Oh no, I can just imagine a future in which anti-fraud features mistakenly block my digital-only drivers license, leaving me screaming at a stupid customer support chatbot as some CEO brags about how the use of AI in said chatbot is improving customer satisfaction.
I've already had this happen with a new MacBook - attempting to link an old account tripped a fraud flag with the device and now Apple refuses to even allow the creation of a new account, with an accompanying vague error after the process.
At least today I can just limp along with Homebrew. I doubt self-hosting mDLs are in anyone's plans.
It wouldn't surprise me if this sort of digital ID becomes mandatory or default in rhe next 20 years. Imagine a world where you need to upload your license to the canbus, biometrically identify, and breathalyze for the car to start...
This is where things are headed although I'm not sure it will be dystopian as you imagine. There is not point in requiring digital ID for a breathalyzer.
This is old tech. I had a boss in the 90's who had an ignition interlock thing on his car and it wouldn't start unless he blew clean.
I found out about it when he was trying to find someone at work to blow into it so he could go home.
It wasn't until a couple of days later that I put it together that he managed to get so drunk during working hours that he couldn't drive himself home.
Yeah, but it's not mandatory on every new car. It very well could be in the future. In fact, one of the laws over the past few years set a mandate on new cars detecting drunk drivers in the future. They're currently working on less intrusive versions that passively scan the air or your hands on the wheel.
Unless there’s breakthrough development on alcohol sensors i doubt it, they need periodic calibration to be precise also it’s not just a matter of “blowing” you need to blow-suck-hum for it to read.
Many states have mandatory inspections that could fill that role. As I said, they are currently testing cabin air and steering wheel sensors for drunk driving detection.
I'm not saying it's a good idea, I'm just saying that it is being pushed at the federal level. Automatic braking has had some issues, but that's become mandatory as well. No reason to think they'll stop just for false positives.
I think it could depend on the protections Google (and Apple) puts on this type of thing.
You could imagine a scenario where putting a phone into driver's license mode disables Face Unlock, and maybe even pauses all push notifications like text messages, and therefore is more secure because it forces people to put their phone into a password mode. So it'd actually encourage people, when talking to law enforcement, to increase their security settings.
I don't know if these companies currently do it like this, but they should.
Apple's approach with Wallet is to allow the transmission of (selective) ID data without fully unlocking your phone. I believe it's the same as when you tap to pay using a credit card in your wallet. You must provide passcode/biometrics when requested, but that does not unlock your device.
You should never need to hand your phone over for any other usage of Google Wallet, so hopefully most people realize that they shouldn't hand it over for this ever.
You'll be happy to know that the UI for this prominently states that you should not hand your phone to the person requesting ID. ID information is not shown on your screen. It's sent via Bluetooth after an NFC tap and a confirmation dialog.
Yeah I was disappointed to see that while the ID information is hidden by default you can actually bring it up on screen in a buried menu. If they were serious they would have made it so the information can never show on the screen of the device that holds the ID.
On one hand the only motivation this can serve is to protect your privacy, since now you can disclosure a minimal amount of information, on the other hand government routinely buys foreign services to break into phones and so you're basically handing someone your whole life.
1. Continue to carry your physical driver’s license or state-issued ID card. Law enforcement, state government agencies, and businesses aren’t yet accepting the mDL.
2. The mDL is currently authorized for limited usage. There are many participating airports across the United States.
Right now the only main use case is tap-and-fly (can I make this term a thing?) where you don’t need to present your ID to TSA at select airports. Also, it has a nice design and looks cool.
The best use case is probably that it can work as a backup if you forget your ID at home when you’re trying to board a plane, or if you want to simplify what’s in your pockets prior to boarding.
What exactly are you wary of? Both of them already know where you live, and the government already buys private databases with all your information in it.
So have a physical backup? I don't see how this is different than using google pay. Sure it could get declined, but that's why I have physical cards as backup.
Google pay and your cards are equivalent and offer equivalent privacy to you. The digital IDs entire reason for existing is removed by reverting to the physical backup, plus you have to keep it with you, and risk losing it which also damages your privacy differently.
If you'll allow me to suggest the next goalpost, it would be some locations changing their policy to no longer accept physical IDs. That's probably a long way away, but it is a likely outcome, given our recent history.
If the States actually cared about these outcomes, they'd ally together, and create an ID "smartcard" standard, with special terminals, that can be used to present your ID and only release certain information with a PIN. The card would otherwise just have your name and ID number on it. Everything else would need to be digitally "released."
The benefit of mDL isn’t that you don’t need your physical card. It allows for limited information dispersal. And it is a backup for your physical card.
Cop sees phone, cop demands you unlock it and hand it over is exactly the scenario I want to avoid. Or cop pretends bluetooth isn't working and demands you fork over the phone so they can make it work. Or you accidentally unlock the phone and cop demands you hand the unlocked phone over.
I see plenty of downsides but basically no upside (until someone gets their hands on the state's signing keys).
So of course then it's okay if the tangled web of corporate/government co-surveillance weaves tighter and people become partially beholden to a tech giant known for being even more opaque and user-hostile than the government itself.
There is a very real possibility of such a partnership eventually becoming obligatory as part of some "modernization and digitization" fad of the kind that many governments love. Certain major countries already have similar and to a slightly more abstract degree, how many government services in how many jurisdictions basically require you to have a smartphone for access to certain services? Those phones and their OS systems come from only a small pool of corporations.
It's naive to not think the above or worse is possible
I know the lead on this project. He’s pretty convinced this is a net positive. For example, you’ll be able to verify your age at a bar without the bouncer seeing your address.
Where I live many places even use scanners to scan the barcodes on the back of ID. They claim this is to do things like banning people from the establishment and to try and prevent issues with fakes. However I really don't believe this excuse and think it has more to do with tracking who is visiting their establishments. Even though I'd rather not have Google storing my ID, I'd trust it A LOT more than a sketchy club/bar having such information.
In California I can just file a request on your license plate number for your public information. You will only be notified that I requested it. They will protect your residence address and phone number. Your ID has both a residence address and mailing address associated with it. If these are the same you don't actually get protected there.
This may have changed somewhat since I'm not in a position which requires me to do this anymore but this was the standard for years.
Which is why I always _highly_ recommend Californian's to get a private mail box or post office box and use that as your mailing address. Then your residence information is private and only law enforcement can see it.
No. You can still request and obtain the information. It's now a crime to use it unlawfully or to lie in order to obtain it, and California additionally added the feature that the requested party will be notified of the request, it doesn't really afford you any "immediate" protections.
> In California I can just file a request on your license plate number for your public information.
Bouncers can use any excuse to decide to let you in or not so I guess they can just say no, show me your ID/driver's license and you are fucked if you don't have one. They can even decide unilaterally to not look at your smartphone screen if you have it in google wallet, you have little recourse. What will you do, sue them because they let your friends in but you stayed outside?
I know for a fact hotels (or motels) like to scan or copy IDs to be able to effectively bans, because the person working the front desk has no idea who is and isn’t banned, especially if a single hotel company owns or manages multiple hotels.
If Hilton/marriott/IHG/choice/wyndham were not almost all franchised, then I bet they would institute global bans.
My simple rule is that a system should be categorized for what it does most of the time. I bet that person working the front door has scanned thousands of IDs, and probably only found a handful of fakes, if any.
So AFAIK, they are scanning IDs and collecting data, and every blue moon, a fake is found and it is then the entire system has found it's true purpose?
A long time ago, I worked as a bartender. Rules for checking ID's were very strict. If cops showed up and ever found anyone under age, there were serious penalties.
So yes, even if there's a fake only once every two weeks, or whatever you consider to be once in a "blue moon" -- that is the purpose of the system.
Believe me, bars don't check ID's because they want to. They do it because the legal consequences are extremely serious otherwise, and "but the ID looked real to our bouncer" isn't a defense, hence the scanning.
There's nothing naive. I think you just aren't familiar with the laws around this.
FedEx requires a scan of the barcode on your license to ship packages from any of their locations. When it first started happening a few years ago, I argued with the clerks and said I didn't want my license scanned. I was willing to show my ID as proof of identity but I didn't want the barcode scan. It also reset the originating address to my home address each time, even though I was shipping for business and put the business address on the FedEx shipping form. They said it was required and the managers always confirmed. I stopped using FedEx for this reason. Never went back.
Passport cards are legal IDs and don't show your address. Also they avoid you needing a realID higjly recommend. At this rate you'll never need a realID to fly.
Is your address on your driver's license? That would be stupid. Even the one I have on my national ID card which actually expires at some point is totally useless as it is not even in the country I am living now and I moved 4 times since it was issued.
Why is this even news?! I don't know about USA but in India you can store licenses, vehicle ID cards, school certificates, insurance and hundreds of other state or federal issued documents in an app -Digilocker for years now.
I believe Utah is the only US state where you can carry your ID digitally on your phone and use it to buy alcohol or give it to police during a traffic stop. If California moves in that direction, it will be a big deal; soon we could leave home with just our phone without any analog cards.
For those who don't know, Digilocker is a govt initiative.
Also, it is opt-in and not mandatory. If you don't want to use it then don't bother. Nobody will force you to install the app or attach it with any of your docs.
just because its possible to show it without unlocking it, doesn't mean they wont demand it.
Its techically legal for me to walk around with an AK 47 and a ski mask in my neighborhood but your most definitly getting ur rights violated by a swat team.
I’m not sure I really understand the benefit to having your drivers license on your phone. “You can use it at TSA!” Cool but I’m already using my phone for my boarding pass. I guarantee you the friction and additional time to scan the boarding pass and then switch to the drivers license and scan that (when typically these are done in parallel) is going to make that use case a complete non-starter. Best case scenario someone tries it out and realizes it completely messes up the workflow and never uses it again.
72 comments
[ 2.6 ms ] story [ 115 ms ] threadAt least today I can just limp along with Homebrew. I doubt self-hosting mDLs are in anyone's plans.
This is old tech. I had a boss in the 90's who had an ignition interlock thing on his car and it wouldn't start unless he blew clean.
I found out about it when he was trying to find someone at work to blow into it so he could go home.
It wasn't until a couple of days later that I put it together that he managed to get so drunk during working hours that he couldn't drive himself home.
Hand sanitizer, fragrances trip interlock breathalyzers all the time, I wonder what could possibly go wrong?
Also who’s gonna pay for the towing and the reset/ recalibration after a false positive and why?
You could imagine a scenario where putting a phone into driver's license mode disables Face Unlock, and maybe even pauses all push notifications like text messages, and therefore is more secure because it forces people to put their phone into a password mode. So it'd actually encourage people, when talking to law enforcement, to increase their security settings.
I don't know if these companies currently do it like this, but they should.
https://support.apple.com/en-us/118237
1. Continue to carry your physical driver’s license or state-issued ID card. Law enforcement, state government agencies, and businesses aren’t yet accepting the mDL.
2. The mDL is currently authorized for limited usage. There are many participating airports across the United States.
Right now the only main use case is tap-and-fly (can I make this term a thing?) where you don’t need to present your ID to TSA at select airports. Also, it has a nice design and looks cool.
The best use case is probably that it can work as a backup if you forget your ID at home when you’re trying to board a plane, or if you want to simplify what’s in your pockets prior to boarding.
[0]: https://www.dmv.ca.gov/portal/ca-dmv-wallet/
snark removed.
If you'll allow me to suggest the next goalpost, it would be some locations changing their policy to no longer accept physical IDs. That's probably a long way away, but it is a likely outcome, given our recent history.
If the States actually cared about these outcomes, they'd ally together, and create an ID "smartcard" standard, with special terminals, that can be used to present your ID and only release certain information with a PIN. The card would otherwise just have your name and ID number on it. Everything else would need to be digitally "released."
I see plenty of downsides but basically no upside (until someone gets their hands on the state's signing keys).
Take a look at cases that involve violations of the 4th amendment by cops and the insane hurdle that is qualified immunity and you will find out.
It's naive to not think the above or worse is possible
This may have changed somewhat since I'm not in a position which requires me to do this anymore but this was the standard for years.
Which is why I always _highly_ recommend Californian's to get a private mail box or post office box and use that as your mailing address. Then your residence information is private and only law enforcement can see it.
https://en.wikipedia.org/wiki/Driver%27s_Privacy_Protection_...
So, split that mailing address off, if you can.
Bouncers can use any excuse to decide to let you in or not so I guess they can just say no, show me your ID/driver's license and you are fucked if you don't have one. They can even decide unilaterally to not look at your smartphone screen if you have it in google wallet, you have little recourse. What will you do, sue them because they let your friends in but you stayed outside?
If Hilton/marriott/IHG/choice/wyndham were not almost all franchised, then I bet they would institute global bans.
I can’t imagine bars are any different.
Besides, like you say, banning people. But that's legitimate.
And in terms of aggregating information, the credit card companies know who uses their cards there. ID's aren't adding anything useful.
AFAIK scanning ID's really is entirely about catching fakes and banning people who have misbehaved.
My simple rule is that a system should be categorized for what it does most of the time. I bet that person working the front door has scanned thousands of IDs, and probably only found a handful of fakes, if any.
So AFAIK, they are scanning IDs and collecting data, and every blue moon, a fake is found and it is then the entire system has found it's true purpose?
So yes, even if there's a fake only once every two weeks, or whatever you consider to be once in a "blue moon" -- that is the purpose of the system.
Believe me, bars don't check ID's because they want to. They do it because the legal consequences are extremely serious otherwise, and "but the ID looked real to our bouncer" isn't a defense, hence the scanning.
There's nothing naive. I think you just aren't familiar with the laws around this.
there should be a law against this.
Google isn't getting any significant data here, AFAICS.
Hawai'i-Issued Real IDs Can Be Added to Apple Wallet Beginning August 28
https://news.ycombinator.com/item?id=41395050
Also, it is opt-in and not mandatory. If you don't want to use it then don't bother. Nobody will force you to install the app or attach it with any of your docs.
just because its possible to show it without unlocking it, doesn't mean they wont demand it.
Its techically legal for me to walk around with an AK 47 and a ski mask in my neighborhood but your most definitly getting ur rights violated by a swat team.