Governments aren’t just rolling out Digital IDs. They’re rolling out the platform to enable them to require that you authenticate with a range of apps and websites, ostensibly to keep children safe, with the real purpose being to link your unique identifier to all your online activity. They can then easily build an overall picture of who you are from that ID. Potentially, all this data can be fed into a pre-crime AI.
> Governments aren’t just rolling out Digital IDs. They’re rolling out the platform to enable them to require that you authenticate with a range of apps and websites, ostensibly to keep children safe, with the real purpose being to link your unique identifier to all your online activity.
This is just straight up not true for the EUDI which is probably the most serious and advanced approach to digital ID. The wallets are decentralized and the government does not see the individual authentication transaction in any way.
To set this up, you have to scan the chip on your passport. Its essentially the same data on both chips, one is just in my phone's enclave and the other is in an embedded NFC chip.
And, specifically, frictionless perfect enforcement. Kind of like CCTV you can pull on request after a crime, vs proactive permanent ubiquitous surveillance (looking at you, Flock Safety).
It feels healthier for the enforcement apparatus to have a budget, in terms of material personnel or time, that requires some degree of priority-setting. That priority-setting is by its nature a politically responsive process. And it’s compatible with the kind of situation that allows Really Quite Good enforcement, but not of absolutely everything absolutely all the time.
Otherwise ossification feels like exactly the word, as you said, stavros: if it costs nothing for the system to enforce stuff that was important in the hazy past but is no longer relevant, nobody wants to be the one blamed for formally easing restrictions just in case something new bad happens; 20 years later you’re still taking off your shoes at the airport. (I know, I know, they finally quit that. Still took decades. And the part that was cost-free—imaging your genitalia—continues unabated.)
Since most of that "digital ID" manifestations are just pixels on a screen, these are not a problem to fake pixel-perfect.
I did some limited travel during the COVID era, including areas that did not want to recognise my country's digital vaccination certificate. I presented them with a pixel-perfect picture of their own country's digital vaccination certificate. It's easy to copy from a screen of a friend, and it's not complicated to create your own Apple Wallet pass that looks like the one you want.
Isn't this just seeing a slippery slope and deciding to build a terrace[1], in that the existence of a digital ID doesn't automatically lead to mandate to carry one—any more than the existence of a physical ID card does?
At best a digital ID has an additional attack surface and is just more accessible.
You normally aren't carrying your passport with you, right? So even if lower security, the chance of that information being swiped is generally lower.
Phones are pretty high profile targets, this makes them more so.
I do like the idea and the convenience, but I'm definitely wary of these things too. Especially in the modern tech world where security is often being treated as a second thought as it is less impactful for sales. I'm pretty sure it is always cheaper to implement the security, but right now we're not great at playing long games and we like to gamble. Humans have always been pretty bad at opportunity costs. We see the dollars spent now and that seems to have far more value than what you save later.
On the other hand, currently US citizens are not legally required to walk around with their IDs on them. That's not true for non-citizens btw. You should have to just give the officer your name, but they can detain you while they "verify your identity." With an ID becoming frictionless and more commonly held on person, will this law change? Can we trust that it'll stay the same given our current environment of more frequent ID requests (I'm trying to stay a bit apolitical. Let's not completely open up that issue here?). I'd say at best it is "of concern." But we do live in a world run by surveillance capitalism.
There's a really good example I like of opportunity cost that shows the perverse nature of how we treat them. Look at the Y2K bug. Here on HN most of us know this was a real thing that would have cost tons of money had we not fixed it. But we did. The success was bittersweet though, as the lack of repercussions (the whole point of fixing the problem!) resulted in people believing the issue was overblown. Most people laugh at Y2K as if it was a failed doomsday prediction rather than a success story of how we avoided a "doomsday" (to be overly dramatic) situation. So we create a situation where you're damned if you do and damned if you don't. If you do fix a problem, people treat you as if you were exaggerating the problem. If you don't fix the problem you get lambasted for not having foreseen the issue, but you do tend to be forgiven for fixing it.
Just remember, CloudStrike's stock is doing great[0] ($546). Had you bought the dip ($218) you'd have made a 150% ROI. They didn't even drop to where they were a year previously, so had you bought in July of 2023 ($144) and sold in the dip you'd have still made a 50% profit in that year... (and 280% if you sold today).
Convince me we're good at playing the long game... Convince me we're not acting incredibly myopic... Convince me CloudStrike learned their lesson and the same issue won't happen again...
You're ignoring the benefits though - it will help adapt more services to work online and reduce bureaucracy.
Look at Germany where they outright refuse to acknowledge emails as a legal notification / correspondence so everything still gets sent as letters and fax. It's extremely slow and cumbersome.
Also it will help for security as the central service can authenticate you, instead of every little hotel and bank branch, etc. keeping a copy of your passport.
steve_taylor|3 months ago
bootsmann|3 months ago
This is just straight up not true for the EUDI which is probably the most serious and advanced approach to digital ID. The wallets are decentralized and the government does not see the individual authentication transaction in any way.
sedatk|3 months ago
jjgreen|3 months ago
pat2man|3 months ago
stavros|3 months ago
alwa|3 months ago
It feels healthier for the enforcement apparatus to have a budget, in terms of material personnel or time, that requires some degree of priority-setting. That priority-setting is by its nature a politically responsive process. And it’s compatible with the kind of situation that allows Really Quite Good enforcement, but not of absolutely everything absolutely all the time.
Otherwise ossification feels like exactly the word, as you said, stavros: if it costs nothing for the system to enforce stuff that was important in the hazy past but is no longer relevant, nobody wants to be the one blamed for formally easing restrictions just in case something new bad happens; 20 years later you’re still taking off your shoes at the airport. (I know, I know, they finally quit that. Still took decades. And the part that was cost-free—imaging your genitalia—continues unabated.)
dwaite|3 months ago
watermelon0|3 months ago
maratc|3 months ago
Since most of that "digital ID" manifestations are just pixels on a screen, these are not a problem to fake pixel-perfect.
I did some limited travel during the COVID era, including areas that did not want to recognise my country's digital vaccination certificate. I presented them with a pixel-perfect picture of their own country's digital vaccination certificate. It's easy to copy from a screen of a friend, and it's not complicated to create your own Apple Wallet pass that looks like the one you want.
rpdillon|3 months ago
varispeed|3 months ago
Once everyone is mandated to carry digital ID, then possibilities to track population open up.
frankus|3 months ago
[1] to paraphrase one many excellent John McCarthy-isms: http://jmc.stanford.edu/general/sayings.html
godelski|3 months ago
You normally aren't carrying your passport with you, right? So even if lower security, the chance of that information being swiped is generally lower.
Phones are pretty high profile targets, this makes them more so.
I do like the idea and the convenience, but I'm definitely wary of these things too. Especially in the modern tech world where security is often being treated as a second thought as it is less impactful for sales. I'm pretty sure it is always cheaper to implement the security, but right now we're not great at playing long games and we like to gamble. Humans have always been pretty bad at opportunity costs. We see the dollars spent now and that seems to have far more value than what you save later.
On the other hand, currently US citizens are not legally required to walk around with their IDs on them. That's not true for non-citizens btw. You should have to just give the officer your name, but they can detain you while they "verify your identity." With an ID becoming frictionless and more commonly held on person, will this law change? Can we trust that it'll stay the same given our current environment of more frequent ID requests (I'm trying to stay a bit apolitical. Let's not completely open up that issue here?). I'd say at best it is "of concern." But we do live in a world run by surveillance capitalism.
There's a really good example I like of opportunity cost that shows the perverse nature of how we treat them. Look at the Y2K bug. Here on HN most of us know this was a real thing that would have cost tons of money had we not fixed it. But we did. The success was bittersweet though, as the lack of repercussions (the whole point of fixing the problem!) resulted in people believing the issue was overblown. Most people laugh at Y2K as if it was a failed doomsday prediction rather than a success story of how we avoided a "doomsday" (to be overly dramatic) situation. So we create a situation where you're damned if you do and damned if you don't. If you do fix a problem, people treat you as if you were exaggerating the problem. If you don't fix the problem you get lambasted for not having foreseen the issue, but you do tend to be forgiven for fixing it.
Just remember, CloudStrike's stock is doing great[0] ($546). Had you bought the dip ($218) you'd have made a 150% ROI. They didn't even drop to where they were a year previously, so had you bought in July of 2023 ($144) and sold in the dip you'd have still made a 50% profit in that year... (and 280% if you sold today).
Convince me we're good at playing the long game... Convince me we're not acting incredibly myopic... Convince me CloudStrike learned their lesson and the same issue won't happen again...
[0] https://seekingalpha.com/symbol/CRWD
GardenLetter27|3 months ago
Look at Germany where they outright refuse to acknowledge emails as a legal notification / correspondence so everything still gets sent as letters and fax. It's extremely slow and cumbersome.
Also it will help for security as the central service can authenticate you, instead of every little hotel and bank branch, etc. keeping a copy of your passport.