It has the same guarantees as the fingerprints from TouchID. They're stored in Apple's secure enclave, a separate ARM based co-processor with anti-tamper measures and running a custom and entirely separate OS. The entire thing is encrypted - OS, drivers, data... the lot, and part of the encryption key comes from the phone hardware, so if you remove the chip from the phone, it becomes undecryptable. Communication is done through a "mailbox" - a separate section of memory which the enclave and iOS have access too.
This means that iOS has no access to or insight into any of the enclave's own memory and, if it did, it wouldn't be able to decrypt it. The data cannot be accessed in any way, even by Apple, a precaution they took to prevent the FBI from forcing them to do so.
And of course no one bothers to read.
>The raster scan is temporarily stored in encrypted memory within the Secure Enclave
while being vectorized for analysis, and then it’s discarded. The analysis utilizes subdermal
ridge flow angle mapping, which is a lossy process that **discards minutia data that would
be required to reconstruct the user’s actual fingerprint**. The resulting map of nodes is
stored without any identity information in an encrypted format that can only be read
by the Secure Enclave, and is **never sent to Apple or backed up to iCloud or iTunes**.
The Face ID, like the fingerprint, is stored on the phone. Apple has no access to either.
Maybe Senator Franken should introduce some legislation concerning data privacy and cyber security if he is so concerned about it. While he's at it, maybe 4th and 5th amendment protections should extend to finger prints, Touch ID, etc. also something he has the ability to change.
Normalizing or popularizing facial recognition is very dangerous. It is irreversible data. People can't change their face (ok, not very easily at all and even then it's VERY hard to fool a good AI) so as soon as that data is breached your identity is permanently compromised. Permanently compromised!
Not to mention the very notable and concerning applications to track dissidents/adversaries (like China does with the recognition/tracking software illegally sold to them by a US company). And that was a decade ago!
Stateside we don't see facial recognition creeping into our lives but it absolutely is and it is VERY under-regulated. Private companies hold massive biometric databases already. The next logical leap is to imagine who could buy this info or sell this info and for what purposes and things can get very bleak very quickly.
He needs to shift his focus to restoring the Bill of Rights and removing warrantless unlocking of phones.
Poor Windows phone. It's been using face unlock for years and nobody seemed to give a crap.