top | item 45848851

(no title)

Svip | 3 months ago

Whether internet is covered by § 72 seems undetermined; as far as I can tell the Supreme Court hasn't made a decision on it; but considering that it considered fake SMS train tickets to be document fraud, even though the law text never explicitly mentions text messages: it seems clear that internet communication ought to be covered, if challenged.

Regardless, this wouldn't run afoul of this. This is similar to restricting who can buy alcohol, based purely on age; the identification process is just digital. MitID - the Danish digital identification infrastructure - allows an service to request specific details about another purpose; such as their age or just a boolean value whether they are old enough. Essentially: the service can ask "is this user 18 or older?" and the ID service can respond yes or no, without providing any other PII.

That's the theory at least; nothing about snooping private communication, but rather forcing the "bouncer" to actually check IDs.

discuss

tokai|3 months ago

>considering that it considered fake SMS train tickets to be document fraud, even though the law text never explicitly mentions text messages

That has nothing to do with the medium of the ticket and is all about knowingly presenting a fake ticket. The ticket is a document proving your payment for travel. They could be lumps of dirt and it would still be document fraud to present a fake hand of dirt.

Svip|3 months ago

Except the Supreme Court deemed the case to be of a principal nature, and granted relieve (i.e. no cost to either party), since it was disputed whether a fake SMS train ticket counted as document fraud.

Telaneo|3 months ago

> Regardless, this wouldn't run afoul of this. This is similar to restricting who can buy alcohol, based purely on age; the identification process is just digital. MitID - the Danish digital identification infrastructure - allows an service to request specific details about another purpose; such as their age or just a boolean value whether they are old enough. Essentially: the service can ask "is this user 18 or older?" and the ID service can respond yes or no, without providing any other PII.

> That's the theory at least; nothing about snooping private communication, but rather forcing the "bouncing" to actually check IDs.

Hopefully the theory will reflect the real world. The 'return bool' to 'isUser15+()' is probably the best we can hope for, and should prevent the obvious problems, but there can always be more shady dealings on the backend (as if there aren't enough of those already).

jlouis|3 months ago

Given the track record of digitalization in Denmark, you can be rest assured this will be implemented in the worst possible way.

This is Denmark. The country who reads the EU legislation requesting the construction of a CA to avoid centralizing the system and then legally bends the rules of EU and decides it's far better to create a centralized solution. I.e., the intent is a public key cryptosystem with three bodies, the state being the CA. But no, they should hold both the CA and the Key in escrow. Oh, and then decides that the secret should be a pin such that law enforcement can break it in 10 milliseconds.

I think internet verification is at least 10 years too late. Better late than never. I just lament the fact we are going to get a bad solution to the problem.