic devices.

“Law enforcement has long been behind the times when it comes to addressing the immense privacy considerations that should come with new technology.”

A device like the iPhone X, with facial scanning that Apple claims outrivals anything else on the market, enters a legal framework that isn’t just unprepared — it’s unaware.

Victoria Henry, a surveillance and free expression campaigner for digital rights not-for-profit OpenMedia, put it quite simply.

“Law enforcement has long been behind the times when it comes to addressing the immense privacy considerations that should come with new technology,” said Henry, in an email to MobileSyrup. “Modern law treats the contents of our phones and laptops, which contain everything from our most private conversations and photos to medical records and banking information, as no different from the contents of a suitcase. This is clearly outdated and needs to be addressed.”

Consider a series of thought experiments

Imagine you’re at a family gathering and you put your iPhone X down on a table. You’re with family and you trust them — it’s also rude to be on your phone around the people you love. Your 10-year-old, tech-obsessed cousin picks up your phone without your permission, points the device at your face, and has complete access to the contents of your device. Naturally, you’d be annoyed, but considering that your cousin meant no harm, you let it slide and let the kid play with your phone. Maybe you even politely, but firmly, tell your cousin that it’s rude to take other people’s stuff without asking first. Still, no harm, no foul.

Now, imagine you’re at the Canada-U.S. border, driving back home with your Canadian father and mother after visiting your American aunt and uncle. You approach the Canadian border agent, and they ask you to unlock the contents of your phone. You ask if you absolutely need to unlock your device, and the border agent says that yes, legally you do. Your parents whisper that you should listen to the agent and unlock your phone. After all, it’s not a big deal, right? You have nothing to hide, and they don’t want to run the risk of a lengthier security check — or worse. You unlock your device, and the border agent has complete access to your smartphone.

One last thought experiment. Imagine you’re at a police station, in an interrogation room. As is routine, the officers have taken the contents of your pockets — your wallet, your keys, and your shiny, brand spanking new iPhone X. They ask you to unlock your phone. You’re not smart enough to stay out of trouble, but you do know that under Canadian privacy law, agents of law enforcement need a warrant in order to compel you to hand over a password to unlock your phone.

But then the officers realize that you’re the proud owner of an iPhone X. It’s got a facial scanner. Canadian law isn’t terribly clear about biometric security. The officers confer with one another and determine that, for the sake of their investigation, they’ll proceed without a warrant. So they point the phone at your face, and all of sudden — just like your mischievous 10-year-old cousin — these officers have complete access to the contents of your iPhone X.

This is the world in which the iPhone X now exists.

There’s a solution — but it’s not necessarily a good one

It’s not unreasonable to argue that anyone worried about the iPhone X’s Face ID feature shouldn’t get an iPhone X. Other than not committing a crime, that’s the simple solution to this privacy problem.

It’s also not unreasonable to suggest that this privacy kerfuffle isn’t Apple’s fault. After all, facial recognition and other biometric security measures have existed in consumer devices long before Apple released Touch ID on the iPhone 5S and Face ID on the iPhone X. Android, for instance, has a feature called ‘Trusted Face’ that works similarly to Face ID, while Samsung introduced an iris scanner with the Galaxy Note 7 in 2016.

Both features, however, are less effective than Apple purports Face ID to be.

The issue on the table, however, isn’t who released facial scanning and fingerprint reading first, or who should and shouldn’t buy the latest iPhone.

The issue on the table is that we now live in a world where the rate of technological innovation and development supremely outpaces the rate of legislative decision-making.

The solution to this privacy challenge, therefore, isn’t to avoid buying an iPhone X. The solution to this privacy challenge isn’t to point out simple solutions, either.

Truth be told, I don’t know what the solution is. I do know, however, that the first step to solving any problem is acknowledging that there is one.

Our laws are supposed to be descriptive as well as prescriptive — they should not only look back, but they should also look ahead. As of right now, our laws are lagging far behind and the iPhone X is only the latest device to make that evident.

Comments

  • thereasoner

    Just close your eyes the entire time you’re under arrest? Lmao!

  • thereasoner

    What I find disturbing is that Apple claims the face data never leaves the device. Yet developers can ask permission for it. Apple says they have to promise not to sell data from face ID, yet Apple can’t properly monitor this and worse the developer has to keep your face data secure on their own servers and no one can guarantee that dozens of potential developers/servers can pull that off!

    This should be a huge privacy concern for those Apps fans so critical of the competitions supposed lack of privacy and I can easily imagine the uproar had Google introduced this tech and allowed developers access to it instead.

    I get that Apple needs something to market for their new devices and that under the display fingerprint sensor just wasn’t ready but that doesn’t mean that you have to ditch the faster, less cumbersome and more desirable fingerprint scanner altogether! Face ID would be a welcome addition, it’s great to have several ways to unlock, but as a replacement for the fingerprint scanner it is a colossal F-up imo.

    • John Lofwire

      Oh my…
      You dont know how the secure enclave work on iphone?
      Your biometric data are stored in this secure enclave and is never sent on the web.
      What sent is a token generated from the biometric data.

      Same thing for developper all they see is the token.
      Same thing with Apple pay.

      Still its a privacy concern because as they said anyone including police can just take the phone and have it unlocked by pointing at you.
      Even more if you activated the feature that remove the need to have your eye opens ( because there is an option for this its do make it less secure ) someone can unlock it when you sleep lol.

      Now something we can agree on its a great addition but in no way a replacement for fingerprint scanner.

    • Captain H. Morgan

      Exactly the reason why I am replacing my iPhone next month with just an iPhone 8. I am not ready for FaceID yet.

    • It’s Me

      I’d be hesitant to listen to the “experts” here who have no experience with technology and rely sensationalism in media for their “facts”. They are usually uneducated and you wouldn’t listen to them for technology advice anymore than you would a janitor or burger flipper.

      The fact is that the data used for FaceID is not shared with anyone. Period. Any story or person claiming this has only skimmed the available info and/or intentionally ignored facts.

      The other fact is that developers can request access to the data from the front cameras that are used for FaceID. That is exactly the same as devs requesting access to any other camera. Granted it’s a more advanced camera than is available on other phones but aside from it being more advanced, it’s still just requesting camera data like every other camera on every other phone.

    • Captain H. Morgan

      lol

    • thereasoner

      Not on the case of face ID, developers have been given access to atleast some of the data for their apps although the user has to give permission. What you’re referring to relates to Apple Pay transactions specifically.

      Wccftech has a story on it today, check it out.

    • John Lofwire

      I would recommend to read the security guide for face id from apple that just came out instead of some website story.

      They explain every step of the system and how its interact using mathematical equations and token with first and third party app.

      Plz go read how things work before commenting..

    • thereasoner

      “Having seen terms in a contract, Reuters reports that “Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties.” However, Apple cannot verify or enforce this condition all time.”

      I’m not the one saying this, it comes from Apples own documents that you claim to understand ironically.

      “Plz go read how things work before commenting”.

      LMFAO! It looks like you need to take your own advice! At least read the story and criticize it and its sources on that site instead of being an arrogant douche and attacking the messenger.

    • John Lofwire

      Look at Mr perfect. So certain information translate to sensitive info in your book?

      Those information cannot be used to identify you or retrace you they are untraceable meta data.

      This was last time you make me waste my time troll.

    • Mr Dog

      Oh man. Do you not have anything better to do than spread BS? You should read the full article as well as try to understand what is happening before typing.

      Apple has a API that takes data from front facing camera (Not from the array of sensors used for Face ID), does analysis on it and gives developers a face.

      So nothing different from using a app on any phone that uses data from cameras to map the face.

      It’s based on ARKit. I can guarantee you, the same can be done with ARCore on Android. The difference is google is slacking and doesn’t have a conpurensive API for it yet

    • thereasoner

      I did read it, here are more direct quotes;

      “Apple made sure to stress on how 3D face recognition model is stored on the device and much like Touch ID, the data never leaves your phone. Now, the ACLU has said that the company is actually giving app developers access to some of this data for trendy new features”

      “Experts have warned that for getting some convenience users are being pushed to give away parts of their personal details that otherwise remain private. From personal information for signing up, phone numbers for 2FA, financial data for play store purchases to biometrics and now facial maps – nothing is private anymore”.

      “The real privacy issues have to do with the access by third-party developers.”

      “App makers who want to use the new camera on the iPhone X can capture a rough map of a user’s face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer’s own servers, can help monitor how often users blink, smile or even raise an eyebrow.”

      Yet,
      “The iPhone maker has always maintained that new features don’t have to come “at the expense of your privacy and security.”

      As I said, Apple has no control over what developers do with face maps they take nor can they guarantee the data’s security once or users privacy once it’s removed from the phone, a removal Apple originally said wouldn’t happen no less.

      If Google did this iFanatics would be up in arms but it’s okay for Apple to go back on their claim that new features don’t cost a user their privacy. Same for all the hyperbole over the pOLED display on the Pixel XL 2, burn in/colour shift is a bad thing that shouldn’t be tolerated on Google’s phone according to iFanatics yet not a peep out of them about Apples announcement that the same type of issues can be expected for the iPhone X. Not surprised mind you, you guys are kings of double standards.

    • Mr Dog

      Since you don’t seem to want to reason much. I’ll play the blame game with you.

      Google has pictures of millions of people on their clouds and does constant analysis of it for ‘features’ without specifically asking if they can.

      Google likely has a better facial nap of your face than the iPhone X can capture lol.

      There is no double standard. Apple said these issues can be expected over time, yet there has not been a SINGLE instance of burn in, image retention or the level of color shifting the pixel has experienced.

      Go take a dam look at the Android subreddit and you will see plenty of post about it. Yet, you will be hard shot finding a single instance of an iPhone X with burn in issues.

      There is a difference between a company saying ‘you might experience it eventsuully’ and a it ACTUALLY AHOPENING.

    • It’s Me

      Never go to a factory worker for technology info.

    • thereasoner

      “Never to to a factory worker for technology info.”

      Are you drunk already, lmao? What time is it in Cupertino?

    • It’s Me

      One letter typo. Glad it gave you wood.

      Now, can you please ask John Lofwire to come back and converse with you? I have popcorn and reading two opposing yet equally ignorant positions was awesome. Like watching two monkeys fight over a book neither can read.

    • thereasoner

      Sorry, not reading your iDeflection.

      Face it, you Apple guys are all over Android users for sharing benign data like our commute to work or our favorite sports/teams for Googles excellent Google Now/Feed service and say the cost is our privacy. Now you’ll have to eat crow(again) as Apple allows 3rd party developers access to your far more personal and private face/facial expressions while simultaneously lying about said data “never” leaving the phone.

      You should be used to it, like when Apple said you’d look “ridiculous” holding a large phone to your head only to feed their gullible minions one later or when wireless charging was described as a “gimmick” only for it to finally arrive on iPhones 5 years later! The list goes on and gullible iFans continue to be naive sheep, as I said, no surprise!

    • Domino67

      What does Google have to do with this?

    • It’s Me

      He’s desperate to try to get people to think Google’s data mining and privacy invading isn’t so bad by trying really, really to make a case for Apple’s camera being a privacy concern.

      He’s poorly educated so you’ll have to forgive his nonsense. His desperation is a weird personality trait, but his ignorance explains a lot.

  • John Lofwire

    Turn off your phone.
    when its boot up its request the passcode ( case solved ) also work with android phone.

    also what do the writter mean by effective?
    Its less secure than iris scanner.
    In some case slower than fingerprint scanner.

    The worst they did not include a fingerprint scanner so you have not much alternative that the biggest fail of this new unlock solution.

  • mgoblue20000

    You can also press the power button I believe it’s 5 times quickly to disable Face ID and require the passcode. You still have to remember to do that of course but it’s something.

  • gthompson75

    Good article. It really tells you what kind of state canada is in. Zero privacy from the government eyes. Best bet crossing the border is go with a fresh reset with minimal stuff on it or have a phone just for travelling. Unfortunately the people we employ at our borders aren’t the brightest bunch and can freely interpret what they read or learn off your device anyway they see fit.

  • JD

    “Privacy Commissioner
    Daniel Therrien has previously said that Canadians should be “very
    concerned” about having their digital devices searched at the U.S.
    border.”
    Actually it’s the Canadian border you need to worry about. If I can’t cross in to the US then screw it I’ll turn around, but if I can’t come home because the CBSA officer is power tripping (like they usually do) that’s a bigger problem.