In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check.
I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license.
Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one.
They took it and went back to their patrol for a full five minutes while they were doing background checks on me.
That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.
What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?”
“I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.
And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation
Immediately uninstalled the government app, went back to traditional documents.
You’re absolutely right about the danger of giving up your phone, if the police wanted to take it from you. By sticking with traditional documents you remove any pretense they might have to try. It is not a stupid call, it’s just less convenient - but then, security is always a compromise with accessibility.
NSA has all your info already anyway
more certainty and specificity is more betterer
They went as far here in Ukraine as making some services exclusive to those who have the app. The official government app for digital documents and services, Diia, also has stupid integrity check, which makes it unable to be installed from Aurora Store, which makes me cut out from such services, because I don’t have Google Services installed. By the way, there are Google trackers in the app.
The IRS (tax authority) in the US has Google trackers loaded into the DOM including pages listing your Social Security number too, yikes.
Yeah, welfare here is mostly app/phone based. You can technically get around it, but it requires visiting a dwindling number of centres very regularly and waiting in long queues.
Not in Australia where it is illegal for the police to touch your phone.
They can compel you to reveal your password without a warrant but can’t touch your phone? Is that a state law?
Dont we have a right to a lawyer and to not self incriminate? Surly they need a court order to compelled u to reveal ur password?
https://www5.austlii.edu.au/au/legis/cth/consol_act/ca191482/s3la.html
It does require a court order, but notably you do not need to be suspected of a crime.
Dont we have a right […] to not self incriminate?
Not that I’m aware of, but if you find otherwise, let me know!
It requires a magistrate to issue an order at least. But yeah seems we are fucked. Is there any way one could devise a method to which it is literally impossible for you to provide said information if u dont want? Like could u tie unlocking to somthing they cannot legally compell u to do without violating ur human rights?
On iOS you can enable Guided Access and restrict what one can do, for example disable touch and lock it to an app, until you enter a Code. I imagine Android will have something similar.
This obviously doesn’t protect against electronic forensics, but it does protect against just opening different apps and searching through the phone manually.
Yes, Android has app pinning. But they still have access to anything the app gives them.
They can see my ID on the phone. But if they want to take it, then no, I don’t have that ID on me. But then, I live in the US where digital ID isn’t valid.
You can block off certain sections of the screen, or disable touch completely. If all the info they need is on the screen just make it so they can’t tap anything.
It is valid in some states. OP raises an excellent point. I live in the U.S. and have the digital ID on my phone, but I won’t be handling it to law enforcement. I’ll make sure I have the physical copy when I’m driving.
They don’t need to take your phone with them. They literally can just scan the code, because it sends all the info to their screen, that they were gonna look up anyway.
No way the government implemented an app for this use case. That’s extremely inefficient.
I thought you actually tried, that they took your phone?
Illinois at least passed a law to limit the consent given when using a digital ID with a police officer such that they’re ONLY allowed to use it for ID and not snooping, but that’s the only state to do so.
https://www.eff.org/deeplinks/2024/10/should-i-use-my-states-digital-drivers-license
But do you trust them to follow the law? I certainly don’t.
Couldn’t these apps also use the Android/iOS’ wallet manager which allows handing it over unlocked while the phone is “closed” (not necessarily locked, though…)?
I don’t know if they could, because they will probably compromise all information into the wallet.
But it’s a good idea. I hope that it can be implemented like you said in a secure way.
I’ve always just shown a scan of my ID on my phone. It’s just a picture?
Don’t get me wrong, it’s great that you figured this out. But why did you not consider this sooner? Wouldn’t it have been obvious that you would have to have the phone unlocked and that having a police person have any access to an unlocked device would be a real problem?
What’s obvious to you may not be obvious to other people?
Likewise, what’s obvious to you at one moment may not be obvious to you at another, simply because you’re thinking about the situation from a different angle.
If you use an android phone, just create a separate account on your phone just with the apps you want the police to see. No email, photos, social media, or anything. This way you can switch to the restricted user before giving the cop your phone.
That’s a limitation in your countries implementation then. The owner must have full control of what data to present or at least category based requests.
Meanwhile, there’s me who just likes paper versions of this stuff because I like to be able to order a backup hard copy just in case something happens to the first one.
Wait, what? There are countries that let you have multiple valid copies of the same ID??
Sorry, my bad. I meant more stuff like the birth certificate and other vital documents. I really should’ve specified.
(I swear I’m not a dumbass sometimes.)
That stuff becomes a moot point once you have a decently working bureaucratic system (if and when). If you can ask for a digital certificate online, and get it in your email three days later, you’re not too worried about losing a copy.
On the other hand… I swear to you that multiple times, I have had to present “a birth certificate that was less than 6 months old”.
As if the time and circumstances of my birth might have suddenly changed in the last year.
Containerized apps on Android when?
That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.
Bare minimum, it would take a substantial amount of time and resources to harvest data from every phone of every driver passing through a particular checkpoint. Not that I’d ever recommend handing over my phone to a cop, but this kind of data transfer isn’t trivial. And its not clear what a street cop is going to do with 10 GB of accumulated vacation photos.
On the flip side, if you have an Automatic Backup feature on your phone, its going to a cloud computer somewhere. And that cloud computer is almost certainly compromised by the state digital security agency (and probably a number of foreign security agencies). At that point, it doesn’t matter if you’ve got a physical id or a digital one, just knowing who you are is enough to tie you back to that digital archive.
But… again, what is it that front-line state agents are planning to do with all this data? That’s never been made particularly clear.
That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.
Do they actually take your phone when you present it to them for digital ID? They don’t scan it and bring up the same information on their scanner?
No they don’t, they just scan it and dont take the phone. But of course, they could.
What’s the possibility and legality of something like getting implemented in the US?
drivers licensees are by state and my only federal id is my ss card which doesnt have my picture or any current information. i dont think it would work as well here since you would need 50 different apps