72 comments

[ 2.6 ms ] story [ 115 ms ] thread
We can't. My mDL has been "under review" for 2 weeks!
Oh no, I can just imagine a future in which anti-fraud features mistakenly block my digital-only drivers license, leaving me screaming at a stupid customer support chatbot as some CEO brags about how the use of AI in said chatbot is improving customer satisfaction.
I've already had this happen with a new MacBook - attempting to link an old account tripped a fraud flag with the device and now Apple refuses to even allow the creation of a new account, with an accompanying vague error after the process.

At least today I can just limp along with Homebrew. I doubt self-hosting mDLs are in anyone's plans.

Do not hand your phone to a cop. Ever.
It wouldn't surprise me if this sort of digital ID becomes mandatory or default in rhe next 20 years. Imagine a world where you need to upload your license to the canbus, biometrically identify, and breathalyze for the car to start...
This is where things are headed although I'm not sure it will be dystopian as you imagine. There is not point in requiring digital ID for a breathalyzer.
Except Google Wallet doesn't let me use these features anyway because I have a rooted device
and breathalyze for the car to start

This is old tech. I had a boss in the 90's who had an ignition interlock thing on his car and it wouldn't start unless he blew clean.

I found out about it when he was trying to find someone at work to blow into it so he could go home.

It wasn't until a couple of days later that I put it together that he managed to get so drunk during working hours that he couldn't drive himself home.

That part is mature, but Google/Apple being the only supported way to unlock it? Priceless.
Yeah, but it's not mandatory on every new car. It very well could be in the future. In fact, one of the laws over the past few years set a mandate on new cars detecting drunk drivers in the future. They're currently working on less intrusive versions that passively scan the air or your hands on the wheel.
Unless there’s breakthrough development on alcohol sensors i doubt it, they need periodic calibration to be precise also it’s not just a matter of “blowing” you need to blow-suck-hum for it to read.
Many states have mandatory inspections that could fill that role. As I said, they are currently testing cabin air and steering wheel sensors for drunk driving detection.
>cabin air and steering wheel sensors for drunk driving detection.

Hand sanitizer, fragrances trip interlock breathalyzers all the time, I wonder what could possibly go wrong?

Also who’s gonna pay for the towing and the reset/ recalibration after a false positive and why?

I'm not saying it's a good idea, I'm just saying that it is being pushed at the federal level. Automatic braking has had some issues, but that's become mandatory as well. No reason to think they'll stop just for false positives.
I think it could depend on the protections Google (and Apple) puts on this type of thing.

You could imagine a scenario where putting a phone into driver's license mode disables Face Unlock, and maybe even pauses all push notifications like text messages, and therefore is more secure because it forces people to put their phone into a password mode. So it'd actually encourage people, when talking to law enforcement, to increase their security settings.

I don't know if these companies currently do it like this, but they should.

Apple's approach with Wallet is to allow the transmission of (selective) ID data without fully unlocking your phone. I believe it's the same as when you tap to pay using a credit card in your wallet. You must provide passcode/biometrics when requested, but that does not unlock your device.
You should never need to hand your phone over for any other usage of Google Wallet, so hopefully most people realize that they shouldn't hand it over for this ever.
You'll be happy to know that the UI for this prominently states that you should not hand your phone to the person requesting ID. ID information is not shown on your screen. It's sent via Bluetooth after an NFC tap and a confirmation dialog.
"my nfc reader is down, unlock your phone" -- every cop
Yeah I was disappointed to see that while the ID information is hidden by default you can actually bring it up on screen in a buried menu. If they were serious they would have made it so the information can never show on the screen of the device that holds the ID.
Cop during a traffic stop: "I need to take this back to my car to run some checks."
On one hand the only motivation this can serve is to protect your privacy, since now you can disclosure a minimal amount of information, on the other hand government routinely buys foreign services to break into phones and so you're basically handing someone your whole life.
I assume this is only valid in that state. I bet most states want to seethe physical card if you are driving outside of CA.
I'd assume they'd be happier if you forget it to increase the chance of a sweet sweet flyover state civil asset forfeiture™
From the mDL pilot program website [0]:

1. Continue to carry your physical driver’s license or state-issued ID card. Law enforcement, state government agencies, and businesses aren’t yet accepting the mDL.

2. The mDL is currently authorized for limited usage. There are many participating airports across the United States.

Right now the only main use case is tap-and-fly (can I make this term a thing?) where you don’t need to present your ID to TSA at select airports. Also, it has a nice design and looks cool.

The best use case is probably that it can work as a backup if you forget your ID at home when you’re trying to board a plane, or if you want to simplify what’s in your pockets prior to boarding.

[0]: https://www.dmv.ca.gov/portal/ca-dmv-wallet/

Am I the only one who is a little wary of this? Google having your drivers license and starting to partner up with the government?
What exactly are you wary of? Both of them already know where you live, and the government already buys private databases with all your information in it.
"Due to an account problem your mobile ID cannot be used at this time."

snark removed.

So have a physical backup? I don't see how this is different than using google pay. Sure it could get declined, but that's why I have physical cards as backup.
Google pay and your cards are equivalent and offer equivalent privacy to you. The digital IDs entire reason for existing is removed by reverting to the physical backup, plus you have to keep it with you, and risk losing it which also damages your privacy differently.

If you'll allow me to suggest the next goalpost, it would be some locations changing their policy to no longer accept physical IDs. That's probably a long way away, but it is a likely outcome, given our recent history.

If the States actually cared about these outcomes, they'd ally together, and create an ID "smartcard" standard, with special terminals, that can be used to present your ID and only release certain information with a PIN. The card would otherwise just have your name and ID number on it. Everything else would need to be digitally "released."

The benefit of mDL isn’t that you don’t need your physical card. It allows for limited information dispersal. And it is a backup for your physical card.
I, for one, do not want to give the cops access to or a reason to take possession of my phone.
You're not forced to use it. It's an issue to think / make a decision about, but it's not an issue with this service.
Cop sees phone, cop demands you unlock it and hand it over is exactly the scenario I want to avoid. Or cop pretends bluetooth isn't working and demands you fork over the phone so they can make it work. Or you accidentally unlock the phone and cop demands you hand the unlocked phone over.

I see plenty of downsides but basically no upside (until someone gets their hands on the state's signing keys).

> "What exactly are you wary of?"

Take a look at cases that involve violations of the 4th amendment by cops and the insane hurdle that is qualified immunity and you will find out.

So of course then it's okay if the tangled web of corporate/government co-surveillance weaves tighter and people become partially beholden to a tech giant known for being even more opaque and user-hostile than the government itself.
How are you beholden when you still have the id card?
There is a very real possibility of such a partnership eventually becoming obligatory as part of some "modernization and digitization" fad of the kind that many governments love. Certain major countries already have similar and to a slightly more abstract degree, how many government services in how many jurisdictions basically require you to have a smartphone for access to certain services? Those phones and their OS systems come from only a small pool of corporations.

It's naive to not think the above or worse is possible

I know the lead on this project. He’s pretty convinced this is a net positive. For example, you’ll be able to verify your age at a bar without the bouncer seeing your address.
Where I live many places even use scanners to scan the barcodes on the back of ID. They claim this is to do things like banning people from the establishment and to try and prevent issues with fakes. However I really don't believe this excuse and think it has more to do with tracking who is visiting their establishments. Even though I'd rather not have Google storing my ID, I'd trust it A LOT more than a sketchy club/bar having such information.
In California I can just file a request on your license plate number for your public information. You will only be notified that I requested it. They will protect your residence address and phone number. Your ID has both a residence address and mailing address associated with it. If these are the same you don't actually get protected there.

This may have changed somewhat since I'm not in a position which requires me to do this anymore but this was the standard for years.

Which is why I always _highly_ recommend Californian's to get a private mail box or post office box and use that as your mailing address. Then your residence information is private and only law enforcement can see it.

Was this repealed or watered-down? "Driver's Privacy Protection Act of 1994"

https://en.wikipedia.org/wiki/Driver%27s_Privacy_Protection_...

No. You can still request and obtain the information. It's now a crime to use it unlawfully or to lie in order to obtain it, and California additionally added the feature that the requested party will be notified of the request, it doesn't really afford you any "immediate" protections.

So, split that mailing address off, if you can.

> In California I can just file a request on your license plate number for your public information.

Bouncers can use any excuse to decide to let you in or not so I guess they can just say no, show me your ID/driver's license and you are fucked if you don't have one. They can even decide unilaterally to not look at your smartphone screen if you have it in google wallet, you have little recourse. What will you do, sue them because they let your friends in but you stayed outside?

I know for a fact hotels (or motels) like to scan or copy IDs to be able to effectively bans, because the person working the front desk has no idea who is and isn’t banned, especially if a single hotel company owns or manages multiple hotels.

If Hilton/marriott/IHG/choice/wyndham were not almost all franchised, then I bet they would institute global bans.

I can’t imagine bars are any different.

Really not sure what kind of tracking you think the establishment would be doing or why?

Besides, like you say, banning people. But that's legitimate.

And in terms of aggregating information, the credit card companies know who uses their cards there. ID's aren't adding anything useful.

AFAIK scanning ID's really is entirely about catching fakes and banning people who have misbehaved.

I find this to be a naive point of view.

My simple rule is that a system should be categorized for what it does most of the time. I bet that person working the front door has scanned thousands of IDs, and probably only found a handful of fakes, if any.

So AFAIK, they are scanning IDs and collecting data, and every blue moon, a fake is found and it is then the entire system has found it's true purpose?

A long time ago, I worked as a bartender. Rules for checking ID's were very strict. If cops showed up and ever found anyone under age, there were serious penalties.

So yes, even if there's a fake only once every two weeks, or whatever you consider to be once in a "blue moon" -- that is the purpose of the system.

Believe me, bars don't check ID's because they want to. They do it because the legal consequences are extremely serious otherwise, and "but the ID looked real to our bouncer" isn't a defense, hence the scanning.

There's nothing naive. I think you just aren't familiar with the laws around this.

FedEx requires a scan of the barcode on your license to ship packages from any of their locations. When it first started happening a few years ago, I argued with the clerks and said I didn't want my license scanned. I was willing to show my ID as proof of identity but I didn't want the barcode scan. It also reset the originating address to my home address each time, even though I was shipping for business and put the business address on the FedEx shipping form. They said it was required and the managers always confirmed. I stopped using FedEx for this reason. Never went back.
Passport cards are legal IDs and don't show your address. Also they avoid you needing a realID higjly recommend. At this rate you'll never need a realID to fly.
+1 for passport cards as canonical US ID.
Is your address on your driver's license? That would be stupid. Even the one I have on my national ID card which actually expires at some point is totally useless as it is not even in the country I am living now and I moved 4 times since it was issued.
Yes, they are also part of the DMV website, the FTB website, the IRS website, ...

there should be a law against this.

Google partnered with the government a long time ago. The other companies also. That's where the money comes from.
What is there to be weary of? It's a photo and a QR link for CA cops to be able to look up your database record.

Google isn't getting any significant data here, AFAICS.

I think Google should be wary, if this is ever popular, it's going to attract a lot of regulation.
Google has been giving the government unlimited access to the entirety of their servers and data for 20+ years
Why is this even news?! I don't know about USA but in India you can store licenses, vehicle ID cards, school certificates, insurance and hundreds of other state or federal issued documents in an app -Digilocker for years now.
I believe Utah is the only US state where you can carry your ID digitally on your phone and use it to buy alcohol or give it to police during a traffic stop. If California moves in that direction, it will be a big deal; soon we could leave home with just our phone without any analog cards.
For those who don't know, Digilocker is a govt initiative.

Also, it is opt-in and not mandatory. If you don't want to use it then don't bother. Nobody will force you to install the app or attach it with any of your docs.

Some European countries already had such apps for years too, although we're still waiting for EU-wide system to be adopted.
“Sorry officer, I can’t show you my ID because my battery died”
I applied via Google wallet and was automatically rejected. Seems like a beta at the moment ... The rejection email worked flawlessly however.
I guarentee you this will let cops arrest you for not unlocking your phone because you "won't provide ID" and thus you are obstructing...
I dont know how it works with android, but on an iphone you can open your apple wallet without unlocking your phone.
They demand you unlock it is how it works ;)

just because its possible to show it without unlocking it, doesn't mean they wont demand it.

Its techically legal for me to walk around with an AK 47 and a ski mask in my neighborhood but your most definitly getting ur rights violated by a swat team.

Other than the airport, there doesn’t seem to be any benefit. If I still need to carry my ID card this is not really more convenient.
I’m not sure I really understand the benefit to having your drivers license on your phone. “You can use it at TSA!” Cool but I’m already using my phone for my boarding pass. I guarantee you the friction and additional time to scan the boarding pass and then switch to the drivers license and scan that (when typically these are done in parallel) is going to make that use case a complete non-starter. Best case scenario someone tries it out and realizes it completely messes up the workflow and never uses it again.