Other than standardizing on equipment and root certificates, none of this is new technology.
The challenge is how do you revoke a certificate which was used to issue millions of ID cards/passports once it leaks? Does everybody suddenly not have a "valid" ID proof?
Or how do you scale non-digitized operations up on-demand once some of this fails?
When it comes to privacy, government can even not keep any of the PII in a central place: it just needs to get it for signing and never needs to store it.
Basically, you can have a device that wirelessly transmits government-signed data containing your facial data and other PII, and upon validation, that data would be used for facial recognition and ID verification.
"Your face" doesn't tell border officials anything important about you. For that, you need a travel document with relevant biographical information (eg. name, date of birth), along with a picture of your face so they know who to associate that information with. Finally, to ensure that you can't make a fake document that looks like a real document, there's a PKI system where all the information on the document is digitally signed by the country issuing the travel document.
The examples in the article just store the document data in national database. In both examples (Finland and Singapore) you register online before the trip and then still show up with your passport.
Singaporeans just show up with their face because their face is already linked to their government ID, stored locally. This can be done by any country after pre-registering your regular passport.
All of this is trivial to implement. There's still no mention of full digital validation.
Well, the thing is -- after doing the whole ICAO PKI into the passport (which already happened) and keeping the trace in the local government database somebody realised there is no point to issue an expensive unforgable paper copy of it, since the digital artifact bundled with it (theoretically) provides stronger security. So instead of issuing ICAO PKI into the paassport, you can just have a dumb app generating a QR code with it or A4 paper extract.
> how do you revoke a certificate which was used to issue millions of ID cards/passports once it leaks? Does everybody suddenly not have a "valid" ID proof?
You need cutoff date and some kind of public trail log to prevent backdating new certificates. This can be done via short-lived secondary certs derived from a root one, logged publicly
It really isn't, aside from using public key cryptography. There isn't even a concept of a "block" (ie. a linked list where each node is cryptographically linked to a prior node).
Blockchain can be the store of public data (dump public keys of intermediate certs into blockchain), but it's not necessary, public trail log is enough to call on backdated cert issuing
> You need cutoff date and some kind of public trail log to prevent backdating new certificates.
You might be able to do it without a public log by using an RFC 3161 (TSP) secure timestamp facility like the unfortunately named https://www.freetsa.org/. Basically, we want to trust identity attestations ("I am Bill Clinton and this is my face") made by a compromised CA between the time the CA certificate was created and an estimate (hopefully a conservative one) of the date of compromise. We want to distrust any certificates signed outside this time range.
This way, in the event of a CA compromise, we don't have to revoke everyone's certificate after a CA compromise.
I think we can implement this security model by having the CA ask the TSP server to countersign each certificate that the CA issues. The TSP would sign a hash of the whole CSR, including both identity ("I am Bill Clinton") and biometric (bill-clinton.jpg) information. Anyone can use the TSP's attestation to provide that the TSP server witnessed this combination of inputs at a specific time.
Sure, if you've compromised the CA, you can issue a certificate saying "I am Bill Clinton", but to do so, you need to either use a genuine, up-to-date TSP attestation, giving away the game, or you need to use an old TSP attestation, forcing you to use exactly the original inputs to the TSP. Using the exact inputs wouldn't help you: you want to issue a certificate saying "I am Bill Clinton" with attacker.jpg as the face, not bill-clinton.jpg. The latter won't help you do anything: you don't look like Bill Clinton and you don't have his private key.
An attacker would have to compromise both the CA and the TSP server to pull off a passport forgery. And you can make this process even harder by requiring multiple independent TSP servers to countersign certificates.
> The challenge is how do you revoke a certificate which was used to issue millions of ID cards/passports once it leaks? Does everybody suddenly not have a "valid" ID proof?
Revocations always come with a revocation date. Only passports issued after that date would be invalidated. The issuance dates could be proofed with cryptographic timestamps.
There is a trade-off between false positives and false negatives when choosing the revocation date of the issuer certificate. With OCSP, you could also revoke all the individual IDs that are not known-good (known to have been issued legitimately).
Of course, a world-wide interoperable passport scheme is unlikely to be designed with such an elaborate verification system, and maintaining registries of all legitimate IDs comes with its own risks.
In case of a massive breach, it’s more likely that everyone will have to get a new passport and re-prove their identity for that using separate means.
> In case of a massive breach, it’s more likely that everyone will have to get a new passport and re-prove their identity for that using separate means.
If you have a big family with the ownership of many assets - a car, house or an apartment, bank accounts, mortgage, various subsidies, and so on, the number of instances that you need to go to change your old passport data to a new one could quickly grow up to one hundred, depending on a country. The biggest problem with reissuing a passport is that its number and issuance date change, forcing you to jump through many hoops to continue life as before.
That sounds weird. Which country abuses passports like that?
From my perspective, a passport is just an identity document. It's not a source of identity. When you get a new passport, your identity doesn't change, so you don't have to update your information anywhere. Immigration officials may be the main exception, if you live outside the country of your citizenship. Or maybe there is some hassle if you need to transfer a visa to the new passport.
Lots of countries use ID's serial number as a sort of identity. Like, your bank would literally store "Mr. John Doe, G.I. ID 60-05 123-456-9012, D.o.B. 1985-07-29, etc." in your record, and when the next time you visit a branch and show them your new ID, it better have a "previously issued IDs" section on it with that old ID number there, so they would confirm that it's still you and update their record.
The passport can retain the same ID. It’s only its certification that changes. This is analogous to how a web server doesn’t need to change its domain name when the TLS certificate has to be replaced.
And presumably, you would still have to renew your passport every ten years or so anyway.
I wonder if we can have both, the checking being done digitally. While still having an actual stamp on the paper passport. I know this sounds absurd but I dislike everything digital with no real, physical record I can keep.
I don't mind my passport lasting longer due to fewer stamps. What I don't like is that more and more countries require pre-registration. They can add as many questions as they want and the form can be as crappy as it needs to be.
Hopefully this will be fully automated at check in though. They already have all the info there, don't ask me twice. Send me an email if you won't accept me into your country. It can have its upsides.
Boaters, especially in northern Michigan and northern Washington (where the various small islands can almost seem randomly distributed between Canada and US), can get an app on their phone (the "CBP ROAM" app) to handle their frequent border crossings. A user creates a "trip" on the phone at the beginning of the day and then presses a button every time they cross the border. If the US has a problem they do a video call through the app. It's been around for a few years.
ok, do you want that, or are you required to have that..
Uniform servicemen already have made agreements about their data, locations, records, check-ins ad infinitum.. but citizens have not made those agreements.. So uniform services will just make those agreements mandatory.. there is no end to this.
especially irksome is piling on requirements for constant check-in among law abiding people who own property and pay taxes.. while somehow hundreds of thousands can walk around living in parks in the South ? I am not even extreme on this topic .. it just defies common sense and says Slippery Slope in giant letters
You have to fill out request forms, and have an interview, and if they like you they allow you to use the app.
People want it because it lets them do what they want with less hassle and it makes many trips possible that are impossible if you have to cross the border at a manned border crossing.
Sounds like you’ve got people moving backwards and forwards frequently between the U.S. and Canada. Both countries are going to want to track those boarder crossings, doing it in an app just makes it easier for everyone.
Don’t really see what a bunch of people wondering around parks all located in the same country has to do with boaters moving between a smorgasbord of islands belonging to two different countries, and thus randomly crossing the boarder back and forth multiple times in a single trip.
You are annoyed that border controls don’t also affect what people can do thousands of miles away from the border? And you are also afraid of a slippery slope where border controls become ever more strict and interfering? That is a very odd pair of thoughts.
None of it is required, at least on the ocean in Washington.
When you cross the border on the water, you aren't required to report until you go to land (if you never set foot in Canada, but only sail through territorial waters, there is no requirement to report), at which point you must go to a specified customs dock, and present your paperwork.
Love this idea, I too would love to have the stamping still available, perhaps at an automated kiosk you stick your passport in to receive your sentimental stamp.
I Denmark we can have digital drivers licenses, id cards, public transportation passes, online authentication etc.All of them have physical counteeparts. I dont think there are any plans to outphase any of the physical counteeparts for various good reasons such as people not having phones, accessibility, compatibility and so on.
I imagine that the issues for making, deploying and integrating a digital-only passport on a global scale would be much harder.
That is available now in the UK if you use the automatic gates. Soon in the EU stamps will be a thing of the past but you may be able to request one, if you can find a person to do it.
The problem you'll have is that the stamps may not carry the force of law, so not much help in a pinch.
New technology in the airport is incredibly scary. I recently flew between the United States and Canada and it is mind boggling how trivial passports are already becoming. I began by looking into a camera on a kiosk, where as soon as my face was recognized, I walked up to the CBP officer and he verified my identify with a quick look at my passport and ticket. I don't see the passport lasting much longer, at last in the US, Canada, and Europe.
Singapore is even further ahead, with no human in the (regular) loop at all. I walked up to the first barrier, it scanned my face and opened. My name appeared on the screen inside, before I inserted my passport. Then the system "thought" about it for a few seconds, and then the second barrier opened.
I appreciated the complete lack of a passport line (going and coming), but got squicked out about the heuristics the system (might) run through before it let me through.
>but got squicked out about the heuristics the system (might) run through before it let me through.
I think you're overestimating how sophisticated the system is. Most online check-in processes require you to input your passport details. In-person check-in probably results in the gate agent doing something similar. If the arrival airport has this information, it's pretty easy to look up the corresponding face on file (that you provided when you applied for a passport), and use that to generate a list of faces you need to match against. From there, it's only a matter of matching a given face to a face in that set. Moreover, given that arrivals are staggered, that set is going to be relatively small. A wide-body aircraft holds around 300 passengers. If 3 of them arrive at the same time, to the same passport control point, that's only around 1000 faces to match against. That's far easier to do than trying to match against all faces in the entire country, for instance.
It's not inconceivable, however, that the system connects to whatever other dossier(s) have been built against my identity. Even before we consider ML facial recognition by public cameras (probably not yet possible at scale?), the Singaporean SIM card I bought was connected to my passport, which gives them my location: both absolute and relative to anyone I might have spent time around.
I mean, I was a normal tourist, and not doing anything shady whilst I was there, but... False positives exist, and I wouldn't have wanted to have been pulled out of the queue for questioning about something I couldn't possibly have explained.
Singaporeans seem to have a different point of view about surveillance, however. Even the (fairly low-key) human rights activist I chatted with thought it was all great, and said something along the lines of "the cameras keep us safe". "Privacy" as we tend to think about it on this board may be a mainly Anglo-Saxon concern, for what that's worth.
>It's not inconceivable, however, that the system connects to whatever other dossier(s) have been built against my identity. Even before we consider ML facial recognition by public cameras (probably not yet possible at scale?), the Singaporean SIM card I bought was connected to my passport, which gives them my location: both absolute and relative to anyone I might have spent time around.
Why do they need a dossier on you when the passenger manifest has your exact identity? Or are you talking about them tracking you in the country after you left customs? Given that passport control is already plastered with cameras, and you need to present an identity document containing your face to enter the country, I'm not sure why people feel extra creeped out by an automated passport control gate. If they wanted to track you they already have all they need.
ATL has this in parts for domestic flights if you're eligible for 'Digital ID'. Passport control in the US is still for the most part way behind other countries.
When flying into Toronto last year, I filled in my rudimentary customs declaration on the machine and then was waved through right out. Not only did I not interact with a border officer, I did not pass any kind of e-gate either.
Passports can die when there is reliable internet everywhere in the world. Including remote wilderness areas you paid a lot of money to visit and disaster zones where basic infrastructure has failed.
Why do you need "reliable internet"? There's no reason why a digital id system requires internet access to function. If it's stored on your phone, all it needs to do is be able to transmit a pre-signed blob that contains your biographical details. The verifier doesn't need internet either. All that's needed to verify a given electronic passport is a list of root authorities for every country, which can easily be preloaded onto a device.
The same you do when your passport is stolen -- panic and reissue. If anything, reissuing a digital id on a new phone is less hassle, as long as you didn't lose every other physical id, the sim card and reissue codes for esim.
All of that already works and wasn't even revoked for military-aged men for the usual reasons.
Dealing with consulates and embassies is much more pain in the ass compared to redownloading the app and banging in a number of cold restore cases.
Compared to spending half a day just to get to the embassy and hoping they woke up and choose not to be useless today? Or paying notary public and having apostile stump and then paying for DHL?
No, no I don’t, not for this reason at least. I can have my x509 issued without a phone as well and it works with an opening source library.
I don’t use any of that regularly, but the alternatives I experienced wrre much, much worse.
There are too many varied political interests against this.
I have plenty of left-wing friends who refuse to get realids due to something about illegal immigrants and right-wing people hate it because they view it as central govt overreach.
It would be a nice start if the EU could stop inking passports on the way in and out as well as computer recording it all. Such a waste of time and ink
> if the EU could stop inking passports on the way in and out
I’m not sure what you’re referring to. Where are you traveling from? I never had my EU passport inked when traveling to the UK or US. Within the Schengen Area I never needed a passport.
Every round trip from the USA to Ukraine gets six stamps for me. I’m going to have to renew about five years early on this passport. I’ll get the fat passport next time.
This is an odd complaint. It’s not a waste of anything to update a record on an official document. Indeed, it’s more frustrating when they don’t because now I can’t see my full travel history by looking at my passport. Yes that exists somewhere in a DB but I don’t have access to that.
The title is hyperbolic. You still do need a passport and there's no such thing as a digital passport. You need to register your document at some point, so that one is what you will use. Using a different passport would mean logging in and changing your data; your user will be unchanged.
The article is speculating about the future based on current trends, so of course there is not yet a digital passport.
The current experiments seem to be fractured across governments and I would be very surprised to see a centralized system (as your response seems to imply) come into play until well after various governments introduce their own digital systems.
It's not even future, it's rolled out in Ukraine to millions of people and it uses silly face id over the camera to authenticate you for remote things. You can't cross borders with it, as it requires amending the treaties, but otherwise it's a thing.
Ok so it's not a passport. What is being described by the article are just national identities based on physical cards. Estonia has been doing that for a very long time as well.
Also, I had to leave my passport at a consulate to get a visa added. How would that work? It seems the coordination alone would make something like moving to full digital take a long time to happen.
I’ve done the online process to get a visa before (India and Australia), you just upload pictures of your passport and they code a visa to your passport number.
Without a paper passport I’m not sure how that would work. They could code it to another piece of identity I guess (like your ID card), but there would still be something unless biometrics become advanced enough.
I assumed that's how it should work and was surprised they needed my passport. It was sent back with an entirely new picture page. When I've crossed borders they don't seem to know I even have a visa unless I tell them /shrug.
Same as current ones - each gov does their own thing & are largely mutually blind aside from info their spooks/police/taxman may share. Chances of this being widely coordinated are slim.
Everyone is quite keen on maintaining sovereignty on matters like this aside from tightly integrated blocs like EU
The outcome of ubiquitous digitalization will vary depending on number of orifices in your crotch. Number of orifices will be verified by medical commission when you reach adulthood. In case of Ukrainian men this ruling likely impacts only those non affluent, their rich kids seem to have a good time in EU and around the world.
That's the usual thing. You either cross the border before turning 18, or you have fathered three kids (surprisingly, they don't have to be from the same woman) or you have a special exception for special reasons and promise to be back.
Last time I checked, the story was something like -- you need to log into the system, make you personal details up to date so they can summon you for the best job in the world, but they don't actually summon anyone from abroad yet for obvious reasons.
Believe me you don't want free smartphone from the government. I'm astonished how easily people accepted to load everything onto their private smartphones. This happened so fast, within one decade.
Yup. You can always keep it powered off and in a Faraday sleeve until it's time to use it at the border. It should be possible to distribute a device that's smaller and lighter than a passport, and I'd be all for it, so long as it's at least as reliable and/or if there's a fallback process when it isn't.
I remember a sci-fi short story from a long time ago where everything that defined you as a person was digitized and available in your smartphone. The story was about a person loosing his smartphone and coming into all kinds of admin horror to regain his identity but eventually ended up broke sleeping under the bridge..
I feel like this was my last week. Welcome to the UK as an American tech worker. You use a custom Android ROM, too bad, you can't setup your visa. Want to book something on Ryan Air too bad, "computer says no" (really I should never do this again for many reasons).
The level of expectation that your phone is a set of handcuffs that you do not own is high. If you own your device and not vice versa, things just don't work in this world. And honestly why would I want a computer that I didn't control anyway?
Oh yeah, that really sucks. I’ve had a bunch of apps deem my non-rooted, bootloader relocked phone too insecure for them to operate. Nothing critical for me, fortunately (though I do miss Google Pay).
It's probably not that, but there's a sci-fi novel "The Age of the Pussyfoot" by Frederik Pohl, in which one of the key technologies is a device that everybody carries on their belt that is described thus:
> The remote-access computer transponder called the "joymaker" is your most valuable single possession in your new life. If you can imagine a combination of telephone, credit card, alarm clock, pocket bar, reference library, and full-time secretary, you will have sketched some of the functions provided by your joymaker.
The protagonist eventually finds out from personal experience that people who do not have those things (e.g. because they can't afford them) are basically social outcasts, not the least because they can't hold most jobs, or even look for one. But even beyond that, not having the device means that you aren't being tracked means that you can e.g. be murdered without much of a consequence. And so people who can't afford the real thing still shell out money for a mockup of a joymaker to carry on the belt, just so they aren't obvious targets.
The most interesting thing about that novel is that it was published in 1969, long before cellphones or "the cloud" were a thing. A rare case of a sci-fi author taking a contemporary hot bleeding edge tech (remote time-sharing terminals for mainframes) and correctly extrapolating it into the future. Pohl even gave a broadly correct timeframe when he talked about the novel:
> I do not really think it will be that long. Not five centuries. Perhaps not even five decades.
Google working to build web standards to let companies demand & verify state issued credentials too. This feels like such a scary scary step for the internet, letting companies demand strong verification.
Normally a huge fan of a bigger web platform, but will control, coral, and track users and that's a #rfc8890 violation of very high degree.
You can ask a security officer after the immigrations desk to stamp it. It's entirely dependent on the officer and whether the stamp is at the desk that day, but my wife and I recently both got our passports stamped this way.
No guarantee, etc - but theoretically still possible as of 2024.
I hate this idea. I hate having to depend on my phone. I rarely use it and often let it run out of charge. They can pry my passport from my cold dead hands.
I think the article is poorly titled, as it doesn't mean the end of paper passports. I can't see that happening in my lifetime - we still have checks and credit cards despite most young people just tapping their phone around.
I'm all for digitalizing documents as an option, but not if it means losing physical copies. So far the government has been on the side of not discarding them - we still get paper social security cards.
The reason hard copies of most documents will exist for a long time -- building federated digital systems is a huge pain in the ass.
Sure, you can have a digital passport for purposes of authenticating yourself, which is operated by your national government. Will this government allow the same level of access to the embassy of North Korea or some other geopolitical adversary or just to a random sim card issuing shop in a mall oh the other side of the globe? Maybe they will in the same way corona certificates were implemented. Now will every single place that legitimately needs to have a copy of your id on file be bothered to interface with this system and all slightly incompatible versions of it provided by other governments? Probably not.
And passports are kinda sorta simple to begin with.
> we still have checks and credit cards despite most young people just tapping their phone around
Unfortunately we're losing cash. There is one of those modern "chic" mixed-business-and-apartments developments not far from my house. Shortly after they completed construction my 12-year-old daughter visited the ice cream store there with her friends, but she couldn't pay for her ice cream when she got to the register because they didn't accept cash. They ended up just giving her the ice cream.
Most of the restaurants there have a "no cash" policy posted in their windows and at the till. No skin off my back. They're overpriced for what they are anyway, so I'm happy to give my business to other local restaurants not in the fancy mixed-use development.
The US has checks. Most other nations have mostly (or completely) phased them out for more than 2 decades.
Credit cards are just chip carriers now. Mag stripe is being phased out. So either you use the chip connection or use contactless. The cards issued by my bank (Australia) aren't embossed and the mag stripes will probably disappear once the banking 3rd world (US + some of Asia) catches up with the rest of the world.
Oh and contactless is literally the same protocol as the contact connections, so "just tapping their phone around" is exactly the same (to the terminal) as "just tapping their card around" or "just inserting their card to read".
Government ID could be done in a privacy enhanced way that only provides the requestor attestation of the required information and nothing else.
eg
* "Is this person that just provided an encrypted and unreadable blob from their ID card over 18?" "Yes".
* "Is the person that just provided an encrypted and unreadable blob called John Doe?" "Yes".
The government already has all of your identification from birth to death.
By (mostly) definition, your identification is what your local government says it is.
Well, not in the UK. Here you need a passport to partake in any significant financial activity - I had to get one to sell my flat, and you need one to open a bank account. Neither of these were needed 20 or so years ago. It's basically introducing ID cards by the backdoor, when the majority of the UK has always been against them (but civil servants and politicians love them). And all under the nebulous reason of "preventing money laundering".
I have to say though that the guy I spoke to at the Passport Office (a civil servant!) was very nice, and they did git it to me quickly. Never used it again 4 years later, though.
All three of my last UK jobs all wanted to see passports on day one for everyone (Brits and foreign) to verify work status so in more formalized part of economy everyone has one
Instead of replacing passports with apps, in between would support passport cards. Better to allow using national ID cards as passports. The digital data could be saved on card but with physical photo and info as backup. It also works for people without smartphone.
The US has passport cards but they only work for land and sea from Canada, Mexico, and Caribbean countries.
Recent Canadian passports are basically a plastic card glued to the first page of a paper passport. For backwards compatibility it seems - it’s obvious the plastic card contains the chip and everything that matters.
Chips have been present in passports, even the all-paper ones, since the 1990s, with all the same information. They’re called “Biometric Passports”. The plastic card in newer passports is for durability and making them more difficult to forge.
But the chip doesn’t contain “everything that matters”. The chips have biometric info (hence the name) like legal name, sex, nationality, photos, and sometimes fingerprints. But the bulk of a passport book is made up of tens of pages where stamps, stickers, and even entire visa documents can be stapled/attached. None of these are present in the chip.
> The chips have biometric info (hence the name) like legal name, sex, nationality, photos, and sometimes fingerprints
... legal names and nationalities aren't "biometric info" though. Is it fair to say that the chip contains the content of the travel document at the time it was issued (doesn't the chip also include the passport number, issue/expiration dates, etc) but not the stamps/visas that are added after the passport is issued ? I think everyone gets that the chip isn't updated when you get stamped into or out of a country.
> Is it fair to say that the chip contains the content of the travel document at the time it was issued
Yes to expiration date and number (although afaik it does vary because each country may include or exclude certain information), but in general no, because even if you have a visa issued to you at the time of a passport being issued (like at the time of a passport renewal), the chip will not have that information. The chip information is basically just proving who you are, but doesn’t have any info on where you are permitted to go (other than permissions implied by your characteristics like nationality). That information is stored elsewhere, like in the passport pages or a country’s internal immigration records.
The chip has at least the same information that is printed in machine readable format on the photo page.
It has all the same fields in one or two lines with "<" field separators.
I've had the chip read, I've also seen the passport being scanned to read those lines.
A passport has two components, one is identification of the holder, the other is the travel (entry/exit stamps) history and potentially the conditions of entry (visas etc).
National ID cards are widely used for international travel in Europe. You just need to standardize them, so that every checkpoint doesn't have to support 200 weird national standards.
I think the digital portion is pretty standard nowadays (same as biometric passports, plus any national addons like e-signing on top of that). And physical features are customizable, but that’s atrue for passports as well.
you're talking about humans, a civilization that cannot fully win the decades-long fight for one portable charging format, and proposing all governments get on the same page about their passports?
The machine readable printed parts are covered by an international standard
ISO/IEC 7501-1 [1].
So despite your cynicism, all governments literally are on the same page about passports.
What do people think organizations like ISO, ITU, ICAO etc do other than exactly this sort of standardization process of human activities that are common across national boundaries?
National ID cards are evil. They are not a thing in my country and there would be very very strong opposition if they were seriously proposed (including riots, like when vaccine mandates were imposed on a subset of the population a few years ago). The passport is the only thing remotely close to a national ID, and a good proportion of the population do not have one. Standardizing a national tracking ID so foreign powers can know everything about you and sell it to further enrich their oligarchs? Not a chance.
i don't even know if it would work for majority of Mexico tbh. Around covid time, especially in non-Cancun airports, they would basically refuse to let me leave the country if the stupid physical entry stamp was not perfectly readable. Explain to them the digital revolution.
Well I hope the numbers we're counting down from are pretty high then, because my interest in using my phone or face as a digital ID is non-existent. Can't we at least do smart cards? What if I don't want to travel with a phone? And let me guess: my options are some Android phone or an iPhone, and there's no need to worry about any potential new entrants to the smartphone market for the foreseeable future. We needed more barriers to entry for that market, it was getting awfully competitive!
Yeah, sounds good. Again, I hope those days are numbered higher than mine.
My question: how about we just don't do this? Can we all agree the "governments depending on ActiveX controls for important things" thing was a terrible idea and just not? Smart cards would work fine, and there's even standards for it!
The answer: nope, it's almost certainly time for round 2. Plus some forced facial recognition for good measure.
Like I said, I hope the number on those days starts pretty high.
I've been in a handful of places where no meaningful digital proof of identity/legal entry could possibly be produced: deserts, small towns with no cell service, etc. It's hard to imagine the expectation of a physical passport with a physical stamp in it going away anytime soon in these places.
There are still significant portions of the world where having electricity, internet, and running water all working at the same time is not as common as you would hope.
Expecting always on satellite connections in a lot of these places is asking for a lot.
> Expecting always on satellite connections in a lot of these places is asking for a lot.
It might be easier than having reliable power grids or running water supply. Assuming at least some of the satellite-internet projects work out (Starlink, Amazon's thing, Chinese thing, European thing, ...) all you need might be a fairly affordable (comparing to infrastructure for running water) hardware that can run on demand using batteries.
the needed infrastructure can be just at the passport checkpoints
AST Spacemobile and Starlink's user experience will just require mobile phones. No adapters or base station. they'll find a way to power them, or extend signal from them. for the passport holder, that will just be client side and no connectivity necessary.
No. It isn't "just at the passport checkpoints." It's everywhere. Passports are the only form of ID most people have abroad that are recognized by foreign governments and establishments.
Good luck to the French dude trying to drink in the U.S. without a passport, or getting stopped by the police in Łodz and not having any valid identification on you.
This is very much false in much of the world. Especially if you have foreign paperwork, it's very likely a passport will be required by any kind of official asking for any other paperwork from you.
15 years ago, a Polish driver named "Prawo Jazdy" was causing a real nuisance to the Irish police, seemingly all over the country. Turns out they couldn't parse the document and they were looking for a man named "Driver's Licence". http://news.bbc.co.uk/2/hi/uk_news/northern_ireland/7899171....
Nowadays, the licenses in the EU are standardized, but at the same time, they are completely unreadable if you don't know the standard, since data fields are numbered, but not usually described in English.
I am a dual citizen, and I have not found this to be the case in either of my two countries. Neither of them will accept photo IDs issued by the other, except for passports.
Don’t know about Lodz, but you can absolutely not get a drink in Utah with a French driver’s license. They insisted on a passport since I was from out of state.
But as others have noted: assuming satellite cellular access is also a big leap. I once had someone check my papers by taking my passport, writing a copy of the entry visa number on it (itself hand-written), and then finding me hours later after they were able to find a landline to call the border service with.
Even in a world with ubiquitous connectivity, this introduced a single point of failure. At least some offline capabilities are essential for something as crucial as travel documents.
i don't see how a physical passport with a physical stamp is any more meaningful than an offline smartphone with a passport app, either way the receiver needs some connection if they want to do any real verification
It's meaningful to a bored police officer in a less-than-democratic country who has nothing better to do than make my life annoying.
I'm not denying that it's security theater or claiming that it's more meaningful; I'm saying solely that there are physical expectations that are going to be very hard to shake once you go off the beaten path.
I took 'could possibly' + reference to cell service to mean that there is some sort of technical/infrastructural limitation. If your point is that the world is big and any effort to do this would take a long, long time to fully penetrate beyond a few highly developed Western countries, then I definitely agree.
I think things generally start off as experiments in first world countries then trickle down eventually to third world countries. That's just the reality. 20 years ago not everything could be digitized because internet/smartphone access isn't widespread, but now more or less every single person on the planet has some sort of internet access. Things change eventually, they gotta start somewhere.
> It's meaningful to a bored police officer in a less-than-democratic country who has nothing better to do than make my life annoying.
I've found that money is more meaningful than anything else to those bored officers. Either they don't actually care that much about your documents, or if they do, they're simply looking for a bribe. At least that's been my experience at out of the way border crossings in southern Africa.
The most ridiculous experience I had was crossing into Zimbabwe with my 11 year old son. The officer wanted to see his birth certificate, which was still in the car that had already been driven across the border. So I had to leave the building, walk across the border, which nobody batted an eye at, get the document, walk back across the border, re-enter the building, and then present the document to the officer who didn't even look at it before letting me proceed to leave the building and walk across the border once again.
I’m curious about your experience with this. A friend did a big tour through Africa about 15 years ago and when he got home he commented that you had to be careful to right-size your bribe: if your bribe was missing it not big enough, you’d get hassled about paperwork or maybe have to pay a “fine” or “document processing fee” to make up for it; if your bribe was too big, though, then you and the people you were travelling with would be subject to intense scrutiny. From what I recall about $5 USD was about right and $20 USD could result in the contents of your suitcase getting dumped in the dirt and very thoroughly rummaged through.
Physical passports, in the same way as physical currency, have numerous mechanisms for reducing the ability to forge the documents.
So these documents can be checked locally without any form of communications to some central authority (which doesn't exist across national boundaries).
They have visible anti forgery like UV printed symbols and information, underprinted background text and patterns, etc etc.
So they are more "meaningful" than an offline smartphone with a passport app in that they do not require anything other than the officer's ability to see, feel and read the documents.
If being forgery-resistant is the argument for paper docs, a passport that identifies me using strong cryptography is just as forgery-resistant (likely more so). And we could do a cryptographic verification without a persistent internet connection. (Or can’t we?)
A passport with strong cryptography would be forgery-resistant, however it is dependent on some form of PKI to distribute the public keys to every customs/border inspection point across the world, for every passport-issuing nation.
Even when there's no connection, no electricity, you get some modest layer of security out of "it's hard to manufacture a convincing fake passport if you don't have large-scale resources behind you."
What happens then with app-only passports? Do we close the border crossing entirely until the network is back up? Or do we rely on showing a QR code or NFC handshake that can't be properly verified? I'd think creating a fake passport app that reached those hurdles would probably be easier than getting access to specialized papers and printing technology.
Yea, lots of comments in here advocating for full digital or “just use passport cards” are coming from a narrow perspective of only having to use passports in established travel routes like major international airports or developed countries. Most of these suggestions just simply wouldn’t work in the majority of the land border crossings I’ve experienced in places like Laos, Cambodia, rural China, Thailand, Peru, Bolivia, etc.
Or... Canada! I've biked from Montana into Alberta and the border crossing was in the middle of forest in the middle of nowhere. Definitely no reception or wifi there.
They work, sure. It just involves queueing, lots of manual checks, endless amounts of misery at airports, etc. But it works. But I would label it as a problem.
I like being able to skip all of that. That works too. It's not that hard.
I wouldn't qualify standing in a line as endless misery...
Regardless, I have global entry so I do appreciate the desire to skip a line, but I don't follow how 100% digitization solves the need for checkpoints completely. It just seems like techno utopianism to me.
Because it works, quite well actually. It isn't that hard or expensive. And it's convenient. Why push for the old stuff? There's absolutely nothing fun about having to queue for some TSA prick for two hours after a transatlantic flight who hates his pointless, miserable life (and rightfully so). All that stuff can be automated these days.
TSA does not do border control, and in fact border control is usually relatively fast compared to being re-screened through security (TSA).
Edit:
It's convenient if you are a digital native, but elderly folks, among others, will not find it easier than a physical passport. The push to require everyone to have a digital device to participate in society is troubling to me.
I guess if that's how you feel about it, more power to you. The day I get away from almost all tech will be a good day. Also I get that TSA sucks but I don't think they deserve the vitriol you're throwing.
This is the narrow perspective I was referring to. There are border crossings in the world where there is no reliable electricity, and laptops/smartphones are a rare luxury. Starlink is not a solution to these problems.
If the government is going to mandate that you carry a phone in order to travel, they should provide the phone with the passport. I don't know how any of these "smartphone only" official document schemes are expected to work for people who don't carry smartphones.
There are significant downsides to the digitalization of travel documents. The biggest one I can think of is ownership - the UK is moving to an entirely digital visa system and bringing in an ESTA style system called ETA for visa free countries. Unfortunately this means that residency cards for noncitizens are being phased out. This means that when the Home Office messes up and accidentally deletes your immigration status, or you are at an airport with no internet access, you have no evidence whatsoever of what status you hold. It also means you will no longer be in possession of any records that might be useful years in the future when the current database containing immigration records will likely have been replaced. It’s much easier to keep a piece of paper around for 30+ years than it is to make sure a digital record doesn’t rot in that time.
I feel strongly that any future digital travel credentials that are offered by governments should be able to operate entirely offline, and provide records that can be retained by the data subject. That means that revocation is harder, but IMO that’s a tradeoff that is worth making to avoid another Windrush scandal.
This has already become a pain when dealing with countries that don’t stamp passports, because when you need to apply for something that asks for your travel history over the past 10 years, you might not have any records anymore.
I do agree that conceptually the government shouldn’t force you to buy things from private companies to exercise your rights.
However, you already have to buy a passport (often for a lot of money) in most countries, so pragmatically, I don’t know that it’s a hugely different thing to ask. However, there’s a big difference for children, the elderly, and people with disabilities.
Immigration tends to stretch human rights though. It costs >10k gbp in visa fees for a British citizen to return to the UK with a non-UK spouse from arrival to settlement. You also need to be earning a fair bit of money, and not have the British partner as a stay at home spouse. I would say that frustrates article 8 ECHR, but the government disagrees.
There are countless examples of similar issues re international travel and immigration. Smartphone ownership is simply one of many.
If you are convicted of hacking in Australia, you may be subject to a lifetime order that prevents you from owning a smartphone. However, once your parole is done, you do have freedom of travel.
Ownership of a device simply is not a guarantee you can rest on - even before you get to those who may not be able to use them.
I completely agree. There are a variety of reasons why a person might be digitally excluded.
Governments need to make sure that people can access the services that they’re entitled to through a wide variety of channels, including physically visiting an office if necessary.
Though I will say, at a practical level, you will find that it’s increasingly difficult for people with criminal records to travel internationally (due to entry requirements).
"They're entitled to" or "Have a right to" seem more precise than "eligible". At least in my country, I think everyone (citizens) has the right to a passport. It's not something you need to be chosen for as "eligible" would imply.
My reasoning is that eligibility is a prerequisite for entitlement. I believe eligible is defined as meeting some criteria for, not necessarily being chosen though that could be a criteria. I agree they have a right to, however entitlement implies to me that the person has invested some time and resources in asserting their right. Whereas eligible means only that the right to something exists, if it were to be asserted.
The way I see it "entitle" = "in title". People in their title as citizens have a right (often from birth and unalienable) to certain things such as passports.
"Eligible" means you're able to be elected, but you must still be elected. Different from a passport, you may be eligible to a visa, and at some point an officer is likely going to interview you and decide whether to give you one.
People are entitled to a passport but only eligible to a visa. You can assert what you're entitled to, but not what you're eligible to.
> entitlement implies to me that the person has invested some time and resources in asserting their right
That's only when your title was earned, which not all are; some are born into them.
> I believe eligible is defined as meeting some criteria for, not necessarily being chosen though that could be a criteria.
The confusion may have started when decisions became more automated into "criteria" to be checked for by bureaucrats that no longer have the deciding power they once had (and later further automated by software), but "chosen" is in the latin root of the word. For example, "chosen" in Spanish is "elegido", "choosable" would be "elegible". "Eligible" = "electable" = "choosable". They're all basically synonyms.
>> entitlement implies to me that the person has invested some time and resources in asserting their right
Something else about what you said here, for titles that are earned (e.g. naturalized citizens), you don't invest time and resources to assert your right. You invest time and resources to earn the title. When you've earned the title, you've earned the rights that come with it. Having then those rights, you can then assert them. You don't need to expend anything to assert. You just claim them, since they're already your own. For example, if someone says you need to expend time and resources to assert your right to vote when you're already a citizen, that's wrong. Having expended time and resources to become a citizen (or having been born a citizen), it's already your right to vote. You're entitled to a vote.
A paper passport can be valid for 10 years (maybe more, I'm not sure). It can be stashed in a safe. It can be left alone for several years and be picked up just before leaving for the airport.
A smartphone will not satisfy any of these properties.
I've simply been buying Pixel phones and using the GrapheneOS web installation tool. It holds your hand through unlocking the bootloader and flashing the new image on, and it always works without a hitch. Super-easy and reliable. I suppose you still don't "own" the radio firmware, but at least you can have a perfectly functional Google-free Android phone that way.
I suppose the real trouble comes from needing to install software from the Google Play store in order to travel. If you feel you need to do that you can create a new Google account just for that installation of the Google Play from the phone itself and then never give it any of your personal information such as a payment method. GrapheneOS claims to do a pretty good job of sandboxing Google Play components.
Regardless I agree with others here who think it should always be possible to travel without any electronics on your person.
I use GrapheneOS, and wouldn't have it any other way, but its prolonged existence depends on Google not making any asshole moves in their next Pixels, and on the (highly appreciated) efforts of a few dedicated individuals.
And like Linux on the desktop: it offers a better experience for everyone who either has the knowledge to step off the beaten path, or has someone who supports them. But that is just a few percent of people. The rest gets what market forces dictate.
See https://news.ycombinator.com/item?id=42536302 for an official response to the claims in that repository. Many of the features listed there are officially planned features, although not necessarily in the way they imagine them. We want to give users a choice about things like secure activities blocking potentially accidental screenshots and apps detecting screenshots so those will have toggles.
GrapheneOS is heavily focused on privacy and security. That means we're not going to add massive attack surface or poke huge holes in the security model for very niche things that are not going to benefit the vast majority of users. We provide official support for userdebug builds with ADB root access for people building the OS. Official support includes helping people with their builds in our development room, with the hope that people end up contributing back. People making userdebug builds for production usage should enable ro.adb.secure=1 unlike a regular development build. They should be aware of the security downsides and it's their responsibility to secure the computer(s) they're using for builds, signing and ADB access. ADB access can also be used on the device itself via network ADB which is non-persistent for security reasons.
GrapheneOS is an open source project. Modifying the official binary releases is not the intended way of making changes to GrapheneOS. People are intended to modify the sources and build it themselves. The whole process is only a few commands and can be trivially scripted if people only want production builds signed with their keys.
GrapheneOS even has fully reproducible builds for the OS and we have a community member that's reproducing each OS release successfully. There's only one known issue specific to 8th gen Pixels which has been worked around by them doing the 8th gen Pixel Linux kernel build from a specific path. It should be resolved already by Android 15 QPR2 that's currently in Beta due to it moving to the 6.1 kernel used for 9th gen Pixels for 6th/7th/8th gen Pixels too.
GrapheneOS doesn't implement or keep anti-user features. The way the linked repository is portrays things is not accurate. It gets the technical details wrong and also misrepresents the GrapheneOS decision making including portraying officially planned features as if they're things we disallowed because we didn't implement it yet.
You should use our official instructions for building and signing the OS. We provide official support for it including helping people with it in our development chat room available via Discord, Matrix or Telegram:
Building GrapheneOS is far easier than trying to modify the official releases. It's not hard to build and doesn't have a lot of dependencies on the host OS since it uses the standard AOSP build toolchain for reproducible builds. It takes around 40 minutes to do a full build of the OS portion of GrapheneOS on a recent 16 core AMD gaming CPU and half as many cores won't actually take twice as long since scaling isn't linear. It takes under a minute to do most incremental builds for testing changes after the initial build.
If you make your own builds, you don't have to modify anything to have root access via ADB. A userdebug build has root access in the Android Debug Bridge (ADB) shell via a su executable along with support for adb root to run ADB itself with root access so every command has it available including the shell, push and pull. You should enable ro.adb.secure=1 for a userdebug build if you intend to use it in production to enable USB-based ADB authentication like a regular user build. You should be aware userdebug reduces security through poking a lot of holes in SELinux policy in order to provide root access and the ability to disable dm-verity while unlocked.
Your own builds will not connect to releases.grapheneos.org for updates. If you want updates, you need to enable the Updater app by exporting OFFICIAL_BUILD=true after changing the URL to point at your own static web server. It's very easy to set up an update server and we publish official documentation and the sources for our services. We don't outsource our update systems to mirrors for privacy and security reasons. The app releases, OS releases and app repository metadata are signed with downgrade protection but that doesn't mean a mirror system is a good idea.
Here's a list of all default connections made by GrapheneOS:
You can choose to host only the network services and use our official app repository. If you rebuild one of the apps we update through there, just change the app id so it won't try to update it.
The services need to be updated before an OS update depending on changes to the APIs which are documented in the official release notes. For example, Broadcom GNSS moved to a new format for part of the PSDS data. It's all in 1 repository (grapheneos.network) if you don't host app and OS updates. You can host all this stuff on 1 server but we use separate ones for network services and updates since the load is so dra...
Are you aware that the title of this submission is "The paper passport's days are numbered" ? Not "Why You Should Use GrapheneOS?" Way to hijack a discussion about what is fundamentally a human rights issue.
I responded to two posts directly about GrapheneOS. I tried to give helpful information on the correct way to do what they want to do and addressed the idea that we're doing anything anti-user. The linked content is misleading and it's only fair that we have a chance to give our perspective and explain our decision making. A lot of what was listed is stuff we plan to change but there have always been lots of higher priorities. The rest are security vs. incredibly niche features where we choose security but people can still have it the other way due to it being open source.
First off, thanks for all your work on graphene! I run cyber security for a company in the defense space, with data-sovereignty requirements, and you guys are the only serious project around. You should think about selling support contacts, I know a lot of BlackBerry refugees still looking for something serious. I bet you could sell support and a barebones MDM as subscription /very/ successfully.
(As an aside, I've been very happy to see you are still involved with the project!)
> GrapheneOS has a built-in encrypted backup system
Do you mean seed vault? It's really not satisfactory. For one, I should be able to encrypt my backups with any key of my choosing, on a hardware token if I so choose, not be forced into its silly codeword system or nothing at all. AES, gpg, and X.509 compatible support would get you all of the way there.
Even just letting backups be exported unencrypted, so I can easily and automatically use a trusted device to encrypt it the way all my other data is would make it so much more usable.
Frankly, the current implementation just reads as one of those ridiculous things trying to force the uneducated/uninterested to be secure, with no escape hatch for people who actually know what they are doing, nor for enterprises who need secure mobile devices, but also know an end-user will /never/ successfully take a backup on their own.
> First off, thanks for all your work on graphene! I run cyber security for a company in the defense space, with data-sovereignty requirements, and you guys are the only serious project around. You should think about selling support contacts, I know a lot of BlackBerry refugees still looking for something serious. I bet you could sell support and a barebones MDM as subscription /very/ successfully.
It's something we can consider in the future. We do plan to make our device management system with a unique approach not available elsewhere in the industry. We'll wait until we have it implemented to explain it.
We have funding to continue expanding the project and need to focus on that before trying to get funding in more ways than donations. We've been successfully expanding the development team. It's the non-development aspects which are barely in place.
Bear in mind our open source project has been around since 2014 but the non-profit organization was only formed in March 2023. There was a false start through forming a company in 2015 to support the project, then having it go off the rails and try to take over the open source project followed by years spent trying to destroy the project when that didn't work. It resulted in a lot of lost time, energy, money and opportunities. From a development perspective, GrapheneOS is a very mature project. From an organization perspective, we're still rebuilding from what happened in 2018. The focus is very much on development and building out the non-profit isn't easy for us.
> It's really not satisfactory.
We know it didn't turn out the way it was planned. Someone made the initial implementation for our use based on our design specifications and input. It was meant to become an official GrapheneOS project. We gave our design concepts to someone who began working on it, but the takeover attempt in 2018 lined up with this in a way that it got derailed. Today, this backup project is controlled by people directly involved in the takeover attempt and subsequent attacks on GrapheneOS. Believe me, we're not fans of the project and intend to either incrementally rewrite it or outright replace it.
The basic concept we created was an encrypted backup system able to support local backups, backups to an external drive, direct transfers from one device to another, arbitrary sync providers, etc. There was a whole vision for what it was meant to be but only certain aspects of it got implemented and mostly not in the way we intended at all. The fact that it exists acts as a barrier to making something better because we don't want to rip it out and start over with something not fully functional. It's easier to start a new project to add a missing feature than to figure out what to do about replacing an incomplete and low quality implementation of what we wanted from this. We need to figure out a whole migration plan away from it to something new where the old system doesn't go away until the new one at least does what it can do better.
> silly codeword system
It's a standard BIP39 seed phrase. It was meant to be a lot less limited than it is. There was a vision for what it should be which was partially communicated. The current team working on it doesn't understand the original vision for it and is not capable of creating something on the level we wanted to have.
> That means that revocation is harder, but IMO that’s a tradeoff that is worth making to avoid another Windrush scandal.
I don't think the UK (Or US, other other European) government are too torn up about the possibility of another Windrush scandal.
But I generally agree with you. A physical passport offers a degree of psychological and real "security" that the promise of some cloud-hosted credential absolutely does not.
As a minor aside, I (US citizen) was once able to able to enter the US (at Toronto Pearson airport) despite having left my passport in some hotel. I just told the stern American guy "Yo soy American." Apparently they have ways of telling.
With the current system, the passport chip can be validated offline if you have the CAs cached. If your computer is completely dead, you can look at the documents under a UV light and verify authenticity the old fashioned way. You could definitely design something that was verifiable offline using phones, but you’d be harder pressed to have it verifiable without any tech whatsoever.
Exactly this when I said in another comment I want both. The old physical protection of UV light and verify authenticity the old fashioned way. It doesn't even need a stamp but a physical thing that prove my identity I can own. Not another number in the system.
This is the same thing I am against a cashless society where the society no longer accept physical cash. And in 2012, and later 2014 when Apple Pay was introduced all the way to 2017, 99% of HN were in support of getting rid of physical cash.
In times of disaster, the people welding paper along with the people who can trade on their street cred, familiar friends, family, will get stuff, do necessary business.
Everyone else will be essentially panhandling.
Mind you, not a damn thing wrong with panhandling. That is not a crime.
My point is to avoid having to do that where possible and practical.
my passport has been through a washing machine accidentally and i can still present it in the remotest of countries no matter the internet or whatever, and it works
in the US, yes they are switching to face recognition and often they barely even look at the passport anymore. I enjoy the convenience of that, but i don't wish to share this data with all the countries in the world, nor to be on the hook for having a connected device everywhere in the world for basic movements.
You may not wish to share it, but it's a simple choice:if those countries want that data, you'll either share it or be refused entry. Passports are only a small part of that, regardless of what data is stored on them. The US for example requires you to provide fingerprints and submit to a face scan, that then get permananetly stored (for non-citizens). They also require you to submit to a phone and laptop search if the TSA agent believes it's necessary. You are of course free to refuse all of this, and go back to the country you were coming from.
So having digital vs physical passports opens no new avenues of private data sharing with regimes you might not trust: they already have a right to demand any kind of data they want about you.
One reason I dislike such digital ID schemes because I can't actually tell what information (or metadata) is being forked over. Even if it does purport to show me, I'm just supposed to trust what it says?
No thank you. A piece of paper provides a common format that's easy for both me and the official inspecting it to understand.
What do you think happens when passport control scans your passport? The fact that the identifier is a paper document vs a digital token will make zero difference to the data that they track. It's linked to innumerable national and international databases which they will be tracking. Your privacy is basically zero when you cross borders.
That's not true. My freshly printed passport was denied by a computer at the UK border, they ran forensic checks for 2 hours while I waited in detention and then it was all good and they let me go.
No, if you don't come with a database solution, any paper or physical only solution is 100% counterfeitable, with just enough means poured into it.
Mafias all around the world will buy expensively any valid or even used identity document just for this purpose, i.e. to study it and perfect their forgery skills.
The process you witnessed is a remnant of the past, a feature of the necessary transition period, and I hope it disappears soon, because that's a giant gaping security hole.
Btw, your fingerprints are in the database, as some facial features too. That could be in addition to retinal scans and, why not, DNA features too in the future.
Thanks to all those biometric data, in case of a problem, the process will be much more reliable using the database than using old fashioned paper IDs.
Also, all these tests are very fast to perform (excepted maybe DNA tests), much quicker than the unreliable administrative cross-checks that were performed until now when there was an ID issue.
I have a (USA) digital driver's license that I've presented to TSA via my iPhone a couple of times. It's explicit exactly what information is being shared. You tap (as if to pay), the information being requested displays on the screen, and you double-click to acknowledge and send.
Note: USA "paper" passports have included an RFID chip since 2007.
Dude, your passort already have information on the chip that is machine readable.
All the data that is being forked over is not on the passport but various databases - Interpol, Europol, etc.
Most comment here are not related to the problem, which is your interest & my interest & interest of 98% of HN others at least conflicting with the interest of those who control how humans vote. We know how things ought to be if everyone wanted them to be good for most humans. None of this discussion will however convince anyone to work more altruistically in reality.
Those who control the public opinion know that there's some opposition who confuses the problems with the conflict. They laugh since no one who thinks legislation like in the link would be generally bad can do anything. The ignorant will vote what the Orwellianishly-named "smartphone" will command them.
In the next five years, it's likely the option to stab the kings will be for the first time removed, since robotic militias will mean no insurance CEO can simply be shot. This means there will be zero limits to what cruelty they'll do you, since no matter how torturous it gets you'll be unable to even violently resist this. You'll have no democratic mouth, but you must scream. Completes cyberpunkization well.
---
Aside: US drones + US satellites that enable global connectivity of drones was a rather obvious consequence of Starlink ~4 years ago. If they really want some person, they now can search most of Earth in few hours with the drones + computer vision, and soon with land robots, all connected through Starlink (starshield to use the euphemism). The irony is how this at the same time solves the connectivity problem.
In case I did, I would make sure I don't get pinpointed to, but in the US perhaps look at CFR / state department veterans & advertising corporations' stockholders & Google.
In Europe traditional news sources there got economically slaughtered & replaced by few big online 1995-2005. This qas a consequence 1970s & 1980s academic networks working closely with US on web, and US then doing what it did with Google.
If you can influence what ends up in the social media feed of those deciding about university curriculums and/or most politicians, that's quite powerful also.
In Russia & China, there seems to be less hidden, less culture of valuing "free media."
---
That public opinion "matters" but gets shaped is very plausible if you consider that most of history it didn't matter unless the public got very angry.
Century of Self describes the process before Zuboff.
One might argue that control of public opinion was originally more psychoanalytic idea, and then became more Skinnerian with computers.
Biometric databases will be hacked and leaked, criminals will perform cosmetic surgery to assume new identities.
> US drones + US satellites that enable global connectivity of drones was a rather obvious consequence of Starlink ~4 years ago.
One would probaby be safe from the US in Serbia, Transnistria and other non-US friendly places for a while, given enough bribe money. The US won't sneak drones into sovereign airspace without another state's approval even if they're looking for high level targets such as Osama bin Laden, Al Baghdadi, Qassem Soleimani. We are not talking about failed states or states in civil war like Syria, Libya or atates under US assistance like Iraq here.
As a Brit with NZ permanent residency, there hasn't been residency stickers in passports for NZ residency for years now, so the only thing I have is a number and a PDF I can print out...
Yes, and so do NZ and Australia. I actually think the biggest influencer is probably EITAS, which is the same thing for the Schengen area (yet to come into force).
It’s a part of a wider trend going forward. I will say the UK/EU systems are fairly unique in that they aren’t excluding each other. Canadians don’t need ESTAs nor do Americans need Canadian ETAs
It's not digital in the sense that you need to show it on your device.
It's digital in the sense that it's electronically stored against your passport number, and the UK Border Force can see it just by scanning your passport.
Then, the digital passport's ship has already sailed for better or for worse, and all these questions are solved in other ways.
> when the Home Office messes up and accidentally deletes your immigration status
You're toast either way, because it will be checked at the airport. You'll have to deal with the immigration officer and have them do something, because you won't go very far with just a paper that will be checked against the backend. In my experience it has already been the case for a while now.
You still better have the reference paper that will help identify your visa procedure, dates etc. But it's already just a key to the info in the DB.
> you will no longer be in possession of any records
Print out the papers and keep track of the important pieces. It's the same for everything else in your life, including tax documents, birth certificates etc.
Even in the olden days, the papers you had only had value against the agency's record that could prove their validity. If you had to prove residency in some specific period, having a stamp on your passport would mean very little if the agency denied having any records of it. So it's exactly the same weight as if you printed out a certificate while the DB blew out and no data about it are left.
PS: I think in previous time people were also so much more lenient. It wasn't much a question of physical papers or not, and more on how much few people cared if your info was valid or not. I had an error in my name in many official documents, and while people noticed it, a simple "they typed it wrong" explanation was enough in 99% situations.
If you have records of your own and pointers to other organizations contemporaneous records, you may have an opportunity to appeal if your DB record is lost.
The home office rather notoriously destroyed/never kept its own records of arrivals of commonwealth citizens, which was one of the steps leading to the Windrush scandal.
Many older records only exist in paper form, and often the receipts are good enough. This is especially true when you’re dealing with 3rd party governments. A foreign government is going to put a lot more stock (rightly or wrongly) on a birth certificate that is printed on fancy paper covered in security features than it is to a printout of an email.
I second both points. You absolutely need to keep your own papers and records and it's fully expected as well.
Also yes fancy paper is more valued than junky ones when nothing else remains, but random printouts are also provided everyday, and they're fine with it. At the crux of it, the foreign gov usually doesn't actually care that much about your birth certificate: they want due diligence at most, even if they'll have a more strict public facing facade. It's cross referenced only when it really matters (e.g. you're trying to get citizenship or a background check for security clearance ?)
> Even in the olden days, the papers you had only had value against the agency's record that could prove their validity.
That's not true. For example, Jews (or people who wouldn't be always considered Jews, but those who would still fall under the Law of Return) have to produce some kind of document which states that their ancestor was Jewish. Often these documents were issued by authorities that no longer exist. And it was up to immigration authorities to decide whether they trust such a paper or not. Basically, anything coming from Western Ukraine prior to Soviet occupation would be issued by such authorities, same with Baltics.
Unrelated to above: a lot of databases are only required to store their records for so long. For instance, the transcripts from most colleges can be produced within 10 or so years after graduation. Then it's like they've never existed. So, if for whatever reason you need to show your grades later, you better have a paper version.
I'm kinda baffled what you mean by authorities prior Soviet occupation, as Baltics an Ukraine/Poland have archives and power to acknowledge Jewish ancestry. It was not a question on decision to trust but requirement of the process by Israel for those that wanted to migrate to Israel.
What power are we talking about? That's completely new to me (and I had to go through this process).
Just to give an example of a document that I know had been submitted in this situation. A graduation certificate from a Jewish girls gymnasium in Vilno. The city has changed name since then, there's no such street address, there aren't any girl schools, definitely not gymnasiums, let alone Jewish. The building that used to be the school was destroyed in WW2. So, there's nobody who can vouch for the document. Maaaybe you could somehow find an index of all such schools that exited in the year of graduation, but even this info might not be available.
During WW2 a lot of civil records have been lost, especially in smaller towns / villages. Sometimes it was deliberate, especially if it was a Jewish settlement. It was common for Jews in the military to try to erase any trace of their ancestry, as regardless of how poorly the Red Army PoWs were treated, Jews and Communists would've been executed immediately. So, destroying records indicating such connections and forging personal documents was a common case. Now that people try to recover any traces tying them to their ancestors, they often have very little to rely on. Like, receipts from donating to a synagogue, or permits to start a particular business (typically associated with being a Jew) etc.
* * *
Another funny memory I have in this respect: in the 90's I was queuing in a bakery in some central part of Lviv. A man behind me overhead me speaking Russian (which wasn't very common at the time, since Lviv citizens frowned upon it, and mostly spoke Ukrainian), and decided to ask me if I know where Adolf Hitler street was.
My jaw dropped. But, the man pulled out from a pocket a triangular letter (the kind soldiers used to send during the war) with the address specifying exactly that. Apparently, the carrier of the letter was looking for his long-lost friend whose last known address was in Lviv, on that unfortunately named street. And since Lviv was seen as being quite radical in their way to dedicate streets to questionable historical figures, the old man believed that they might just have such a street...
Anyways, some locals overheard our conversation, and soon we discovered that the street in question was indeed named after Hitler during the German occupation, after Soviet occupation was renamed the Lenin street, but historically was called Lychakivska (and that was its current name, restored in the recent years).
* * *
Another similar story involves my dad's friend who was born in the 30's when the Soviets and the Nazis had a love affair. So, this guy was named Adolf, yes you guessed it, after the Austrian painter. He was Jewish. So, after the love affair ended, he sought to change his name. But you cannot change the name on the birth certificate. Also, his school graduation papers etc. all had him as Adolf, and that's how his family called him. Sort of. (I knew him as "uncle Dolik".) Not surprisingly, there wasn't much of a record of him changing his name to Alexei :) and he'd routinely get in trouble with all kinds of authorities, police when checking his driver's license, paying electricity bills etc.
Similarly, in Western Ukraine, prior to Soviet occupation, it was customary to give two names to children. Eg. my grandmother was Daria Anna. But the Soviet system didn't acknowledge this, and only one name could go into the passport / city records. So, she became Daria. At first. Then Dariana. And after having all sorts of documents, she was in a very tough spot proving ownership of her apartment, because it wasn't possible to tell (from the authorities perspective) whether Daria Anna, Daria and Dariana were the same person. Add to this that in order to preserve some of the family property she and her remaining relatives tried to mud the waters around these documents. Eg. to avoid partitioning the apartment she'd claim to have...
Places changing names is not an issue. My ancestors simply moved to a different country so this might be problematical to prove anything based on different country archives. But archives of small villages means nothing - there were central records for appropriate states.
It's getting hard to even take printing stuff for granted. It's getting harder and harder on iOS just to arbitrarily copy and paste text from many apps - can't even copy the title of a YouTube video last time I tried. This mostly just worked on PC.
It hurts me. Everything going so far backwards.
At least once a week I have to screenshot something on iOS and use the new Photo OCR feature to copy and paste it out of the image. I wish I was joking.
Yeah and they’re now rolling that out to everyone, not just EU citizens. This sucks the most for visa nationals because their passport isn’t good enough to get into the country. They need the server to be alive and their documents linked to even make it to the border, let alone to cross it.
Travel to the UK is going to be really chaotic from 1st Jan when all BRPs expire, and 8th Jan when US citizens and other non-EU nationals require ETAs.
I think they now allowed to use expired BRPs for a few months post 1st Jan.
From HO website: "You may be able to use your expired BRP to travel to the UK until 31 March 2025 if both: your BRP expires on or after 31 December 2024. you still have permission to stay in the UK."
Yes, they’ve said that, but gate agents at airports are the people who get to make decisions about boarding and expired documents will definitely freak them out. The issue isn’t really at border control, where there’s direct access to the databases anyway, it’s at the various stages of delegated border enforcement (boarding a plane, right to rent etc) where this will suck.
You might be able to bully them into accepting them because it’s in Timatic but there will be British residents who are blocked at least temporarily because of this.
If so I'm going to be the one asshole who presents the document on my laptop just because I don't believe that people have the right to invite themselves onto my phone.
348 comments
[ 2.6 ms ] story [ 307 ms ] threadThe challenge is how do you revoke a certificate which was used to issue millions of ID cards/passports once it leaks? Does everybody suddenly not have a "valid" ID proof?
Or how do you scale non-digitized operations up on-demand once some of this fails?
When it comes to privacy, government can even not keep any of the PII in a central place: it just needs to get it for signing and never needs to store it.
Basically, you can have a device that wirelessly transmits government-signed data containing your facial data and other PII, and upon validation, that data would be used for facial recognition and ID verification.
(Like JWT tokens for those familiar with them)
The examples in the article just store the document data in national database. In both examples (Finland and Singapore) you register online before the trip and then still show up with your passport.
Singaporeans just show up with their face because their face is already linked to their government ID, stored locally. This can be done by any country after pre-registering your regular passport.
All of this is trivial to implement. There's still no mention of full digital validation.
You need cutoff date and some kind of public trail log to prevent backdating new certificates. This can be done via short-lived secondary certs derived from a root one, logged publicly
You might be able to do it without a public log by using an RFC 3161 (TSP) secure timestamp facility like the unfortunately named https://www.freetsa.org/. Basically, we want to trust identity attestations ("I am Bill Clinton and this is my face") made by a compromised CA between the time the CA certificate was created and an estimate (hopefully a conservative one) of the date of compromise. We want to distrust any certificates signed outside this time range.
This way, in the event of a CA compromise, we don't have to revoke everyone's certificate after a CA compromise.
I think we can implement this security model by having the CA ask the TSP server to countersign each certificate that the CA issues. The TSP would sign a hash of the whole CSR, including both identity ("I am Bill Clinton") and biometric (bill-clinton.jpg) information. Anyone can use the TSP's attestation to provide that the TSP server witnessed this combination of inputs at a specific time.
Sure, if you've compromised the CA, you can issue a certificate saying "I am Bill Clinton", but to do so, you need to either use a genuine, up-to-date TSP attestation, giving away the game, or you need to use an old TSP attestation, forcing you to use exactly the original inputs to the TSP. Using the exact inputs wouldn't help you: you want to issue a certificate saying "I am Bill Clinton" with attacker.jpg as the face, not bill-clinton.jpg. The latter won't help you do anything: you don't look like Bill Clinton and you don't have his private key.
An attacker would have to compromise both the CA and the TSP server to pull off a passport forgery. And you can make this process even harder by requiring multiple independent TSP servers to countersign certificates.
Revocations always come with a revocation date. Only passports issued after that date would be invalidated. The issuance dates could be proofed with cryptographic timestamps.
There is a trade-off between false positives and false negatives when choosing the revocation date of the issuer certificate. With OCSP, you could also revoke all the individual IDs that are not known-good (known to have been issued legitimately).
Of course, a world-wide interoperable passport scheme is unlikely to be designed with such an elaborate verification system, and maintaining registries of all legitimate IDs comes with its own risks.
In case of a massive breach, it’s more likely that everyone will have to get a new passport and re-prove their identity for that using separate means.
If you have a big family with the ownership of many assets - a car, house or an apartment, bank accounts, mortgage, various subsidies, and so on, the number of instances that you need to go to change your old passport data to a new one could quickly grow up to one hundred, depending on a country. The biggest problem with reissuing a passport is that its number and issuance date change, forcing you to jump through many hoops to continue life as before.
From my perspective, a passport is just an identity document. It's not a source of identity. When you get a new passport, your identity doesn't change, so you don't have to update your information anywhere. Immigration officials may be the main exception, if you live outside the country of your citizenship. Or maybe there is some hassle if you need to transfer a visa to the new passport.
Lots of countries use ID's serial number as a sort of identity. Like, your bank would literally store "Mr. John Doe, G.I. ID 60-05 123-456-9012, D.o.B. 1985-07-29, etc." in your record, and when the next time you visit a branch and show them your new ID, it better have a "previously issued IDs" section on it with that old ID number there, so they would confirm that it's still you and update their record.
And presumably, you would still have to renew your passport every ten years or so anyway.
https://www.cbp.gov/travel/us-citizens/mobile-passport-contr...
But you still need to carry the paper passport as backup.
Hopefully this will be fully automated at check in though. They already have all the info there, don't ask me twice. Send me an email if you won't accept me into your country. It can have its upsides.
ok, do you want that, or are you required to have that..
Uniform servicemen already have made agreements about their data, locations, records, check-ins ad infinitum.. but citizens have not made those agreements.. So uniform services will just make those agreements mandatory.. there is no end to this.
especially irksome is piling on requirements for constant check-in among law abiding people who own property and pay taxes.. while somehow hundreds of thousands can walk around living in parks in the South ? I am not even extreme on this topic .. it just defies common sense and says Slippery Slope in giant letters
People want it because it lets them do what they want with less hassle and it makes many trips possible that are impossible if you have to cross the border at a manned border crossing.
But of course, there is a slippery slope danger.
Don’t really see what a bunch of people wondering around parks all located in the same country has to do with boaters moving between a smorgasbord of islands belonging to two different countries, and thus randomly crossing the boarder back and forth multiple times in a single trip.
When you cross the border on the water, you aren't required to report until you go to land (if you never set foot in Canada, but only sail through territorial waters, there is no requirement to report), at which point you must go to a specified customs dock, and present your paperwork.
I imagine that the issues for making, deploying and integrating a digital-only passport on a global scale would be much harder.
Can’t tell if the stamper has a plum job or if it’s a punishment.
The problem you'll have is that the stamps may not carry the force of law, so not much help in a pinch.
I appreciated the complete lack of a passport line (going and coming), but got squicked out about the heuristics the system (might) run through before it let me through.
That's where all of this is headed, though.
I think you're overestimating how sophisticated the system is. Most online check-in processes require you to input your passport details. In-person check-in probably results in the gate agent doing something similar. If the arrival airport has this information, it's pretty easy to look up the corresponding face on file (that you provided when you applied for a passport), and use that to generate a list of faces you need to match against. From there, it's only a matter of matching a given face to a face in that set. Moreover, given that arrivals are staggered, that set is going to be relatively small. A wide-body aircraft holds around 300 passengers. If 3 of them arrive at the same time, to the same passport control point, that's only around 1000 faces to match against. That's far easier to do than trying to match against all faces in the entire country, for instance.
It's not inconceivable, however, that the system connects to whatever other dossier(s) have been built against my identity. Even before we consider ML facial recognition by public cameras (probably not yet possible at scale?), the Singaporean SIM card I bought was connected to my passport, which gives them my location: both absolute and relative to anyone I might have spent time around.
I mean, I was a normal tourist, and not doing anything shady whilst I was there, but... False positives exist, and I wouldn't have wanted to have been pulled out of the queue for questioning about something I couldn't possibly have explained.
Singaporeans seem to have a different point of view about surveillance, however. Even the (fairly low-key) human rights activist I chatted with thought it was all great, and said something along the lines of "the cameras keep us safe". "Privacy" as we tend to think about it on this board may be a mainly Anglo-Saxon concern, for what that's worth.
Why do they need a dossier on you when the passenger manifest has your exact identity? Or are you talking about them tracking you in the country after you left customs? Given that passport control is already plastered with cameras, and you need to present an identity document containing your face to enter the country, I'm not sure why people feel extra creeped out by an automated passport control gate. If they wanted to track you they already have all they need.
https://www.ica.gov.sg/news-and-publications/newsroom/media-...
It would be great if we had a universal ID program. Even better if that program also replaced Social Security numbers.
Alas, it'll likely never happen in my life time.
They've been trying to do this, with "Real IDs"
https://www.usa.gov/real-id
Not exactly what you're asking for, but it's more akin to making Drivers licenses like passport cards
What do you if your phone is stolen or broken?
All of that already works and wasn't even revoked for military-aged men for the usual reasons.
Dealing with consulates and embassies is much more pain in the ass compared to redownloading the app and banging in a number of cold restore cases.
No, no I don’t, not for this reason at least. I can have my x509 issued without a phone as well and it works with an opening source library.
I don’t use any of that regularly, but the alternatives I experienced wrre much, much worse.
I have plenty of left-wing friends who refuse to get realids due to something about illegal immigrants and right-wing people hate it because they view it as central govt overreach.
I’m not sure what you’re referring to. Where are you traveling from? I never had my EU passport inked when traveling to the UK or US. Within the Schengen Area I never needed a passport.
Common in/out the Schengen with my UK passport post Brexit - got lots of stamps. Though it varies by country
As an AU passport holder it's been like that for at least 30 years.
The current experiments seem to be fractured across governments and I would be very surprised to see a centralized system (as your response seems to imply) come into play until well after various governments introduce their own digital systems.
Ok so it's not a passport. What is being described by the article are just national identities based on physical cards. Estonia has been doing that for a very long time as well.
Without a paper passport I’m not sure how that would work. They could code it to another piece of identity I guess (like your ID card), but there would still be something unless biometrics become advanced enough.
Everyone is quite keen on maintaining sovereignty on matters like this aside from tightly integrated blocs like EU
I think many men will keep their paper passports with 10 year expiration date. And renew it every year "just in case".
1. I get a Free Smart Phone for use for this
2. The service is Free
Passport books have a 1 time fee and for 10 years in the country I live in. I expect the same for Phone use.
Not much above emotional attachment is free here under the sun.
That’s more than enough for a cheap android phone.
1. https://travel.state.gov/content/travel/en/passports/how-app...
You end up there by being born in the wrong family or part of town.
The level of expectation that your phone is a set of handcuffs that you do not own is high. If you own your device and not vice versa, things just don't work in this world. And honestly why would I want a computer that I didn't control anyway?
In some ways it is the opposite of a "burner" phone - sort of a quarantined device that only interacts with your real, official, legal identity.
> The remote-access computer transponder called the "joymaker" is your most valuable single possession in your new life. If you can imagine a combination of telephone, credit card, alarm clock, pocket bar, reference library, and full-time secretary, you will have sketched some of the functions provided by your joymaker.
The protagonist eventually finds out from personal experience that people who do not have those things (e.g. because they can't afford them) are basically social outcasts, not the least because they can't hold most jobs, or even look for one. But even beyond that, not having the device means that you aren't being tracked means that you can e.g. be murdered without much of a consequence. And so people who can't afford the real thing still shell out money for a mockup of a joymaker to carry on the belt, just so they aren't obvious targets.
The most interesting thing about that novel is that it was published in 1969, long before cellphones or "the cloud" were a thing. A rare case of a sci-fi author taking a contemporary hot bleeding edge tech (remote time-sharing terminals for mainframes) and correctly extrapolating it into the future. Pohl even gave a broadly correct timeframe when he talked about the novel:
> I do not really think it will be that long. Not five centuries. Perhaps not even five decades.
https://en.wikipedia.org/wiki/Flow_My_Tears,_the_Policeman_S...
Additionally, passports don't need to be charged.
Normally a huge fan of a bigger web platform, but will control, coral, and track users and that's a #rfc8890 violation of very high degree.
Digital Credentials API: https://developer.chrome.com/blog/digital-credentials-api-or...
No guarantee, etc - but theoretically still possible as of 2024.
I'm all for digitalizing documents as an option, but not if it means losing physical copies. So far the government has been on the side of not discarding them - we still get paper social security cards.
Sure, you can have a digital passport for purposes of authenticating yourself, which is operated by your national government. Will this government allow the same level of access to the embassy of North Korea or some other geopolitical adversary or just to a random sim card issuing shop in a mall oh the other side of the globe? Maybe they will in the same way corona certificates were implemented. Now will every single place that legitimately needs to have a copy of your id on file be bothered to interface with this system and all slightly incompatible versions of it provided by other governments? Probably not.
And passports are kinda sorta simple to begin with.
Unfortunately we're losing cash. There is one of those modern "chic" mixed-business-and-apartments developments not far from my house. Shortly after they completed construction my 12-year-old daughter visited the ice cream store there with her friends, but she couldn't pay for her ice cream when she got to the register because they didn't accept cash. They ended up just giving her the ice cream.
Most of the restaurants there have a "no cash" policy posted in their windows and at the till. No skin off my back. They're overpriced for what they are anyway, so I'm happy to give my business to other local restaurants not in the fancy mixed-use development.
Credit cards are just chip carriers now. Mag stripe is being phased out. So either you use the chip connection or use contactless. The cards issued by my bank (Australia) aren't embossed and the mag stripes will probably disappear once the banking 3rd world (US + some of Asia) catches up with the rest of the world.
Oh and contactless is literally the same protocol as the contact connections, so "just tapping their phone around" is exactly the same (to the terminal) as "just tapping their card around" or "just inserting their card to read".
Government ID could be done in a privacy enhanced way that only provides the requestor attestation of the required information and nothing else.
eg * "Is this person that just provided an encrypted and unreadable blob from their ID card over 18?" "Yes".
* "Is the person that just provided an encrypted and unreadable blob called John Doe?" "Yes".
The government already has all of your identification from birth to death.
By (mostly) definition, your identification is what your local government says it is.
I have to say though that the guy I spoke to at the Passport Office (a civil servant!) was very nice, and they did git it to me quickly. Never used it again 4 years later, though.
Depending on the legal process in question, another photo ID (e.g. driving licence) may still be needed.
Presumably the 15% of UK residents who have no passport are still able to identify themselves somehow...
The US has passport cards but they only work for land and sea from Canada, Mexico, and Caribbean countries.
But the chip doesn’t contain “everything that matters”. The chips have biometric info (hence the name) like legal name, sex, nationality, photos, and sometimes fingerprints. But the bulk of a passport book is made up of tens of pages where stamps, stickers, and even entire visa documents can be stapled/attached. None of these are present in the chip.
... legal names and nationalities aren't "biometric info" though. Is it fair to say that the chip contains the content of the travel document at the time it was issued (doesn't the chip also include the passport number, issue/expiration dates, etc) but not the stamps/visas that are added after the passport is issued ? I think everyone gets that the chip isn't updated when you get stamped into or out of a country.
Yes to expiration date and number (although afaik it does vary because each country may include or exclude certain information), but in general no, because even if you have a visa issued to you at the time of a passport being issued (like at the time of a passport renewal), the chip will not have that information. The chip information is basically just proving who you are, but doesn’t have any info on where you are permitted to go (other than permissions implied by your characteristics like nationality). That information is stored elsewhere, like in the passport pages or a country’s internal immigration records.
It has all the same fields in one or two lines with "<" field separators.
I've had the chip read, I've also seen the passport being scanned to read those lines.
A passport has two components, one is identification of the holder, the other is the travel (entry/exit stamps) history and potentially the conditions of entry (visas etc).
So despite your cynicism, all governments literally are on the same page about passports.
What do people think organizations like ISO, ITU, ICAO etc do other than exactly this sort of standardization process of human activities that are common across national boundaries?
[1] https://en.wikipedia.org/wiki/Machine-readable_passport
Yeah, sounds good. Again, I hope those days are numbered higher than mine.
The answer: nope, it's almost certainly time for round 2. Plus some forced facial recognition for good measure.
Like I said, I hope the number on those days starts pretty high.
just playing devil's advocate with the way I see it heading
Expecting always on satellite connections in a lot of these places is asking for a lot.
It might be easier than having reliable power grids or running water supply. Assuming at least some of the satellite-internet projects work out (Starlink, Amazon's thing, Chinese thing, European thing, ...) all you need might be a fairly affordable (comparing to infrastructure for running water) hardware that can run on demand using batteries.
AST Spacemobile and Starlink's user experience will just require mobile phones. No adapters or base station. they'll find a way to power them, or extend signal from them. for the passport holder, that will just be client side and no connectivity necessary.
Good luck to the French dude trying to drink in the U.S. without a passport, or getting stopped by the police in Łodz and not having any valid identification on you.
Nowadays, the licenses in the EU are standardized, but at the same time, they are completely unreadable if you don't know the standard, since data fields are numbered, but not usually described in English.
But as others have noted: assuming satellite cellular access is also a big leap. I once had someone check my papers by taking my passport, writing a copy of the entry visa number on it (itself hand-written), and then finding me hours later after they were able to find a landline to call the border service with.
I'm not denying that it's security theater or claiming that it's more meaningful; I'm saying solely that there are physical expectations that are going to be very hard to shake once you go off the beaten path.
https://www.statista.com/statistics/273018/number-of-interne...
I've found that money is more meaningful than anything else to those bored officers. Either they don't actually care that much about your documents, or if they do, they're simply looking for a bribe. At least that's been my experience at out of the way border crossings in southern Africa.
The most ridiculous experience I had was crossing into Zimbabwe with my 11 year old son. The officer wanted to see his birth certificate, which was still in the car that had already been driven across the border. So I had to leave the building, walk across the border, which nobody batted an eye at, get the document, walk back across the border, re-enter the building, and then present the document to the officer who didn't even look at it before letting me proceed to leave the building and walk across the border once again.
So these documents can be checked locally without any form of communications to some central authority (which doesn't exist across national boundaries).
They have visible anti forgery like UV printed symbols and information, underprinted background text and patterns, etc etc.
So they are more "meaningful" than an offline smartphone with a passport app in that they do not require anything other than the officer's ability to see, feel and read the documents.
Even when there's no connection, no electricity, you get some modest layer of security out of "it's hard to manufacture a convincing fake passport if you don't have large-scale resources behind you."
What happens then with app-only passports? Do we close the border crossing entirely until the network is back up? Or do we rely on showing a QR code or NFC handshake that can't be properly verified? I'd think creating a fake passport app that reached those hurdles would probably be easier than getting access to specialized papers and printing technology.
Why introduce new problems? I was bike touring and wasn't carrying a phone. Isn't that allowed?
I like being able to skip all of that. That works too. It's not that hard.
Regardless, I have global entry so I do appreciate the desire to skip a line, but I don't follow how 100% digitization solves the need for checkpoints completely. It just seems like techno utopianism to me.
Edit: It's convenient if you are a digital native, but elderly folks, among others, will not find it easier than a physical passport. The push to require everyone to have a digital device to participate in society is troubling to me.
if this really does somehow become the only option, I'd imagine the best you could do is just carry a cheap android phone for this sole purpose.
I feel strongly that any future digital travel credentials that are offered by governments should be able to operate entirely offline, and provide records that can be retained by the data subject. That means that revocation is harder, but IMO that’s a tradeoff that is worth making to avoid another Windrush scandal.
This has already become a pain when dealing with countries that don’t stamp passports, because when you need to apply for something that asks for your travel history over the past 10 years, you might not have any records anymore.
However, you already have to buy a passport (often for a lot of money) in most countries, so pragmatically, I don’t know that it’s a hugely different thing to ask. However, there’s a big difference for children, the elderly, and people with disabilities.
Immigration tends to stretch human rights though. It costs >10k gbp in visa fees for a British citizen to return to the UK with a non-UK spouse from arrival to settlement. You also need to be earning a fair bit of money, and not have the British partner as a stay at home spouse. I would say that frustrates article 8 ECHR, but the government disagrees.
There are countless examples of similar issues re international travel and immigration. Smartphone ownership is simply one of many.
Ownership of a device simply is not a guarantee you can rest on - even before you get to those who may not be able to use them.
Governments need to make sure that people can access the services that they’re entitled to through a wide variety of channels, including physically visiting an office if necessary.
Though I will say, at a practical level, you will find that it’s increasingly difficult for people with criminal records to travel internationally (due to entry requirements).
"Eligible" means you're able to be elected, but you must still be elected. Different from a passport, you may be eligible to a visa, and at some point an officer is likely going to interview you and decide whether to give you one.
People are entitled to a passport but only eligible to a visa. You can assert what you're entitled to, but not what you're eligible to.
> entitlement implies to me that the person has invested some time and resources in asserting their right
That's only when your title was earned, which not all are; some are born into them.
> I believe eligible is defined as meeting some criteria for, not necessarily being chosen though that could be a criteria.
The confusion may have started when decisions became more automated into "criteria" to be checked for by bureaucrats that no longer have the deciding power they once had (and later further automated by software), but "chosen" is in the latin root of the word. For example, "chosen" in Spanish is "elegido", "choosable" would be "elegible". "Eligible" = "electable" = "choosable". They're all basically synonyms.
Something else about what you said here, for titles that are earned (e.g. naturalized citizens), you don't invest time and resources to assert your right. You invest time and resources to earn the title. When you've earned the title, you've earned the rights that come with it. Having then those rights, you can then assert them. You don't need to expend anything to assert. You just claim them, since they're already your own. For example, if someone says you need to expend time and resources to assert your right to vote when you're already a citizen, that's wrong. Having expended time and resources to become a citizen (or having been born a citizen), it's already your right to vote. You're entitled to a vote.
From the government, paying what is more an administration fee than the actual cost of the good, yes.
This is about principles, not economics.
A smartphone will not satisfy any of these properties.
The 2 sentences making up that article don't really live up to that level of useful detail.
I suppose the real trouble comes from needing to install software from the Google Play store in order to travel. If you feel you need to do that you can create a new Google account just for that installation of the Google Play from the phone itself and then never give it any of your personal information such as a payment method. GrapheneOS claims to do a pretty good job of sandboxing Google Play components.
Regardless I agree with others here who think it should always be possible to travel without any electronics on your person.
And like Linux on the desktop: it offers a better experience for everyone who either has the knowledge to step off the beaten path, or has someone who supports them. But that is just a few percent of people. The rest gets what market forces dictate.
https://github.com/chriswoope/resign-android-image?tab=readm...
I just wish there were a supported and easier way of achieving this. Would love any suggestions.
GrapheneOS is heavily focused on privacy and security. That means we're not going to add massive attack surface or poke huge holes in the security model for very niche things that are not going to benefit the vast majority of users. We provide official support for userdebug builds with ADB root access for people building the OS. Official support includes helping people with their builds in our development room, with the hope that people end up contributing back. People making userdebug builds for production usage should enable ro.adb.secure=1 unlike a regular development build. They should be aware of the security downsides and it's their responsibility to secure the computer(s) they're using for builds, signing and ADB access. ADB access can also be used on the device itself via network ADB which is non-persistent for security reasons.
GrapheneOS is an open source project. Modifying the official binary releases is not the intended way of making changes to GrapheneOS. People are intended to modify the sources and build it themselves. The whole process is only a few commands and can be trivially scripted if people only want production builds signed with their keys.
GrapheneOS even has fully reproducible builds for the OS and we have a community member that's reproducing each OS release successfully. There's only one known issue specific to 8th gen Pixels which has been worked around by them doing the 8th gen Pixel Linux kernel build from a specific path. It should be resolved already by Android 15 QPR2 that's currently in Beta due to it moving to the 6.1 kernel used for 9th gen Pixels for 6th/7th/8th gen Pixels too.
You should use our official instructions for building and signing the OS. We provide official support for it including helping people with it in our development chat room available via Discord, Matrix or Telegram:
* https://grapheneos.org/build * https://grapheneos.org/contact#community-chat
Building GrapheneOS is far easier than trying to modify the official releases. It's not hard to build and doesn't have a lot of dependencies on the host OS since it uses the standard AOSP build toolchain for reproducible builds. It takes around 40 minutes to do a full build of the OS portion of GrapheneOS on a recent 16 core AMD gaming CPU and half as many cores won't actually take twice as long since scaling isn't linear. It takes under a minute to do most incremental builds for testing changes after the initial build.
If you make your own builds, you don't have to modify anything to have root access via ADB. A userdebug build has root access in the Android Debug Bridge (ADB) shell via a su executable along with support for adb root to run ADB itself with root access so every command has it available including the shell, push and pull. You should enable ro.adb.secure=1 for a userdebug build if you intend to use it in production to enable USB-based ADB authentication like a regular user build. You should be aware userdebug reduces security through poking a lot of holes in SELinux policy in order to provide root access and the ability to disable dm-verity while unlocked.
Your own builds will not connect to releases.grapheneos.org for updates. If you want updates, you need to enable the Updater app by exporting OFFICIAL_BUILD=true after changing the URL to point at your own static web server. It's very easy to set up an update server and we publish official documentation and the sources for our services. We don't outsource our update systems to mirrors for privacy and security reasons. The app releases, OS releases and app repository metadata are signed with downgrade protection but that doesn't mean a mirror system is a good idea.
Here's a list of all default connections made by GrapheneOS:
https://grapheneos.org/faq#default-connections
Here's where you can get what you need to host all of this yourself, which is quite straightforward and easy:
* https://github.com/GrapheneOS/releases.grapheneos.org * https://github.com/GrapheneOS/apps.grapheneos.org * https://github.com/GrapheneOS/grapheneos.network
You can choose to host only the network services and use our official app repository. If you rebuild one of the apps we update through there, just change the app id so it won't try to update it.
The services need to be updated before an OS update depending on changes to the APIs which are documented in the official release notes. For example, Broadcom GNSS moved to a new format for part of the PSDS data. It's all in 1 repository (grapheneos.network) if you don't host app and OS updates. You can host all this stuff on 1 server but we use separate ones for network services and updates since the load is so dra...
(As an aside, I've been very happy to see you are still involved with the project!)
> GrapheneOS has a built-in encrypted backup system
Do you mean seed vault? It's really not satisfactory. For one, I should be able to encrypt my backups with any key of my choosing, on a hardware token if I so choose, not be forced into its silly codeword system or nothing at all. AES, gpg, and X.509 compatible support would get you all of the way there.
Even just letting backups be exported unencrypted, so I can easily and automatically use a trusted device to encrypt it the way all my other data is would make it so much more usable.
Frankly, the current implementation just reads as one of those ridiculous things trying to force the uneducated/uninterested to be secure, with no escape hatch for people who actually know what they are doing, nor for enterprises who need secure mobile devices, but also know an end-user will /never/ successfully take a backup on their own.
It's something we can consider in the future. We do plan to make our device management system with a unique approach not available elsewhere in the industry. We'll wait until we have it implemented to explain it.
We have funding to continue expanding the project and need to focus on that before trying to get funding in more ways than donations. We've been successfully expanding the development team. It's the non-development aspects which are barely in place.
Bear in mind our open source project has been around since 2014 but the non-profit organization was only formed in March 2023. There was a false start through forming a company in 2015 to support the project, then having it go off the rails and try to take over the open source project followed by years spent trying to destroy the project when that didn't work. It resulted in a lot of lost time, energy, money and opportunities. From a development perspective, GrapheneOS is a very mature project. From an organization perspective, we're still rebuilding from what happened in 2018. The focus is very much on development and building out the non-profit isn't easy for us.
> It's really not satisfactory.
We know it didn't turn out the way it was planned. Someone made the initial implementation for our use based on our design specifications and input. It was meant to become an official GrapheneOS project. We gave our design concepts to someone who began working on it, but the takeover attempt in 2018 lined up with this in a way that it got derailed. Today, this backup project is controlled by people directly involved in the takeover attempt and subsequent attacks on GrapheneOS. Believe me, we're not fans of the project and intend to either incrementally rewrite it or outright replace it.
The basic concept we created was an encrypted backup system able to support local backups, backups to an external drive, direct transfers from one device to another, arbitrary sync providers, etc. There was a whole vision for what it was meant to be but only certain aspects of it got implemented and mostly not in the way we intended at all. The fact that it exists acts as a barrier to making something better because we don't want to rip it out and start over with something not fully functional. It's easier to start a new project to add a missing feature than to figure out what to do about replacing an incomplete and low quality implementation of what we wanted from this. We need to figure out a whole migration plan away from it to something new where the old system doesn't go away until the new one at least does what it can do better.
> silly codeword system
It's a standard BIP39 seed phrase. It was meant to be a lot less limited than it is. There was a vision for what it should be which was partially communicated. The current team working on it doesn't understand the original vision for it and is not capable of creating something on the level we wanted to have.
I don't think the UK (Or US, other other European) government are too torn up about the possibility of another Windrush scandal.
But I generally agree with you. A physical passport offers a degree of psychological and real "security" that the promise of some cloud-hosted credential absolutely does not.
As a minor aside, I (US citizen) was once able to able to enter the US (at Toronto Pearson airport) despite having left my passport in some hotel. I just told the stern American guy "Yo soy American." Apparently they have ways of telling.
How offline is the current system today, where officers swipe/scan our paper passports into a machine?
This is the same thing I am against a cashless society where the society no longer accept physical cash. And in 2012, and later 2014 when Apple Pay was introduced all the way to 2017, 99% of HN were in support of getting rid of physical cash.
In times of disaster, the people welding paper along with the people who can trade on their street cred, familiar friends, family, will get stuff, do necessary business.
Everyone else will be essentially panhandling.
Mind you, not a damn thing wrong with panhandling. That is not a crime.
My point is to avoid having to do that where possible and practical.
my passport has been through a washing machine accidentally and i can still present it in the remotest of countries no matter the internet or whatever, and it works
in the US, yes they are switching to face recognition and often they barely even look at the passport anymore. I enjoy the convenience of that, but i don't wish to share this data with all the countries in the world, nor to be on the hook for having a connected device everywhere in the world for basic movements.
So having digital vs physical passports opens no new avenues of private data sharing with regimes you might not trust: they already have a right to demand any kind of data they want about you.
One reason I dislike such digital ID schemes because I can't actually tell what information (or metadata) is being forked over. Even if it does purport to show me, I'm just supposed to trust what it says?
No thank you. A piece of paper provides a common format that's easy for both me and the official inspecting it to understand.
Like the information on my visa application, or the fingerprints collected at that time, or my travel history, hotel stays, and so on.
Data does not have your be "in the passport" to follow me around.
Honestly I don't see any other way. Else it becomes a paradise for forgery.
Mafias all around the world will buy expensively any valid or even used identity document just for this purpose, i.e. to study it and perfect their forgery skills.
The process you witnessed is a remnant of the past, a feature of the necessary transition period, and I hope it disappears soon, because that's a giant gaping security hole.
Thanks to all those biometric data, in case of a problem, the process will be much more reliable using the database than using old fashioned paper IDs.
Also, all these tests are very fast to perform (excepted maybe DNA tests), much quicker than the unreliable administrative cross-checks that were performed until now when there was an ID issue.
Note: USA "paper" passports have included an RFID chip since 2007.
Those who control the public opinion know that there's some opposition who confuses the problems with the conflict. They laugh since no one who thinks legislation like in the link would be generally bad can do anything. The ignorant will vote what the Orwellianishly-named "smartphone" will command them.
In the next five years, it's likely the option to stab the kings will be for the first time removed, since robotic militias will mean no insurance CEO can simply be shot. This means there will be zero limits to what cruelty they'll do you, since no matter how torturous it gets you'll be unable to even violently resist this. You'll have no democratic mouth, but you must scream. Completes cyberpunkization well.
---
Aside: US drones + US satellites that enable global connectivity of drones was a rather obvious consequence of Starlink ~4 years ago. If they really want some person, they now can search most of Earth in few hours with the drones + computer vision, and soon with land robots, all connected through Starlink (starshield to use the euphemism). The irony is how this at the same time solves the connectivity problem.
In Europe traditional news sources there got economically slaughtered & replaced by few big online 1995-2005. This qas a consequence 1970s & 1980s academic networks working closely with US on web, and US then doing what it did with Google.
If you can influence what ends up in the social media feed of those deciding about university curriculums and/or most politicians, that's quite powerful also.
In Russia & China, there seems to be less hidden, less culture of valuing "free media."
---
That public opinion "matters" but gets shaped is very plausible if you consider that most of history it didn't matter unless the public got very angry.
Century of Self describes the process before Zuboff.
One might argue that control of public opinion was originally more psychoanalytic idea, and then became more Skinnerian with computers.
> US drones + US satellites that enable global connectivity of drones was a rather obvious consequence of Starlink ~4 years ago.
One would probaby be safe from the US in Serbia, Transnistria and other non-US friendly places for a while, given enough bribe money. The US won't sneak drones into sovereign airspace without another state's approval even if they're looking for high level targets such as Osama bin Laden, Al Baghdadi, Qassem Soleimani. We are not talking about failed states or states in civil war like Syria, Libya or atates under US assistance like Iraq here.
The only place where you'd stand a serious chance is Russia, if there's political backing. (see Snowden, Marsalek et al.)
Canada, at least, already uses an ETA system called exactly that (or I guess TAE in French), so that probably had greater influence than the US ESTA.
It’s a part of a wider trend going forward. I will say the UK/EU systems are fairly unique in that they aren’t excluding each other. Canadians don’t need ESTAs nor do Americans need Canadian ETAs
Airport WiFi - people can easily run deauth with aircrack-ng. Email server might be down Phone out of battery Etc
It's digital in the sense that it's electronically stored against your passport number, and the UK Border Force can see it just by scanning your passport.
Then, the digital passport's ship has already sailed for better or for worse, and all these questions are solved in other ways.
> when the Home Office messes up and accidentally deletes your immigration status
You're toast either way, because it will be checked at the airport. You'll have to deal with the immigration officer and have them do something, because you won't go very far with just a paper that will be checked against the backend. In my experience it has already been the case for a while now.
You still better have the reference paper that will help identify your visa procedure, dates etc. But it's already just a key to the info in the DB.
> you will no longer be in possession of any records
Print out the papers and keep track of the important pieces. It's the same for everything else in your life, including tax documents, birth certificates etc.
Even in the olden days, the papers you had only had value against the agency's record that could prove their validity. If you had to prove residency in some specific period, having a stamp on your passport would mean very little if the agency denied having any records of it. So it's exactly the same weight as if you printed out a certificate while the DB blew out and no data about it are left.
PS: I think in previous time people were also so much more lenient. It wasn't much a question of physical papers or not, and more on how much few people cared if your info was valid or not. I had an error in my name in many official documents, and while people noticed it, a simple "they typed it wrong" explanation was enough in 99% situations.
The home office rather notoriously destroyed/never kept its own records of arrivals of commonwealth citizens, which was one of the steps leading to the Windrush scandal.
Many older records only exist in paper form, and often the receipts are good enough. This is especially true when you’re dealing with 3rd party governments. A foreign government is going to put a lot more stock (rightly or wrongly) on a birth certificate that is printed on fancy paper covered in security features than it is to a printout of an email.
Also yes fancy paper is more valued than junky ones when nothing else remains, but random printouts are also provided everyday, and they're fine with it. At the crux of it, the foreign gov usually doesn't actually care that much about your birth certificate: they want due diligence at most, even if they'll have a more strict public facing facade. It's cross referenced only when it really matters (e.g. you're trying to get citizenship or a background check for security clearance ?)
That's not true. For example, Jews (or people who wouldn't be always considered Jews, but those who would still fall under the Law of Return) have to produce some kind of document which states that their ancestor was Jewish. Often these documents were issued by authorities that no longer exist. And it was up to immigration authorities to decide whether they trust such a paper or not. Basically, anything coming from Western Ukraine prior to Soviet occupation would be issued by such authorities, same with Baltics.
Unrelated to above: a lot of databases are only required to store their records for so long. For instance, the transcripts from most colleges can be produced within 10 or so years after graduation. Then it's like they've never existed. So, if for whatever reason you need to show your grades later, you better have a paper version.
Just to give an example of a document that I know had been submitted in this situation. A graduation certificate from a Jewish girls gymnasium in Vilno. The city has changed name since then, there's no such street address, there aren't any girl schools, definitely not gymnasiums, let alone Jewish. The building that used to be the school was destroyed in WW2. So, there's nobody who can vouch for the document. Maaaybe you could somehow find an index of all such schools that exited in the year of graduation, but even this info might not be available.
During WW2 a lot of civil records have been lost, especially in smaller towns / villages. Sometimes it was deliberate, especially if it was a Jewish settlement. It was common for Jews in the military to try to erase any trace of their ancestry, as regardless of how poorly the Red Army PoWs were treated, Jews and Communists would've been executed immediately. So, destroying records indicating such connections and forging personal documents was a common case. Now that people try to recover any traces tying them to their ancestors, they often have very little to rely on. Like, receipts from donating to a synagogue, or permits to start a particular business (typically associated with being a Jew) etc.
* * *
Another funny memory I have in this respect: in the 90's I was queuing in a bakery in some central part of Lviv. A man behind me overhead me speaking Russian (which wasn't very common at the time, since Lviv citizens frowned upon it, and mostly spoke Ukrainian), and decided to ask me if I know where Adolf Hitler street was.
My jaw dropped. But, the man pulled out from a pocket a triangular letter (the kind soldiers used to send during the war) with the address specifying exactly that. Apparently, the carrier of the letter was looking for his long-lost friend whose last known address was in Lviv, on that unfortunately named street. And since Lviv was seen as being quite radical in their way to dedicate streets to questionable historical figures, the old man believed that they might just have such a street...
Anyways, some locals overheard our conversation, and soon we discovered that the street in question was indeed named after Hitler during the German occupation, after Soviet occupation was renamed the Lenin street, but historically was called Lychakivska (and that was its current name, restored in the recent years).
* * *
Another similar story involves my dad's friend who was born in the 30's when the Soviets and the Nazis had a love affair. So, this guy was named Adolf, yes you guessed it, after the Austrian painter. He was Jewish. So, after the love affair ended, he sought to change his name. But you cannot change the name on the birth certificate. Also, his school graduation papers etc. all had him as Adolf, and that's how his family called him. Sort of. (I knew him as "uncle Dolik".) Not surprisingly, there wasn't much of a record of him changing his name to Alexei :) and he'd routinely get in trouble with all kinds of authorities, police when checking his driver's license, paying electricity bills etc.
Similarly, in Western Ukraine, prior to Soviet occupation, it was customary to give two names to children. Eg. my grandmother was Daria Anna. But the Soviet system didn't acknowledge this, and only one name could go into the passport / city records. So, she became Daria. At first. Then Dariana. And after having all sorts of documents, she was in a very tough spot proving ownership of her apartment, because it wasn't possible to tell (from the authorities perspective) whether Daria Anna, Daria and Dariana were the same person. Add to this that in order to preserve some of the family property she and her remaining relatives tried to mud the waters around these documents. Eg. to avoid partitioning the apartment she'd claim to have...
It hurts me. Everything going so far backwards.
At least once a week I have to screenshot something on iOS and use the new Photo OCR feature to copy and paste it out of the image. I wish I was joking.
It’s a little disconcerting because you’re literally one „computer says no“ incident away from not being able to return to your own bed.
Literally zero paperwork was issued to fall back on so you’re entirely dependent on a DB server somewhere
Probably going to get a UK passport too just to manage risk. (Already qualify)
Travel to the UK is going to be really chaotic from 1st Jan when all BRPs expire, and 8th Jan when US citizens and other non-EU nationals require ETAs.
From HO website: "You may be able to use your expired BRP to travel to the UK until 31 March 2025 if both: your BRP expires on or after 31 December 2024. you still have permission to stay in the UK."
You might be able to bully them into accepting them because it’s in Timatic but there will be British residents who are blocked at least temporarily because of this.
Russian visas are machine-readable since 1997 to ease the DB request.
If so I'm going to be the one asshole who presents the document on my laptop just because I don't believe that people have the right to invite themselves onto my phone.
> Address the massive amount of data from passenger digital devices
> Collect all relevant data from every available data source uncovered at the border
https://cellebrite.com/en/border-security/