The Estonian e-ID system and Qualified Electronic Signature in the EU are good ideas. The government issues you a signed identity. You can use that signed identity to counter-sign challenges in places you'd otherwise (in the US) need to use a Social Security Number and a convoluted private market identity-verification system (for example, the stupid "were you associated with this address 4.5 years ago" things). Like opening a bank account, insurance, paying medical bills, taxes, etc.
Replacing driver's licenses with QR codes for physical interactions, on the other hand, doesn't seem to solve for much. We have a similar system in Colorado and I've never found any value in it; bars and liquor stores are under no obligation to accept it, so they don't.
> Then simply share your TruAge QR code at checkout at select retail locations in Sacramento to safely and securely verify your age, while protecting your privacy.
Right now, bars/clubs will scan my ID and have all my information (name, birthdate, etc). They don't need that. all they need is a yes/no that I'm over 21.
This says mDL. The QR code is at most a cryptographically signed attestation of relevant attributes (eg age, name, etc). Not sure if this made it in, but originally the ISO group had been talking about also signing >18/>21 of sharing the actual birthday for things like restricted sales. I don’t recall discussing QR codes as it was supposed to be NFC but maybe that changed (don’t see a mention of QR codes on the site). Having a dedicated app always struck me as the wrong experience but I think that’ll get sorted and Apple and Google should integrate it into their wallets.
We’re quite close as a society to not needing a wallet at all and instead it’s sufficient to have your phone or smart watch with you. Modern iPhones conceivably can even have a dead battery and still provide your ID information.
Btw this is an ISO standard that has good participation from relevant regulatory bodies for some of the largest countries so this will be the standard everyone adopts.
Now imagine they are under obligation to accept it, and you can get to the point where you can leave your wallet at home. With car keys being Bluetooth, I now don’t carry keys in my pocket. To not carry a wallet to drive to the grocery store either would be a joy. I like a physical lightness.
Stuff like this is rarely worth the cost or effort to implement in the US because like 1% of the population will ever end up using it. We are talking about a country where 1 in 5 households still don't have (and don't want) internet.
I've been using this for a couple months now and it has not helped me at all. It didn't help with closing a PO box in SF, Car rental in Florida denied it, casino in Maryland denied it, but maybe in a couple years it'll be accepted. I think Bevmo accepted it IIRC.
I’m enthusiastic about the longer term future of solutions like this. Current IDs can’t do data minimization very easily, but phone-based solutions can. You should be able to get a permission prompt saying “drug store wants to know your >18/21 status” and not hand over any other data. Of course this requires regulatory oversight to ensure that the stores don’t just ask for all the perms available.
However, does this implement the ISO spec for drivers licenses in Apple/google wallet, or is this some home grown thing?
Unfortunately, history proves relying on regulatory oversight is likely to fail, be subverted or captured by special interests, possibly catastrophically, or worse, silently. This is especially true in rapidly evolving tech domains.
While I can understand that from a purely technical architecture design perspective standardization and centralization can seem like the correct approach, from a risk analysis perspective the downsides are simply too costly. It's really a case of being a reasonable choice "in a perfect world" but a terrible choice "in the real world."
The data and individual rights at stake are too important and too valuable to centralize into one juicy target certain to attract well-funded, highly motivated adversaries ranging from hostile governments, commercial interests and law enforcement overreach to some DMV clerk using a system design flaw to stalk women. None of those examples are theoretical since all of them (and worse) have already actually happened multiple times in different systems carefully designed with the best intentions and substantial legal, procedural and technical safeguards. Arguing "But this time the system won't fail" isn't persuasive when the risks are so high and track-record so clear. While I agree the current situation is far from optimal, we need to be incredibly cautious about jumping from the pan into the fire.
It also ensures that in the future all law enforcement and government agencies will have access to your personal device because "everyone's doing it" and why would you be the weird person that doesn't want to unlock it and hand it over for them to scan and verify everything?
France's digital ID program called "France identité" does the first part.
After pairing it with your physical ID via NFC you can generate digital proofs of identity which are time based and contain the recipient's name and the usage for the proof.
To me, the killer feature of a paper identification document is that it just works.
I've been in an accident. They're trying to figure out who I am for whatever reason (i. e. to hopefully tell my family what happened). The paper card still works. The phone may have been damaged, had the battery go flat, or be locked and they can't guess the PIN. I'd rather they just look at the paper card.
Similarly, if I get pulled over, the cop knows what to do with a paper card, and it's not suddenly going to do something like flash a push notification, or lock the phone because he pressed the wrong button, and escalate the situation.
The problems this solves are both questionable:
1. I can load all my stuff onto my phone and don't need to carry a wallet! Good for you, honey. Frankly, retooling government infrastructure to satisfy an aesthetic pet peeve is sort of a waste of money. Worst case, get one of those fold-open cases with slots for cards, because you're going to have some card that can't be digitized anyway, even if it's the "collect 12 punches and get a free taco" card.
2. It might allow us to generate some "yes this person is over 18" display without leaking the home address. That's assuming that it gets built properly, and consumed properly. We've seen, well, every app in the world. Nobody is going to be selective with permissions when they can ask the moon, and people are generally not in a situation to negotiate over it.
We’ve had this in Colorado for several years now. On an iPhone, you can use guided access to restrict interactions with your phone… just triple press the power button. But there’s also a barcode they can scan to pull up the info on their own device.
I rarely carry a wallet anymore… Apple Pay, Colorado state app and my insurance company’s website (or pdf of my card) has all of the info I ever need.
I can't seem to get past the setup phase where the app "scans" your face via your phone's camera. A dozen attempts, different backgrounds and lighting and I keep getting "try again". Loving this AI-powered future we're in.
I received this, and it seems cool. However, there are some issues. First, it cannot be used as identification at airports, for rental cars, or in bars.
There is a kiosk at SFO, but every time I’ve visited, it was out of order.
Another annoyance is that it’s not integrated with Apple Wallet.
Knowing how the government in California operates, this will likely become a money pit. They will probably abandon the project, sue IDEMIA for breach of contract (or similar reasons), and then start over.
I'm sure once the company contracted to build this is done milking taxpayers and the contract goes to someone who isn't buddy buddy with whoever wrote the bill, it'll get integrated into Apple/Google Wallet so normal people will consider using it.
Digital ID in a world where data privacy&sovereignty is not valued is a red flag, online tracking should be a criminal offense, just like stalking or spying on people IRL
Until then, i'll personally won't have any kind of online/digital ID
I got it when it was in limited beta. It's underwhelming. First problem is that it's another app on your phone instead of using the Wallet app. It's not clear why you wouldn't just use the Android/Apple app.
The second problem is that even the SFO airport doesn't take them as legitimate IDs.
For the folks who are worried about giving your phone to the cop - I guess I am not worried about it much. The cop has the right to lethal force and probably knows more about the situation when you are stopped than you ever will. So they take a look at your phone? I don't assume they will just take and keep it.
If you need to call your mom, probably best not to call her when the cop is right in front of you. If you need to call your lawyer - you are permitted to do that by law. If you are Googling for what your rights are - you are doing it way too late.
If you hand the cop your unlocked phone, and they hop over from the ID app to other apps and find evidence they think implicates you in a crime, what happens?
If you hand the cop your phone, and then say “hey I need that back to call my lawyer” and they say “Sorry, no, I need to keep this for processing”, what happens?
There are cases every day where cops are just outright wrong about the law, your rights, or their own department’s policies. The law protects them from being either criminally or civilly implicated in most of those cases, because they’re not expected to be experts in the law. For most purposes, to have a case against a law enforcement officer for violating your rights, you’d need to show that their behavior was so egregious that it was crystal clear they should have known their action was a violation of your rights. And courts have looked very favorably on LEOs historically in this context: things that to a lay person would count as “obvious” have not met that bar.
So while you may, after spending a pile of money, time, and energy, find out that yes, the police officer overstepped, you’ve still been severely impacted by their action.
We need data privacy protection laws _before_ implementing something like this, otherwise it is a perfect tool to be abused by overreaching government entities (law enforcement).
This is the thing I think most people aren’t thinking about. I promise you the police either have or are cooking up a way as we speak to image the entire contents of your phone when you hand it to them. Until we get some laws in place around this stuff, no way.
You can use guided access to restrict access outside of the app. Here in Colorado, they just scan the barcode on the back and pull up the info on their own device.
I assume the app will attempt to tie my device identifiers such as IMEI, phone number, and advertiser ID to my government digital ID. Then they can tie it to other ID's such as Facebook or other app ID's on the device that also read device identifiers. It probably would fail to install on my Graphene phone that treats all apps as hostile by blocking them from reading any device identifiers. I would rather wait with the rest of people in lines than submit to this.
Californian here - absolutely agree that this is the fiftieth extension of 'government now in surveillance capitalism biz' .. approved by Newsom + company
Unfortunately, people who are aware of this won't even use this thing anyway and many who are exploitable would be tricked into giving their phone to the police.
I hate how police is legally allowed to lie and psychologically trick/pressure people into things they would not normally do. It makes me distrust and question everything they do and say, i.e. being uncooperative to them. Which they then can use as an excuse to escalate and detain or get violent to me.
Interacting with the police is a terrible experience no matter how upright you are because even if you are faultless, they can still make up shit to mess with your day, or life.
bri3d|2 years ago
Replacing driver's licenses with QR codes for physical interactions, on the other hand, doesn't seem to solve for much. We have a similar system in Colorado and I've never found any value in it; bars and liquor stores are under no obligation to accept it, so they don't.
ipqk|2 years ago
Right now, bars/clubs will scan my ID and have all my information (name, birthdate, etc). They don't need that. all they need is a yes/no that I'm over 21.
vlovich123|2 years ago
We’re quite close as a society to not needing a wallet at all and instead it’s sufficient to have your phone or smart watch with you. Modern iPhones conceivably can even have a dead battery and still provide your ID information.
Btw this is an ISO standard that has good participation from relevant regulatory bodies for some of the largest countries so this will be the standard everyone adopts.
azinman2|2 years ago
paxys|2 years ago
calderwoodra|2 years ago
azinman2|2 years ago
noodlesUK|2 years ago
However, does this implement the ISO spec for drivers licenses in Apple/google wallet, or is this some home grown thing?
mrandish|2 years ago
Unfortunately, history proves relying on regulatory oversight is likely to fail, be subverted or captured by special interests, possibly catastrophically, or worse, silently. This is especially true in rapidly evolving tech domains.
While I can understand that from a purely technical architecture design perspective standardization and centralization can seem like the correct approach, from a risk analysis perspective the downsides are simply too costly. It's really a case of being a reasonable choice "in a perfect world" but a terrible choice "in the real world."
The data and individual rights at stake are too important and too valuable to centralize into one juicy target certain to attract well-funded, highly motivated adversaries ranging from hostile governments, commercial interests and law enforcement overreach to some DMV clerk using a system design flaw to stalk women. None of those examples are theoretical since all of them (and worse) have already actually happened multiple times in different systems carefully designed with the best intentions and substantial legal, procedural and technical safeguards. Arguing "But this time the system won't fail" isn't persuasive when the risks are so high and track-record so clear. While I agree the current situation is far from optimal, we need to be incredibly cautious about jumping from the pan into the fire.
Xeoncross|2 years ago
After all, it's simple, safe and easy!
LelouBil|2 years ago
After pairing it with your physical ID via NFC you can generate digital proofs of identity which are time based and contain the recipient's name and the usage for the proof.
phpisthebest|2 years ago
Hint, they almost never increase privacy
hakfoo|2 years ago
I've been in an accident. They're trying to figure out who I am for whatever reason (i. e. to hopefully tell my family what happened). The paper card still works. The phone may have been damaged, had the battery go flat, or be locked and they can't guess the PIN. I'd rather they just look at the paper card.
Similarly, if I get pulled over, the cop knows what to do with a paper card, and it's not suddenly going to do something like flash a push notification, or lock the phone because he pressed the wrong button, and escalate the situation.
The problems this solves are both questionable:
1. I can load all my stuff onto my phone and don't need to carry a wallet! Good for you, honey. Frankly, retooling government infrastructure to satisfy an aesthetic pet peeve is sort of a waste of money. Worst case, get one of those fold-open cases with slots for cards, because you're going to have some card that can't be digitized anyway, even if it's the "collect 12 punches and get a free taco" card.
2. It might allow us to generate some "yes this person is over 18" display without leaking the home address. That's assuming that it gets built properly, and consumed properly. We've seen, well, every app in the world. Nobody is going to be selective with permissions when they can ask the moon, and people are generally not in a situation to negotiate over it.
rgbrenner|2 years ago
I rarely carry a wallet anymore… Apple Pay, Colorado state app and my insurance company’s website (or pdf of my card) has all of the info I ever need.
more_corn|2 years ago
dpedu|2 years ago
mistrial9|2 years ago
nextworddev|2 years ago
intrasight|2 years ago
But I agree that it should be off-device. It should be a smartcard.
tlogan|2 years ago
There is a kiosk at SFO, but every time I’ve visited, it was out of order.
Another annoyance is that it’s not integrated with Apple Wallet.
Knowing how the government in California operates, this will likely become a money pit. They will probably abandon the project, sue IDEMIA for breach of contract (or similar reasons), and then start over.
natch|2 years ago
overstay8930|2 years ago
WhereIsTheTruth|2 years ago
Until then, i'll personally won't have any kind of online/digital ID
alberth|2 years ago
https://www.iso.org/standard/69084.html
Or is this something different?
ezxs|2 years ago
The second problem is that even the SFO airport doesn't take them as legitimate IDs.
For the folks who are worried about giving your phone to the cop - I guess I am not worried about it much. The cop has the right to lethal force and probably knows more about the situation when you are stopped than you ever will. So they take a look at your phone? I don't assume they will just take and keep it.
If you need to call your mom, probably best not to call her when the cop is right in front of you. If you need to call your lawyer - you are permitted to do that by law. If you are Googling for what your rights are - you are doing it way too late.
akerl_|2 years ago
If you hand the cop your phone, and then say “hey I need that back to call my lawyer” and they say “Sorry, no, I need to keep this for processing”, what happens?
There are cases every day where cops are just outright wrong about the law, your rights, or their own department’s policies. The law protects them from being either criminally or civilly implicated in most of those cases, because they’re not expected to be experts in the law. For most purposes, to have a case against a law enforcement officer for violating your rights, you’d need to show that their behavior was so egregious that it was crystal clear they should have known their action was a violation of your rights. And courts have looked very favorably on LEOs historically in this context: things that to a lay person would count as “obvious” have not met that bar.
So while you may, after spending a pile of money, time, and energy, find out that yes, the police officer overstepped, you’ve still been severely impacted by their action.
rahimnathwani|2 years ago
The QR code changes each time you open it. So you can't just screenshot it. I guess that's the same reason why you can't add it to Google wallet.
homefree|2 years ago
explodes|2 years ago
unknown|2 years ago
[deleted]
anonuser123456|2 years ago
localghost3000|2 years ago
rgbrenner|2 years ago
unknown|2 years ago
[deleted]
almost_usual|2 years ago
If you’re worried about this keep your id card?
kornhole|2 years ago
vore|2 years ago
unknown|2 years ago
[deleted]
brookst|2 years ago
Besides, wariness is wise but assumptions are not.
mistrial9|2 years ago
unknown|2 years ago
[deleted]
bigmattystyles|2 years ago
tomohelix|2 years ago
I hate how police is legally allowed to lie and psychologically trick/pressure people into things they would not normally do. It makes me distrust and question everything they do and say, i.e. being uncooperative to them. Which they then can use as an excuse to escalate and detain or get violent to me.
Interacting with the police is a terrible experience no matter how upright you are because even if you are faultless, they can still make up shit to mess with your day, or life.
threeio|2 years ago
whartung|2 years ago
unknown|2 years ago
[deleted]