> Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma, and Utah are among the first states to bring state IDs and driver’s licenses in Wallet to their residents
You’d still have your physical ID. It would be reasonable for there to be statute that prohibits Apple from revoking your digital ID, as the state retains the property rights of the ID, not Apple.
I think the idea that an id would be digital only but then you're beholden to whomever software runs it would be frowned upon by the courts pretty fast.
Lots of 'software gone bad and dorked up someone's life' kinda situations out there but when it comes to IDs and simple interactions like presenting one the courts are pretty generally pretty reasonable.
I would expect some physical ID to continue for a long time.
You’ve got a lot of faith in the courts. What if our government becomes more dysfunctional? What if court appointments become super partisan and the other tribe is appointing them?
I would guess that a physical ID makes the states and the economy a lot of money. It cost almost $40 to renew a license here in Alabama and it can be done in less than 15 minutes. It is a token that allows third parties to verify the ID of someone with pretty good accuracy.
So far as I know, Apple can change arbitrary bits in the memory and file system of any online device they make. So, they can turn it off, change files, change the functioning of processes and apps, including removing any particular app. They can cause an iPhone to not display an image of or transmit the details of a drivers license, even if one is stored in the device, despite the effort of the user.
But the status of being licensed to drive is kept in one or several databases controlled by one or many states or agencies. Similarly, the status of having a credit card is kept in a database controlled by at least one credit card company. Licenses and payment accounts can be verified for everyday use with less than 100bits even without a physical or digital representation of the card face available.
If Apple can stop a device from transmitting or displaying license details, then I guess you'll... need either a physical copy or the license number.
> Presenting a driver’s license or state ID to TSA: Once added to Wallet, customers can present their driver’s license or state ID to the TSA by simply tapping their iPhone or Apple Watch at the identity reader. Upon tapping their iPhone or Apple Watch, customers will see a prompt on their device displaying the specific information being requested by the TSA. Only after authorizing with Face ID or Touch ID is the requested identity information released from their device, which ensures that just the required information is shared and only the person who added the driver’s license or state ID to the device can present it. Users do not need to unlock, show, or hand over their device to present their ID.
Please read the article. It's presented there, and not even hidden away.
TSA aren't cops. I was referring to a traffic stop, where the default order from a cop when presented with something like this would be simply "give me your phone."
If the cop doesn't have a reader that can read this on his belt, he is not going to accept it anyway, just like they wouldn't accept a photo of an ID. They'd require the physical license.
If he has a reader on his belt, you would still not need to hand over the phone, you would just tap it on his reader, which would then prompt you to agree to share the specific fields from the driver license that he needs.
I mean yeah, of course they could still demand your phone, they can also demand you get out of the car, handcuff you, search the car and take anything they find on the most vaguely worded suspicions, but there's no technical solution for that problem.
Yes, they should verify the information with their reader. But many wouldn't.
I'm Ukrainian, we've got a government app called Дія, that contains a digital copy of ID card, driver's license and some other documents. The document is presented in text+photo form (which is obviously easy to fake) and in form of a QR code that has a TTL of 3 minutes. Police is supposed to scan the QR code with the same app on their phone and that will load a copy of the document from government server, which is a way to properly verify the document.
Still, on my last interaction with police, they just took a picture of my phone screen. It would take a bit of time to train all personnel on using digital documents.
People are simply asleep. We forgot Snowden's revelation the entire Apple platform is 100% owned, or simply didn't care. It is truly pathetic to witness, most of all on HN.
At this point it isn't even a big deal. Apple has and can see all your nudes in your non-e2e iCloud Backup (including all of the ones sent to you by others, even via SMS), all of your chats, your address book, your phone number (your iPhone uploads it to Apple when you insert it, even if you don't use iCloud), and device serial number (sent to iTunes when you open the App Store). They have your 24/7 location if you have location services enabled.
Providing your name and address is basically no big deal at this point.
One ID, strongly linked to government identifiers, strongly linked to every activity you take on your most important computer, one you can't install apps on without permission.
In time, if not already they will be more powerful than governments. How far away are they from passport storage? What if they produce their own apple passport predicated on the data about you and the trust score you have.
There is a reason the writer stopped making Black Mirror.
They don’t have your location. That is passed in an encrypted form from device to apps like Find My Phone. Apple’s servers don’t store it, nor have access.
This is false. The device transmits all visible Wi-Fi access points and their signal strengths (which is analogous to your location) to Apple at all times. The API returns location data to the handset.
There is no way to verify that Apple's servers don't store this information.
They absolutely have access to it, as they provide the location information to the phone based on the Wi-Fi data.
Apple says [0]: "These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."
The phone uses a local database of wifi locations to help triangulate on-device. Separately, the locations of wifi APs are uploaded to apple to maintain the database, but the source of the data is not saved, just the location of the WAP. A subset of the database is cached on-device.
They tried to clear this up in a 2011 press release but of course it just comes down to trusting it works the way apple says it does:
One use case for this is places like Pennsylvania where you typically need to produce a government-issued ID to purchase alcohol.
In 100%-proof-of-ID stores, cashiers often don't look at the photo on the ID, they scan the bar code on the back of the Driver's License that's presented.
Why not use the Digital ID in an Apple Wallet in those situations?
THIS is what strikes me as the use case for this, and 100% absolutely not using it with any interaction with the law. Preferably the only way I ever go through any law interaction with my phone on me is if it's turned off, or at the very very least have used the emergency function to disable Touch ID/Face ID which also discards the transient keys for decrypting storage (and no I don't use iCloud Backup or iCloud Photos). Smartphones and computers at this point fare essentially exocortexes, but the law does not protect them the same way it protects the contents of our minds.
However, there are lots and lots and lots of private interactions where cryptographic assertable proof of identity would be enormously valuable and a big win for privacy, fraud reduction etc, but the other party certainly has zero right or capability to demand your device, go through it and use force against you based on what they find there. Not just in retail but particularly online the state of identity verification in the US is just fucking abysmal even now. Common workarounds include stuff like literally taking a photo of your government ID and then emailing it, which of course is terrible in every respect.
From the description and example screen it appears this offers reasonably fine-grained information options. So if there was a secure generally available API ala Apple Pay wherein sites could simply request the minimum needed like age verification and address verification (obviously I'm supplying the address anyway to have things shipped, but this would help assert that yes that was my address) that could be quite valuable if still imperfect.
I'm surprised so many of the comments jumped right to presenting ID to the government. This sort of thing was exactly what I had in mind too. My watch can already:
- stream music when I go for a run in the park
- give emergency info to first responders if something happens to me while I'm out
- pay for the bus or train home if I need it for some reason with Omny + Apple Pay
- pay for things I stop to buy with Apple Pay
Giving govt-issued proof of age so I can buy a beer on occasion after a workout without taking my drivers' license with me is a welcome addition to all the rest of that power.
If I'm crossing a border, I've already got alternative hard-copy ID on me.
In the words of Neil Postman "What problem is this technology trying to solve??"
I just don't get it. How much easier do you need it to be than to hand someone an ID card?
The trade offs being made here for the ever slightest convenience make absolute no sense to me.
It is this weird technological addiction to novelty even when there is basically no value or even difference. The only gain is that it is new and novel.
It's not just convenience -- it's also about privacy. For example, I don't like disclosing my home address just to prove I'm old enough to buy alcohol.
With this, I won't have to since it allows for asserting proof of age without disclosing additional information.
Makes sense. COVID vaccination credentials are a great example. The work done with SMART health credentials and vertical solutions like NY Excelsior Pass and Israel’s Greenpass pave the way.
Despite the constant of pessimism about tech. I think most folks glib claims of "yet" don't happen.
And I kinda wonder what use all that pessimism is in the face a protection that we would seem to want ... we like that it doesn't inform the state when the ID is presented right? No?
I think you're underestimating what DID happen. I think anyone from the 80s, 90s and even 00s would be shocked to know what's going on in the private data markets of today.
- Apple, which previously has stated that they have a strong commitment to privacy & encryption, starts scanning photos on local devices; an expansion of their previous policy of scanning/sharing only data in iCloud [link](https://www.eff.org/deeplinks/2021/08/if-you-build-it-they-w...)
- The censorship of the lab leak theory for covid is a particularly interesting one... in 2020 it was ridiculed and censored, and then began to be taken seriously by the US govt and other "official" sources, showing that the censorship was way out of line [link](https://www.wsj.com/articles/facebooks-lab-leak-about-face-1...).
Typically better because the phone is locked & the data is stored within the SE, which puts it out of reach for most people. The proposal (not sure if adopted) was also that these have extremely short expiration times (like on the order of a month) so that you need to resign the credentials through the government body regularly. This further limits the damage - just report the device is stolen. This should put it on the revocation list & will prevent the government issuer from reissuing the ID (this also keeps the revocation lists shorter as they can be pruned).
That raises an interesting new dimension: the ability to revoke someone's ID remotely (if there is no physical version) by twiddling a few bits in a server somewhere.
Wouldn't someone be able to do that now if they were able to gain access to the DMV/police/state database? You might have a physical ID but if they called it in it could be flagged as revoked or something else.
I think you would still at least have a shot in hell since that physical id is in-hand. Maybe it could be flagged as revoked but the cops would have alternative ways of checking it out or at the least visually inspecting it and deciding you are at least who you say you are on the ID. This versus your soft-id just disappearing.
Your ID wouldn't disappear from your wallet, though. It would probably just show an alert. Either way, the cops would have to check the validity of your license/ID. They don't just accept IDs at face value unless they're only verifying something like your age.
> That raises an interesting new dimension: the ability to revoke someone’s ID remotely (if there is no physical version) by twiddling a few bits in a server somewhere.
For most critical uses, you can do that now, since IDs are electronically verified against a central server. For incidental uses, sure, an unverified physical ID works.
Of course, using a third-party ID storage system on which you have an account increases the threat surface to which that threat applies, since there are more places where compromise can occur with the ability to kill your usable ID that way (your account, the storage system, the ID issuers systems vs. just the first of those.)
I don't know if Apple has it but a secondary sort of light lock unlock layer might be kinda weird ... and disconnected from the existing ID system we have.
Not impossible, probably a good idea, but it would be some level of friction you don't have with a typical ID.
I assume it works similarly to Apple Wallet currently does:
If you double click the power button without looking at the screen, it’ll request face unlock for the payment card; and after exiting this screen, it still requires another face unlock for the phone itself.
> Biometric authentication using Face ID and Touch ID ensures that only the person who added the ID to the device can view or present their ID or license in Wallet.
I assume it works similarly to Apple Wallet currently does:
If you double click the power button without looking at the screen, it’ll request face unlock for the payment card; and after exiting this screen, it still requires another face unlock for the phone itself.
I learned this with the App Store last week. My flight was delayed and I needed to start looking for a hotel since I would miss the last flight home at my connection. Masked up at the airport, I inadvertently triggered this lockout. At least I know FaceID is somewhat secure.
> Biometric authentication using Face ID and Touch ID ensures that only the person who added the ID to the device can view or present their ID or license in Wallet.
I'm not. I'm in a comment thread about Apple announcing the first states to adopt a digital driver's license. I don't have to be a supporter of that news to comment in a thread about it, do I?
No, I’m saying you’re in the wrong thread to be complaining about pre-existing biometric authentication (Face/Touch ID), being used to verify ID usage on the same phone.
I also think you misunderstand how biometric models on phones/laptops work.
We are building a society where one or two companies get to decide "I don't like your face" and then you are shut out of communication, commerce, and now mandatory interactions with the government.
The decisions these companies make will be unaccountable, probably with the input from an inscrutable AI, and limited only by the terms of service which you click through without reading.
The dystopian consequences of this trend are so concerning, they deserve to be brought up in every thread on this site.
There have already been cases of people having their YouTube and Gmail accounts blocked because of their politics[0] and app stores are notorious for banning apps (and thus businesses) that allow access to legal but politically-unpopular speech[1][2]. You might argue that this censorship is a positive thing, or at least legal, for these platforms to do, but I don't know why you would call my concerns "fake FUD".
I admit I was using the phrase "I don't like your face" as it's a provocative idiom, but this article is about a technology which stores pictures of people's faces, and is activated by a picture of their face, so the real issue is that companies might react negatively to what's behind someone's face — that is, their opinions and beliefs — and lock them out of this facial recognition ecosystem.
None of your examples have anything to do with the commenter’s faces, and everything to do with their hate speech and/or rule breaking.
You’ve linked stories about Jordan Peterson, Dissenter, and Unjected as if they prove your point about biometric authentication, so I’m going to stop commenting now.
It sounds like you took my comment about not liking faces too literally. I apologise if my metaphorical use of language was ambiguous, and I can only take comfort from the fact that the people who upvoted my original comment seemed to have understood my choice of idiom.
This person can comment wherever they want— and the implication of your comment (that someone is out of place or out of line for expressing opposition to digital government ID on a monopoly's platform) is ridiculous.
Triangulation isn't needed. Most phones have GPS chips already. If your phone is powered on, and with you, there is no difference between presenting an ID on the phone or physically. The carrier and (for most people) a bunch of apps on your phone already know your location and who you are. Data brokers have merged this information with your credit cards, vehicle registration, voting records, social media posts and tons of other information to create a digital twin. In fact, they probably already predicted you would be at the location you're worried about keeping private before you even arrived.
If you are aware that your iPhone has been stolen, the first thing you should do is mark it as lost/stolen in iCloud. This will deactivate all functionality behind a newly assigned pin code.
I was on the ISO standard body for a short time on this. Not sure how much impact I had, but I advocated for this. There were also proposals for letting you only disclose subsets of information, although I don't know the state of that adoption. This would, for example, let you present your verified ID at a supermarket for restricted items purchase without disclosing anything other than that you are of a sufficient age and a photo (no name, address, etc).
RDW (the Dutch DMV, except allowed to be technologically competent) allowed the excellent prototype work that they funded (built by engineers at UL) to be open-sourced (https://github.com/mDL-ILP).
I know even in the US when stores started scanning physical drivers licenses people were / are irked when we're talking about validating a birth date... I think just presenting what the user wants is a good proposal.
As per the announcement, the prompt will show you what information specifically the reader is requesting, which implies that depending on the use case it will be configured to request only the information needed (if your local supermarket requests your home address or anything else besides your age), you'd see that and be able to refuse the prompt.
Thank you for advocating for it, I am sure it made a difference!
No, you can only use it (for credit cards) if you have a pin, face unlock or fingerprint id enabled on your phone. It has no locking ability on its own.
Does that mean you don't sign in to your email provider (or any websites) on your phone? Or that you only use the browser in private mode and close all tabs as soon as they are done?
Just curious how you mitigate the danger of a third party accessing your private information if your phone is ever lost/stolen.
If you are logged in to your email on the device, whoever gains access can trivially reset most of your passwords though, so even if your password manager is locked, it only helps for passwords for things that don’t offer an email reset option…
I am not particularly paranoid but I would feel very nervous about living like this…
Yeah, I know they can reset my passwords. They would have to care enough to do that first. They're not going to reset my bank password like that though... there is more security than just a password there.
So what are they going to get to? My Amazon account? I don't really care about that.
In my state of Australia, NSW, we have digital IDs we can access through the state services app. I was glad to know I was never required to had my device over. The cops can look but not touch which is great.
> I don't want to hand an unlocked phone over to someone just to show ID.
this reminds me of a time when i traveled to Canada from U.S and the customs dude wanted to see my return flight ticket. I handed over my phone without thinking much and i can see from the glare on his eyeglasses that he opened my Messages app and scrolled through them and also went inside my conversation with my Dad. it was a learning experience.
What a creep... People will often abuse any little power they have. You should have reported the guy, anonymously if possible.
As for the problem at hand, ideally we should be able to 'lock' the device on a certain screen or while using a certain app whenever we wanted. Notifications disabled as well.
How long until we get a video of the first officer demanding the person hand over their phone because "I just need to take this back to my cruiser to verify your ID"?
You can currently use Wallet and Apple Pay without unlocking the rest of the phone. I'm sure they've thought of this and probably made it so that only the license can be unlocked.
Yeah, the case where I can see myself using this is if I wanted to pop out to pick up food or something real quick, I could actually leave my wallet at home (using the payment and now DL on my phone).
Previously I got very limited use out of phone-based payments because I had to have my wallet on me anyway, for my ID.
This currently may only be for a TSA usecase but this area of using a phone to show ID starts to get very murky very quickly
My insurance company has an app that will display my proof of insurance - just hand your phone to the police officer at the stop.
The trouble is you are legally surrendering the possession of your unlocked phone to a police officer who can then search through it. I asked a lawyer friend about this and he said the law doesn't allow you to granularly declare the terms under which you surrender your property (ie you can't say "don't look at anything else officer, just keep that app window open").
It's the same with finger prints as biometric - no one considered that you can plead the 5th when asked for a pin code but you can't decline to have your fingerprints taken (including on your own phone sensor). I'm assuming face recognition is same.
Back to this Apple Wallet announcement, TSA scanning is a very restrictive usecase that feels like just a wedge otherwise it's pretty low value.
But then why would anyone want to hand over their phone to the police (or another government agency) so they can take the phone with the ID on it back to their cruiser to write up your ticket. Of course they are going to have a quick search through your phone. That's not paranoia, that's good police work on their part.
Adding your government ID to Apple Wallet just seems like something that sounds technically cool but not properly thought out OR will only have very limited usecases.
That's fair point which I both missed and not personally familiar with as I'm an Android user (Android's equivalent of Apple Wallet does require you to unlock your phone).
I still worry about relying on my phone to hold my ID and then surrendering my phone when it's reasonable for the other party (presumably a government entity) to want to look at it in more detail or take the ID away for a period of time (eg during a traffic stop they will take your ID to run you through the computer and write your ticket up)
I also worry functionality like this leads to changes in general expectations which leads to more implementation that may not be as carefully executed
With Face ID, there's also the risk that a malicious viewer who is holding your phone could point it at you and get it fully unlocked before you are able to react. A cop who is standing at the window of your car would absolutely be close enough to do that. The only way this would be safe is if it engaged the emergency mode which requires the PIN/password to fully unlock.
I have children who like to play "unlock the phone" games, and we have tested quite a bit.
In my experience the cone is rather larger. Holding the phone and looking at the forearm or below it - which is easily 40 degrees off - will still unlock.
> Android's equivalent of Apple Wallet does require you to unlock your phone
There is no single equivalent, you are free to choose yours. PassAndroid is quite happy to show a pass on a locked phone, although you have to start the app first, but it's the best you can do in Android.
You still need to Face/Touch ID for Wallet, as you already do.
It won’t unlock your device as well, is their point. Just like Wallet currently operates.
> Biometric authentication using Face ID and Touch ID ensures that only the person who added the ID to the device can view or present their ID or license in Wallet.
Not only that but you are legally permitted to withdraw your consent to search at any time. Just merely handing your phone to an officer unlocked does not permit a limitless search and seizure.
However if during that time the officer sees material that constitutes probable cause for a search, they can seize the phone without your ability to withdraw consent.
As mentioned in my previous comment, a lawyer told me you can't arbitrarily withdraw your consent in that way you are describing.
The police officer may also have taken your phone back to their car to use the ID details to write up the ticket so you can't easily ask form the phone back at that point.
> You don't need to unlock your phone to show this ID though...
That is precisely the problem. Now you will be identified without your consent, and perhaps even without your knowledge. Tomorrow you will be tattooed so it's even easier. Watch Idiocracy if you don't believe me.
However it'll very likely require first unlock which puts the phone in a very vulnerable state (storing unencrypted data, or at least the keys in memory).
It is way easier for law enforcement to get into phones after first unlock than it is from a powered down phone.
Before First Unlock (BFU) is a term used to describe the state of your phone after it has booted and been unlocked at least once. Even if locked again, the phone is still in a less secured state until it has been shut down again.
The linked to quote does not describe it's ability to function before first unlock. Many phone functions are disabled in the BFU state.
And one day these bugs will be worked out and it'll be commonplace.
We do a great job of pointing out the things people will stub their toes on, technologically, and then fail to take advantage of the improvements when they become commonplace.
Sure, using my phone as my identity, medical record, car key, and ATM has potential flaws...but then they're mostly worked out (or end up being not an issue) and...hey, it's a pretty neat idea.
(that just happens to lock you into a walled garden, leasing the hardware, for the rest of your life.)
I’ve seen the non-tech version of this first hand. A wallet was handed to a police officer at a traffic stop to show the ID in the clear plastic window. The cop then rifled through the rest of the wallet and found a second fake ID.
Imagine a cop taking your unlocked phone back to his car to “run your license”.
There's an iOS feature called Guided Access[1], which allows you to hand over your phone in a limited-access state (locked to the current app, optionally with areas of the screen disabled for input - or whole input classes like touch/keyboard/motion/volume control disabled). You can also apply a time limit, after which time the phone requires you to authenticate (you can even prohibit Face ID to exit guided access, requiring a PIN instead).
Once enabled and in an app, you just triple-click the side button to start
It's not designed for fully-untrusted users, of course - my understanding is that no in-memory key storage is invalidated. It's useful for handing a phone to friends and relatives to browse some photos with limited access to the rest of your files, and without notifications appearing
Too bad that apps cannot access integrated Guided Access APIs. It's a little clunky for most people to remember to use this setting for sharing something like an ID.
> It's the same with finger prints as biometric - no one considered that you can plead the 5th when asked for a pin code but you can't decline to have your fingerprints taken (including on your own phone sensor). I'm assuming face recognition is same.
Always worth mentioning that you can hold power and either volume button for 3 seconds on an iPhone to disable biometrics until the next unlock. It brings up the power off/SOS controls, but dismissing those will require a passcode to unlock.
Good to know as it's fairly easy to do in a pocket or when under duress.
We are building systems for turn-key tyranny. Stop using closed source, proprietary, for-profit technology which only oppresses us and builds a hellish future for our children to experience. Avoid rotten Apple.
I use Apple Pay quite a lot and I'm looking forward to vaccination record support in iOS 15. But I don't think I have a use case for this. If I did, it would be my choice; I don't particularly like do not need to unlock, show, or hand over their device to present their ID.
Still I'm ok with Apple providing this feature, but I have to find a use case before I'd use it. And I don't like its opt-in once, broadcast thereafter approach.
It doesn't exactly 'broadcast' your ID, physical proximity to your phone is still needed. It's like adding a loyalty card, etc. to apple wallet where you can just tap your device to the reader.
I'm hoping it's like Apple Pay, where I choose and authorize with Face ID + button. It shouldn't be passively readable. Anyways, it will be awhile before it applies in California. CA DMV is not an early adopter of this.
According to the announcement, that's exactly how it works. It uses the same functions as Apple Pay, Transit Passes, and Rewards cards to authenticate/authorize and then uses the new digital ID standard to present.
That's what they said about RFID until it was broken, and people starting building hardware that could snoop on it from a backpack several meters away.
What part of that don't you like? You'd still need to authenticate your device no matter how you present it. You just don't have to unlock the device to validate your ID. It would work exactly like Apple Pay.
Interesting. If they can make the creation of these state IDs free and easily done remotely it may tip the balance towards making voter ID laws reasonable. If all major smartphone providers implemented this, smart phone ownership is already 80% and growing among the poor ($<30k / year)in the united states according to a google search.
Never understood the voter id controversy. Even India which has a lot of poor people mandates voter IDs and it's easy to get one. And there are 800 million voter IDs in India.
If India can do it then why can't USA?
Its largely a political issue in which the republican party claims fraud is rampant without voter IDs but simultaneously makes it difficult for poor people to get them. In many locations they're not free. In some, like Georgia I think, it is free, but you still need to gather documents and go to a DMV and register, which is, frankly, difficult to do when you're poor and don't have a car.
The effect of requiring voter IDs when they're not free AND easy to acquire is disproportionately preventing the poor from voting vs. stopping fraud.
If voter ID laws were accompanied by a strong push to make it easy to get the ID, I don’t think there’d be much pushback.
This is analogous to simultaneously outlawing abortion and making it very difficult to get good sex education in school, defunding Planned Parenthood, and underfunding the social safety net for poor mothers.
Pakistani living in US here. As far as I understand,
Democratic party has relatively poorer voters. Some of these voters do not want to take off and get their voter Id, because if they do, they will loose their wages for the day.
Republican party wants to make IDs mandatory so that these guys won't come and vote.
If you look at percentages, these voters will be less than 1% of the electorate...but important American election results are decided by a single county or a few 1000 votes, so these issues make a lot of headlines. In India, the victory margin is higher, so it doesn't make headlines yet
You can't just assume that the background is "ID works like it does in India", because it doesn't. (E.g. from my understanding, India has a free central ID system for all citizens, in the US that is something many people fundamentally oppose ever existing. And in reverse, people push for requirements on voter ID on top of just "an ID", which again excludes people and causes opposition to voter ID laws)
Exactly. Even as a New Yorker , I can’t get my ID without an accompany physical document proving who I am. The only document I have that is my Birth Certificate and I’m lucky enough that my parents still had it. If they didn’t I would have to wait 1-2 months to get it. And that’s not even mentioning the fact that an appointment for the DMV is 2 months out as well, so even if I didn’t have the birth certificate there would be waiting either way.
Voter ID laws should never be thing unless people willing to accept a national database and they’re free and given to everybody and can be given in a speedy matter with little to no obstructions.
The key part of your statement is "and it's easy to get one." Voter ID requirements in some US states is usually accompanied by a very restrictive list of acceptable forms of ID, and the requirements for getting such IDs are often tightened. Making it easy to get an ID is not the goal of such legislation.
For clarity, while India does have a voter ID system distinct from the national Aadhaar ID, the voter ID itself isn't required to vote. IIRC any government issued photo ID (like Aadhaar) is accepted.
Has one political party in India got a long history of using voting qualification mechanisms to exclude large groups of the population from voting at all?
Because the US does: these mechanisms replay the old literacy tests which were used to disenfranchise immigrants and Blacks in the US until the voting rights act was passed.
It is the "easy to get one" part that is often the kicker. There are a lot of examples out there, many of them concerning poor people, but I will use my late grandmother as an example:
In 2011 Wisconsin instituted a Voter ID law that required a valid government ID in order to vote. Being in her 90s at the time my grandmother had stopped driving (at her childrens' wise insistence) a number of years prior. That being her only government ID that was acceptable, she needed to get a renewal of it, but this time as a non-driving ID.
So she was taken to the DMV to renew it, only to be told that they could not renew it (or convert it), because it had expired too long ago. She needed to start the application from scratch, and for that she needed an original birth certificate, with a stamp. The only birth certificate that she had had no stamp (the county she was born in not having had one until much later). So that was going to require her to get a new one of those.
So my aunt called around, finally finding the proper number for the hall of records in the county where my grandmother was born. Unfortunately it is a small county, so the hall of records is only open once or twice a week for part of a day... and the only place they accurately record that is on the door of the building apparently. So just getting in contact was quite a pain (a couple weeks of occasional work).
Then we learned that she would have to present herself in person to get her birth certificate. I remind you that she is in her late 90s at this point, and had never traveled far in her life (the farthest ever was probably to my wedding on the other side of the state), so this was not going to be a minor trip for her (only an hour-and-a-half... but for her...).
This was just too much for her, so she gave up. She grouced about not being able to vote in what wound up being her last major election, but... the hurdles she faced were just too much.
She had voted in pretty much every election she could, but her last one was denied her by the Voter Id Laws.
The answer to your question is that this is entirely an attempt by one political party to make it harder for people to vote, knowing that the people with the largest hurdles are likely the ones who are going to vote against them. It is disgraceful and underhanded, especially from the party that likes to associate itself with religion.
Disgusting. Another brick in the wall that will promise convenience but ultimately erode Freedom. Avoid Apple if you have any values and ethics left, if not for you, do it for future generations.
Even though a normal transaction won't have you handing your phone over to TSA or the police, I am still hesitant of showing them that you have access to unlock the phone.
Arizona is one of the few states that already has a digital ID through the DMV. If you download the DMV app, you can scan the barcode on the back of your license to get your digital copy. It doesn't go into Apple Wallet yet but it's legal and has an interactive certification banner to prove it's real.
Why is this being done by Apple and not the government itself? This should be device agnostic.
Like Indian Govt's DigiLocker.
https://en.m.wikipedia.org/wiki/DigiLocker
Im not super fond of the idea of having a brand lock-in to make it easier to work with the governments. This feels a bit like a world where Turbotax was the only game in town for softwares to file taxes. So you'd have either the manual way, or Intuit and that's it.
This isn't as bad, and I didn't look much into it so maybe there's stuff I don't know that lessens the negative, but seeing it being Apple specific doesn't make me feel so good.
What makes you think governments aren't involved? The article says:
> Apple’s mobile ID implementation supports the ISO 18013-5 mDL (mobile driver’s license) standard which Apple has played an active role in the development of
If you do a little casual googling, you will find references to the Australian government being involved in the development of that standard. You can also find proposals from the US Department of Homeland Security that refer to the standard.
Speaking of Google, Wikipedia says
> For example, Android's JetPack suite comes with specific support for ISO 18013–5 from version API 24.
REAL ID only happened because of 9/11 (reactionaries are against it) and figured out how to use it to suppress voting. Individual states vary greatly in the US - there are people who don’t want people to have easy access to ID.
What happens when the traditional "analog" alternative is no longer commonly used? Digital, network dependent "upgrades" to traditional protocols and infrastructure are obviously convenient, but what happens when the network fails? When carrying "old style" ID becomes inconvenient and "unnecessary", do entire classes of services simply shut down if the network fails, suffers some sort of DOS attack (or overloaded OCSP server), or a terrorist (or unlucky backhoe) cuts an important fiber optic cable?
Are services like a "digital wallet" useful? How are they harmful? These questions are, of course, very important and need to be carefully investigated. However, whenever this type of technological convenience is introduced that might de facto replace existing protocols or infrastructure people currently rely upon, I rarely see any discussion of the ramifications of introducing technological interdependence and the resulting transitive risk.
Dan Geer, on this topic[1]:
>> The root source of risk is dependence, especially dependence on the expectation of stable system state. Dependence is not only individual but mutual, not only am I dependent or not but rather a continuous scale asking whether we are dependent or not; we are, and it is called interdependence. Interdependence is transitive, hence the risk that flows from interdependence is transitive, i.e., if you depend on the digital world and I depend on you, then I, too, am at risk from failures in the digital world. If individual dependencies were only static, they would be eventually evaluable, but we regularly and quickly expand our dependence on new things, and that added dependence matters because we each and severally add risk to our portfolio by way of dependence on things for which their very newness confounds risk estimation and thus risk management. [...] Remember, something becomes "a critical
infrastructure" as soon as it is widely enough adopted; adoption is the gateway drug to criticality.
>> The most telling fork in the road of them all is whether we retain an ability to operate our world, or at least the parts we would call critical, by analog means. Analog means, and only analog means, do not share a common mode failure with the digital world at large. But to preserve analog means requires that they be used, not left to gather dust on some societal shelf in the hope than when they are needed they will work. This requires a base load, a body of use and users that keep the analog working. [...]
>> What we have here is an historic anomaly, an anomaly where the most readily available counter to an otherwise inexorable drift into a vortex of singleton technology risk and the preservation of a spectrum of non-trivial civil rights is one and the same counter: the guarantee, by force of law where necessary, that those who choose to not participate in the digital melange can nevertheless fully enjoy life, liberty, and the pursuit of happiness, that to opt out of the digital vortex does not thereby require that they live in medieval conditions, and, by doing so, we reap a national security benefit in the bargain as those opting out are the base load for the analog alternative. [...]
>> And that is what I am here to tell you, that the future of humanity and cybersecurity are conjoined, so that as we prepare to make some decisions that are of the fork-in-the-road sort, we need to think it through because in making decisions about cybersecurity we are choosing amongst possible futures for humanity. Those decisions will be expensive to later reverse in either dollars or clock-ticks.
>> The onrushing world of full personalization means the rational decision for the individual or the small entity does not and will not aggregate into the rational decision for society at large. Perhaps that is the core effect from a rate of change up with which we cannot keep. [...]
>> You, we, are the masters of the universe now. What will we do with th...
Digital ID for everyone, here we go.
Globally, right?
Not for me do. Until there is no other option than this, I will refuse it.
If I am lucky I have 30-40 something years ahead of me, more is a bonus territory.
So I intend to live as a human being, not some database record "because of digitalization".
If this means not to have smartphone or using computers in local networks, so be it.
Big F--- you for corporations and governments of the world for collaborating behind the scenes to move us to Minority Report reality.
Apple the global leader in surveillance and government control. Who would guess?
What is the new slogan Apple: You are living it wrong?
I'm not grandparent poster, but depending on who supplies and configures the ID reader, a digital system makes it easier to track people. E.g. if you show your ID at a liquor store, currently the cashier would just check your age and then forget about you. If s/he has a barcode scanner or an Apple ID scanner, then that scanner can log your visits. And your whereabouts can be tracked by following where your ID was scanned throughtout time.
In China, ID cards have RFID and they have to be scanned when entering a train station or airports (or the old town of Lhasa in Tibet), so a future government here might abuse a similar system to track you and maybe harass you by saying "You were in this area yesterday, there was $SOME_BAD_EVENT, what's your alibi?". China also implements long distance travel bans by refusing you entry to the train station/airport, e.g. if you have a bad "social score", which, I imagine would be ripe for abuse in a Trumpian regime. (Although the FBI already abused the no-fly list for the purposes of harassing individuals)
> If s/he has a barcode scanner or an Apple ID scanner, then that scanner can log your visits
This system actually lets you only supply your age to the reader and no other info, to avoid the tracking. In other discussions of this, I've learned that many shops and bars in the US already optically scan IDs to verify them digitally (not trusting staff to verify security features), so this is actually an improvement on privacy compared to before.
Can someone explain the huge net gain in conveinence you get from not carrying a wallet?
I know if I drop my wallet, the cards inside will still work. They won't be out-of-service-area or forgot to be charged.
The wallet also caters to many use cases the phone will never support. That can be high-tech stuff like some obscure closed-loop fare card or keycard system that isn't NFC-compatible, or the paper punch card from the local burrito place.
And it lets me carry cash, which is still less of a production number for plenty of informal payments-- I'm not walking through a Apple Pay/Zelle/PayPal transaction at a yard sale.
Maybe it's because I'm fat and wear loose fitting clothes-- having a wallet in my pocket is not a huge frustration.
You say this as if having a physical wallet doesn't also have huge downsides in exchange for being physical.
If you drop your wallet and lose it, someone has access to everything you have and any accounts tied to anything in your wallet. If you lose your phone, they get nothing.
If you have a physical card and it's been worn down, it will fail to scan. That's never an issue with digital cards.
Physical wallets have physical limits to how much they can carry without being a giant lump in your clothing. Digital wallets stay the same size no matter what you put in them.
Physical wallets are limited to what you put in them. If you forget a punch card, boarding pass, or ticket, you have no recourse. Digital wallets never lose anything and always have ways to retrieve the passes or cards within them.
We could go on and on but both options have advantages and disadvantages...
> So I intend to live as a human being, not some database record
You are already a database record, so are you not currently living as a human being? Do my medical records prevent me from living as a human being? I have so many questions.
I am preserving your and some other (more explicit) heavily-downvoted comments here that paint a disturbingly prophetic picture of where things are going to go. We know what's happening to our freedoms and what the future will look like. Too bad there's not enough of us to fight back.
>> Too bad there’s not enough of us to fight back.
I don’t think so. You can see glimmers of hope in people who refuse to buy into propaganda every day if you go looking for it. Just today, for example, Project Veritas successfully got a California high school teacher fired for literally trying to convert his students to communists.
There are lots of people doing horrible things with tech, and programmers willing to write the shit code that executes on those desires, but all of that comes from the desire for more money and power. It has always been the case that smart humans with drive chase money and power, but it often only takes a small handful of people to bring change to even the worst tyranny. Don’t lose hope for freedom, friend.
The rise of authoritarianism isn't a left vs right issue, unfortunately --- same with things like right to repair and such issues of ownership; there's no one big side that's for or against.
I don't know. I really don't like big companies forcing themselves into this. There are already great open source solution ready to be used like IRMA[1], I would love for them to be used instead of Apple or Google becoming even more indispensable.
Being able to pay to bypass TSA or cut the line for TSA has always been a thing. Private jets, Precheck, and this monstrosity where you pay a private company to become a more equal member of US society:
I'm not sure it's ALWAYS been a thing, or at least it's scale has definitely grown more recently, but, yeah, that's why I thought of it being extended to 'those with e-wallets', of course.
I do won't do any of that "clear" or even "pre-check" stuff just on principle; most everyone I know thinks I'm crazy. I try to fly as little as I can these days, even before pandemic, it's just so unpleasant both in terms of security/dignity as well as physical comfort.
Seems like this would work best in places with free high-speed public wifi and device charging infrastructure. Do those places exist? Western Europe, East Asia? As with the rest of Apple Wallet/Pay offerings, turning analog into digital has its trade-offs.
>We should start thinking about how to ensure that physical IDs will always be available
Same the reason why I am extremely against getting rid of physcial money.
>Create a user controlled devices to store critical documentation like this (something like a crypto wallet but with an easier setup/interface)
Yes. This. One point in time you would have thought having everything on your Smartphone, everything simple was utopia. But reality is we need better power structure and separation of concerns. Or in reality I lost trust with Apple.
242 comments
[ 3.0 ms ] story [ 233 ms ] thread(beta tester in my state of this product)
For now. In the future I could see a cost saving measure to be all digital.
> It would be reasonable for there to be statute that prohibits Apple from revoking your digital ID
There are a lot of reasonable statutes that should exist.
Lots of 'software gone bad and dorked up someone's life' kinda situations out there but when it comes to IDs and simple interactions like presenting one the courts are pretty generally pretty reasonable.
I would expect some physical ID to continue for a long time.
You tell me.
What are you proposing at that point? A physical ID is going to save you from anarchy?
Apple doesn't control whether or not you have a Driver's License. This makes zero sense.
Apple has no say in invalidating your license.
But the status of being licensed to drive is kept in one or several databases controlled by one or many states or agencies. Similarly, the status of having a credit card is kept in a database controlled by at least one credit card company. Licenses and payment accounts can be verified for everyday use with less than 100bits even without a physical or digital representation of the card face available.
If Apple can stop a device from transmitting or displaying license details, then I guess you'll... need either a physical copy or the license number.
Your drivers license does not live with Apple nor does Apple control whether or not you have one.
- having a valid drivers license document during a police encounter
- having a malicious device making (maybe) license related claims on your behalf during a police encounter
edit: More specifically, and more to your point, there is a distinction between being licensed and being able to produce proof of licensing.
Please read the article. It's presented there, and not even hidden away.
If he has a reader on his belt, you would still not need to hand over the phone, you would just tap it on his reader, which would then prompt you to agree to share the specific fields from the driver license that he needs.
I mean yeah, of course they could still demand your phone, they can also demand you get out of the car, handcuff you, search the car and take anything they find on the most vaguely worded suspicions, but there's no technical solution for that problem.
According to TSA, it is not valid for TSA:
https://www.tsa.gov/travel/frequently-asked-questions/does-t...
However, TSA did issue an RFI earlier this year in preparation for rulemaking which could authorize this kind of application:
https://www.tsa.gov/news/press/releases/2021/04/19/tsa-seeks...
Providing your name and address is basically no big deal at this point.
One ID, strongly linked to government identifiers, strongly linked to every activity you take on your most important computer, one you can't install apps on without permission.
What could possibly go wrong?
Settings > Apple ID > Payment and Shipping
Apple has started selling iPhones in person by appointment only, however, and a phone number is required to get an appointment.
You used to be able to walk in, masked, and buy one for cash, without providing any identifiers.
> probably
Most people follow the typical steps to set up their phone
In time, if not already they will be more powerful than governments. How far away are they from passport storage? What if they produce their own apple passport predicated on the data about you and the trust score you have.
There is a reason the writer stopped making Black Mirror.
There is no way to verify that Apple's servers don't store this information.
They absolutely have access to it, as they provide the location information to the phone based on the Wi-Fi data.
The phone uses a local database of wifi locations to help triangulate on-device. Separately, the locations of wifi APs are uploaded to apple to maintain the database, but the source of the data is not saved, just the location of the WAP. A subset of the database is cached on-device.
They tried to clear this up in a 2011 press release but of course it just comes down to trusting it works the way apple says it does:
[0] https://www.apple.com/newsroom/2011/04/27Apple-Q-A-on-Locati...
In 100%-proof-of-ID stores, cashiers often don't look at the photo on the ID, they scan the bar code on the back of the Driver's License that's presented.
Why not use the Digital ID in an Apple Wallet in those situations?
However, there are lots and lots and lots of private interactions where cryptographic assertable proof of identity would be enormously valuable and a big win for privacy, fraud reduction etc, but the other party certainly has zero right or capability to demand your device, go through it and use force against you based on what they find there. Not just in retail but particularly online the state of identity verification in the US is just fucking abysmal even now. Common workarounds include stuff like literally taking a photo of your government ID and then emailing it, which of course is terrible in every respect.
From the description and example screen it appears this offers reasonably fine-grained information options. So if there was a secure generally available API ala Apple Pay wherein sites could simply request the minimum needed like age verification and address verification (obviously I'm supplying the address anyway to have things shipped, but this would help assert that yes that was my address) that could be quite valuable if still imperfect.
- stream music when I go for a run in the park
- give emergency info to first responders if something happens to me while I'm out
- pay for the bus or train home if I need it for some reason with Omny + Apple Pay
- pay for things I stop to buy with Apple Pay
Giving govt-issued proof of age so I can buy a beer on occasion after a workout without taking my drivers' license with me is a welcome addition to all the rest of that power.
If I'm crossing a border, I've already got alternative hard-copy ID on me.
I just don't get it. How much easier do you need it to be than to hand someone an ID card?
The trade offs being made here for the ever slightest convenience make absolute no sense to me.
It is this weird technological addiction to novelty even when there is basically no value or even difference. The only gain is that it is new and novel.
With this, I won't have to since it allows for asserting proof of age without disclosing additional information.
That was my first concern.
I don't want to hand an unlocked phone over to someone just to show ID. I'm not surprised, but still glad they covered this use case.
They do also state that:
>Apple and the issuing states do not know when or where users present their IDs.
That's nice too.
And I kinda wonder what use all that pessimism is in the face a protection that we would seem to want ... we like that it doesn't inform the state when the ID is presented right? No?
Just a few that come to mind:
- A fun recent relevation is that companies are selling & buying netflow data [link](https://www.vice.com/en/article/jg84yy/data-brokers-netflow-...).
- [Govt tracking you by your cell location](https://www.brennancenter.org/our-work/analysis-opinion/fede...), and [another link on same topic](https://www.theverge.com/2021/1/22/22244848/us-intelligence-...)
- [Another one](https://www.vice.com/en/article/88ng8x/pentagon-americans-su...) about gov't purchasing and using other private data like browsing history
- Local police departments using cell-site-simulators to intercept cell traffic [link](https://www.buzzfeednews.com/article/carolinehaskins1/new-la...), [link to map of which states are confirmed to have them](https://www.aclu.org/issues/privacy-technology/surveillance-...).
- Apple, which previously has stated that they have a strong commitment to privacy & encryption, starts scanning photos on local devices; an expansion of their previous policy of scanning/sharing only data in iCloud [link](https://www.eff.org/deeplinks/2021/08/if-you-build-it-they-w...)
- Concerns that centralized social media would lead to censorship. (Whether or not you think it's good that they're doing so, the privacy/speech concern has been borne out). [Instagram censoring political content](https://www.jacobinmag.com/2021/06/censorship-facebook-insta...), [of course tiktok censors political content](https://www.theverge.com/2019/9/26/20883993/tiktok-censorshi...), and a google search brings up many more.
- The censorship of the lab leak theory for covid is a particularly interesting one... in 2020 it was ridiculed and censored, and then began to be taken seriously by the US govt and other "official" sources, showing that the censorship was way out of line [link](https://www.wsj.com/articles/facebooks-lab-leak-about-face-1...).
same way someone steals your wallet they can access your id or "use it".
For most critical uses, you can do that now, since IDs are electronically verified against a central server. For incidental uses, sure, an unverified physical ID works.
Of course, using a third-party ID storage system on which you have an account increases the threat surface to which that threat applies, since there are more places where compromise can occur with the ability to kill your usable ID that way (your account, the storage system, the ID issuers systems vs. just the first of those.)
Not impossible, probably a good idea, but it would be some level of friction you don't have with a typical ID.
This is addressed in the press release
If you double click the power button without looking at the screen, it’ll request face unlock for the payment card; and after exiting this screen, it still requires another face unlock for the phone itself.
> Biometric authentication using Face ID and Touch ID ensures that only the person who added the ID to the device can view or present their ID or license in Wallet.
Cell signals can be triangulated. This "convenience" will be abused. Mark my words.
I also think you misunderstand how biometric models on phones/laptops work.
The decisions these companies make will be unaccountable, probably with the input from an inscrutable AI, and limited only by the terms of service which you click through without reading.
The dystopian consequences of this trend are so concerning, they deserve to be brought up in every thread on this site.
There have already been cases of people having their YouTube and Gmail accounts blocked because of their politics[0] and app stores are notorious for banning apps (and thus businesses) that allow access to legal but politically-unpopular speech[1][2]. You might argue that this censorship is a positive thing, or at least legal, for these platforms to do, but I don't know why you would call my concerns "fake FUD".
I admit I was using the phrase "I don't like your face" as it's a provocative idiom, but this article is about a technology which stores pictures of people's faces, and is activated by a picture of their face, so the real issue is that companies might react negatively to what's behind someone's face — that is, their opinions and beliefs — and lock them out of this facial recognition ecosystem.
[0] https://torontosun.com/2017/08/01/free-speech-advocate-jorda...
[1] https://reclaimthenet.org/google-chrome-web-store-bans-disse...
[2] https://www.insideedition.com/unjected-dating-app-created-fo...
You’ve linked stories about Jordan Peterson, Dissenter, and Unjected as if they prove your point about biometric authentication, so I’m going to stop commenting now.
I prefer not to feed trolls.
RDW (the Dutch DMV, except allowed to be technologically competent) allowed the excellent prototype work that they funded (built by engineers at UL) to be open-sourced (https://github.com/mDL-ILP).
I know even in the US when stores started scanning physical drivers licenses people were / are irked when we're talking about validating a birth date... I think just presenting what the user wants is a good proposal.
Whenever I have purchased something that is age restricted, I have just held my license and held on to it, and not let them scan it.
The insecurity of the POS systems means I don't trust them to not store that data and let it be leaked/stolen.
Thank you for advocating for it, I am sure it made a difference!
I wonder if I'll even be able to use it for IDs.
Just curious how you mitigate the danger of a third party accessing your private information if your phone is ever lost/stolen.
I am not particularly paranoid but I would feel very nervous about living like this…
So what are they going to get to? My Amazon account? I don't really care about that.
Is that still the case?
https://news.ycombinator.com/item?id=28311722
this reminds me of a time when i traveled to Canada from U.S and the customs dude wanted to see my return flight ticket. I handed over my phone without thinking much and i can see from the glare on his eyeglasses that he opened my Messages app and scrolled through them and also went inside my conversation with my Dad. it was a learning experience.
As for the problem at hand, ideally we should be able to 'lock' the device on a certain screen or while using a certain app whenever we wanted. Notifications disabled as well.
https://support.google.com/android/answer/9455138?hl=en-GB
Previously I got very limited use out of phone-based payments because I had to have my wallet on me anyway, for my ID.
My insurance company has an app that will display my proof of insurance - just hand your phone to the police officer at the stop.
The trouble is you are legally surrendering the possession of your unlocked phone to a police officer who can then search through it. I asked a lawyer friend about this and he said the law doesn't allow you to granularly declare the terms under which you surrender your property (ie you can't say "don't look at anything else officer, just keep that app window open").
It's the same with finger prints as biometric - no one considered that you can plead the 5th when asked for a pin code but you can't decline to have your fingerprints taken (including on your own phone sensor). I'm assuming face recognition is same.
Back to this Apple Wallet announcement, TSA scanning is a very restrictive usecase that feels like just a wedge otherwise it's pretty low value.
But then why would anyone want to hand over their phone to the police (or another government agency) so they can take the phone with the ID on it back to their cruiser to write up your ticket. Of course they are going to have a quick search through your phone. That's not paranoia, that's good police work on their part.
Adding your government ID to Apple Wallet just seems like something that sounds technically cool but not properly thought out OR will only have very limited usecases.
From the announcement:
>Users do not need to unlock, show, or hand over their device to present their ID.
I still worry about relying on my phone to hold my ID and then surrendering my phone when it's reasonable for the other party (presumably a government entity) to want to look at it in more detail or take the ID away for a period of time (eg during a traffic stop they will take your ID to run you through the computer and write your ticket up)
I also worry functionality like this leads to changes in general expectations which leads to more implementation that may not be as carefully executed
In my experience the cone is rather larger. Holding the phone and looking at the forearm or below it - which is easily 40 degrees off - will still unlock.
There is no single equivalent, you are free to choose yours. PassAndroid is quite happy to show a pass on a locked phone, although you have to start the app first, but it's the best you can do in Android.
It won’t unlock your device as well, is their point. Just like Wallet currently operates.
> Biometric authentication using Face ID and Touch ID ensures that only the person who added the ID to the device can view or present their ID or license in Wallet.
However if during that time the officer sees material that constitutes probable cause for a search, they can seize the phone without your ability to withdraw consent.
IANAL
The police officer may also have taken your phone back to their car to use the ID details to write up the ticket so you can't easily ask form the phone back at that point.
That is precisely the problem. Now you will be identified without your consent, and perhaps even without your knowledge. Tomorrow you will be tattooed so it's even easier. Watch Idiocracy if you don't believe me.
It is way easier for law enforcement to get into phones after first unlock than it is from a powered down phone.
“ Users do not need to unlock, show, or hand over their device to present their ID.”
https://www.apple.com/newsroom/2021/09/apple-announces-first...
We do a great job of pointing out the things people will stub their toes on, technologically, and then fail to take advantage of the improvements when they become commonplace.
Sure, using my phone as my identity, medical record, car key, and ATM has potential flaws...but then they're mostly worked out (or end up being not an issue) and...hey, it's a pretty neat idea.
(that just happens to lock you into a walled garden, leasing the hardware, for the rest of your life.)
Imagine a cop taking your unlocked phone back to his car to “run your license”.
Once enabled and in an app, you just triple-click the side button to start
It's not designed for fully-untrusted users, of course - my understanding is that no in-memory key storage is invalidated. It's useful for handing a phone to friends and relatives to browse some photos with limited access to the rest of your files, and without notifications appearing
[1] https://support.apple.com/en-gb/HT202612
Always worth mentioning that you can hold power and either volume button for 3 seconds on an iPhone to disable biometrics until the next unlock. It brings up the power off/SOS controls, but dismissing those will require a passcode to unlock.
Good to know as it's fairly easy to do in a pocket or when under duress.
> Users do not need to unlock, show, or hand over their device to present their ID
Still I'm ok with Apple providing this feature, but I have to find a use case before I'd use it. And I don't like its opt-in once, broadcast thereafter approach.
That kinda sounds like a recipe for fraud and the end result the opposite of what you describe.
The effect of requiring voter IDs when they're not free AND easy to acquire is disproportionately preventing the poor from voting vs. stopping fraud.
There are zero legitimate reason why a country with the resources of the US can’t accomplish something basic like this. It’s intentional.
This is analogous to simultaneously outlawing abortion and making it very difficult to get good sex education in school, defunding Planned Parenthood, and underfunding the social safety net for poor mothers.
If you look at percentages, these voters will be less than 1% of the electorate...but important American election results are decided by a single county or a few 1000 votes, so these issues make a lot of headlines. In India, the victory margin is higher, so it doesn't make headlines yet
Voter ID laws should never be thing unless people willing to accept a national database and they’re free and given to everybody and can be given in a speedy matter with little to no obstructions.
And 25% of black voters.
https://www.aclu.org/other/oppose-voter-id-legislation-fact-...
Because the US does: these mechanisms replay the old literacy tests which were used to disenfranchise immigrants and Blacks in the US until the voting rights act was passed.
In 2011 Wisconsin instituted a Voter ID law that required a valid government ID in order to vote. Being in her 90s at the time my grandmother had stopped driving (at her childrens' wise insistence) a number of years prior. That being her only government ID that was acceptable, she needed to get a renewal of it, but this time as a non-driving ID.
So she was taken to the DMV to renew it, only to be told that they could not renew it (or convert it), because it had expired too long ago. She needed to start the application from scratch, and for that she needed an original birth certificate, with a stamp. The only birth certificate that she had had no stamp (the county she was born in not having had one until much later). So that was going to require her to get a new one of those.
So my aunt called around, finally finding the proper number for the hall of records in the county where my grandmother was born. Unfortunately it is a small county, so the hall of records is only open once or twice a week for part of a day... and the only place they accurately record that is on the door of the building apparently. So just getting in contact was quite a pain (a couple weeks of occasional work).
Then we learned that she would have to present herself in person to get her birth certificate. I remind you that she is in her late 90s at this point, and had never traveled far in her life (the farthest ever was probably to my wedding on the other side of the state), so this was not going to be a minor trip for her (only an hour-and-a-half... but for her...).
This was just too much for her, so she gave up. She grouced about not being able to vote in what wound up being her last major election, but... the hurdles she faced were just too much.
She had voted in pretty much every election she could, but her last one was denied her by the Voter Id Laws.
The answer to your question is that this is entirely an attempt by one political party to make it harder for people to vote, knowing that the people with the largest hurdles are likely the ones who are going to vote against them. It is disgraceful and underhanded, especially from the party that likes to associate itself with religion.
It might be useful to give an ID number when arrested (without ID ), that's why I memorized mine back in the day.
I don't see a reason it can't be used with the government or that the government needs to make its own app.
I'm of the opinion that Apple is a defacto arm (back channel) of the government now based on recent developments.
This isn't as bad, and I didn't look much into it so maybe there's stuff I don't know that lessens the negative, but seeing it being Apple specific doesn't make me feel so good.
> Apple’s mobile ID implementation supports the ISO 18013-5 mDL (mobile driver’s license) standard which Apple has played an active role in the development of
If you do a little casual googling, you will find references to the Australian government being involved in the development of that standard. You can also find proposals from the US Department of Homeland Security that refer to the standard.
Speaking of Google, Wikipedia says
> For example, Android's JetPack suite comes with specific support for ISO 18013–5 from version API 24.
https://en.wikipedia.org/wiki/Mobile_driver%27s_license
Does that qualify as device agnostic?
REAL ID only happened because of 9/11 (reactionaries are against it) and figured out how to use it to suppress voting. Individual states vary greatly in the US - there are people who don’t want people to have easy access to ID.
Are services like a "digital wallet" useful? How are they harmful? These questions are, of course, very important and need to be carefully investigated. However, whenever this type of technological convenience is introduced that might de facto replace existing protocols or infrastructure people currently rely upon, I rarely see any discussion of the ramifications of introducing technological interdependence and the resulting transitive risk.
Dan Geer, on this topic[1]:
>> The root source of risk is dependence, especially dependence on the expectation of stable system state. Dependence is not only individual but mutual, not only am I dependent or not but rather a continuous scale asking whether we are dependent or not; we are, and it is called interdependence. Interdependence is transitive, hence the risk that flows from interdependence is transitive, i.e., if you depend on the digital world and I depend on you, then I, too, am at risk from failures in the digital world. If individual dependencies were only static, they would be eventually evaluable, but we regularly and quickly expand our dependence on new things, and that added dependence matters because we each and severally add risk to our portfolio by way of dependence on things for which their very newness confounds risk estimation and thus risk management. [...] Remember, something becomes "a critical infrastructure" as soon as it is widely enough adopted; adoption is the gateway drug to criticality.
>> The most telling fork in the road of them all is whether we retain an ability to operate our world, or at least the parts we would call critical, by analog means. Analog means, and only analog means, do not share a common mode failure with the digital world at large. But to preserve analog means requires that they be used, not left to gather dust on some societal shelf in the hope than when they are needed they will work. This requires a base load, a body of use and users that keep the analog working. [...]
>> What we have here is an historic anomaly, an anomaly where the most readily available counter to an otherwise inexorable drift into a vortex of singleton technology risk and the preservation of a spectrum of non-trivial civil rights is one and the same counter: the guarantee, by force of law where necessary, that those who choose to not participate in the digital melange can nevertheless fully enjoy life, liberty, and the pursuit of happiness, that to opt out of the digital vortex does not thereby require that they live in medieval conditions, and, by doing so, we reap a national security benefit in the bargain as those opting out are the base load for the analog alternative. [...]
>> And that is what I am here to tell you, that the future of humanity and cybersecurity are conjoined, so that as we prepare to make some decisions that are of the fork-in-the-road sort, we need to think it through because in making decisions about cybersecurity we are choosing amongst possible futures for humanity. Those decisions will be expensive to later reverse in either dollars or clock-ticks.
>> The onrushing world of full personalization means the rational decision for the individual or the small entity does not and will not aggregate into the rational decision for society at large. Perhaps that is the core effect from a rate of change up with which we cannot keep. [...]
>> You, we, are the masters of the universe now. What will we do with th...
If I am lucky I have 30-40 something years ahead of me, more is a bonus territory.
So I intend to live as a human being, not some database record "because of digitalization". If this means not to have smartphone or using computers in local networks, so be it.
Big F--- you for corporations and governments of the world for collaborating behind the scenes to move us to Minority Report reality. Apple the global leader in surveillance and government control. Who would guess? What is the new slogan Apple: You are living it wrong?
Is there something concrete you're worried about or is it you just don't like giving big brother too much of your info?
A dead battery and a virus on my phone stealing all of my data, identity, and then time to get it straightened out again.
And I forget my wallet (all the time) more often than my phone dies without a charger (maybe once every six months)
In China, ID cards have RFID and they have to be scanned when entering a train station or airports (or the old town of Lhasa in Tibet), so a future government here might abuse a similar system to track you and maybe harass you by saying "You were in this area yesterday, there was $SOME_BAD_EVENT, what's your alibi?". China also implements long distance travel bans by refusing you entry to the train station/airport, e.g. if you have a bad "social score", which, I imagine would be ripe for abuse in a Trumpian regime. (Although the FBI already abused the no-fly list for the purposes of harassing individuals)
Already are being tracked and bought and sold by third-parties without your knowledge.
Again, I'm not GP, who might be more paranoid about it.
And yes I have Google Maps Timeline active.
This system actually lets you only supply your age to the reader and no other info, to avoid the tracking. In other discussions of this, I've learned that many shops and bars in the US already optically scan IDs to verify them digitally (not trusting staff to verify security features), so this is actually an improvement on privacy compared to before.
I know if I drop my wallet, the cards inside will still work. They won't be out-of-service-area or forgot to be charged.
The wallet also caters to many use cases the phone will never support. That can be high-tech stuff like some obscure closed-loop fare card or keycard system that isn't NFC-compatible, or the paper punch card from the local burrito place.
And it lets me carry cash, which is still less of a production number for plenty of informal payments-- I'm not walking through a Apple Pay/Zelle/PayPal transaction at a yard sale.
Maybe it's because I'm fat and wear loose fitting clothes-- having a wallet in my pocket is not a huge frustration.
If you drop your wallet and lose it, someone has access to everything you have and any accounts tied to anything in your wallet. If you lose your phone, they get nothing.
If you have a physical card and it's been worn down, it will fail to scan. That's never an issue with digital cards.
Physical wallets have physical limits to how much they can carry without being a giant lump in your clothing. Digital wallets stay the same size no matter what you put in them.
Physical wallets are limited to what you put in them. If you forget a punch card, boarding pass, or ticket, you have no recourse. Digital wallets never lose anything and always have ways to retrieve the passes or cards within them.
We could go on and on but both options have advantages and disadvantages...
You are already a database record, so are you not currently living as a human being? Do my medical records prevent me from living as a human being? I have so many questions.
I don’t think so. You can see glimmers of hope in people who refuse to buy into propaganda every day if you go looking for it. Just today, for example, Project Veritas successfully got a California high school teacher fired for literally trying to convert his students to communists.
There are lots of people doing horrible things with tech, and programmers willing to write the shit code that executes on those desires, but all of that comes from the desire for more money and power. It has always been the case that smart humans with drive chase money and power, but it often only takes a small handful of people to bring change to even the worst tyranny. Don’t lose hope for freedom, friend.
[1] https://github.com/privacybydesign/irmago
https://www.clearme.com/support/tsa-precheck/how-does-clear-...
I do won't do any of that "clear" or even "pre-check" stuff just on principle; most everyone I know thinks I'm crazy. I try to fly as little as I can these days, even before pandemic, it's just so unpleasant both in terms of security/dignity as well as physical comfort.
https://www.clearme.com/
Or
Create a user controlled devices to store critical documentation like this (something like a crypto wallet but with an easier setup/interface)
https://www.crowdsupply.com/sutajio-kosagi/precursor
> customers can present their driver’s license or state ID to the TSA by simply tapping their iPhone or Apple Watch at the identity reader.
That sounds like NFC, which could be a feature request for Precursor v2.
Same the reason why I am extremely against getting rid of physcial money.
>Create a user controlled devices to store critical documentation like this (something like a crypto wallet but with an easier setup/interface)
Yes. This. One point in time you would have thought having everything on your Smartphone, everything simple was utopia. But reality is we need better power structure and separation of concerns. Or in reality I lost trust with Apple.
My philosophy if buying a "smart" device is that they must "fail dumb"... I won't buy a smart lock that doesn't use a key as backup, for instance.
Are you sure rude is the right term? Usually you would define rude something deliberate.
As annoying as it might be, this is not deliberate.
The fact that someone is offended doesn’t make it rude. People get offended for pretty much everything these days, yet not everything is rude!