In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check.
I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license.
Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one.
They took it and went back to their patrol for a full five minutes while they were doing background checks on me.
That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.
What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?”
“I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.
And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation
Immediately uninstalled the government app, went back to traditional documents.
They don’t need to take your phone with them. They literally can just scan the code, because it sends all the info to their screen, that they were gonna look up anyway.
No way the government implemented an app for this use case. That’s extremely inefficient.
I thought you actually tried, that they took your phone?
Illinois at least passed a law to limit the consent given when using a digital ID with a police officer such that they’re ONLY allowed to use it for ID and not snooping, but that’s the only state to do so.
https://www.eff.org/deeplinks/2024/10/should-i-use-my-states-digital-drivers-license
But do you trust them to follow the law? I certainly don’t.
Couldn’t these apps also use the Android/iOS’ wallet manager which allows handing it over unlocked while the phone is “closed” (not necessarily locked, though…)?
I don’t know if they could, because they will probably compromise all information into the wallet.
But it’s a good idea. I hope that it can be implemented like you said in a secure way.