In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?”

“I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

  • @[email protected]
    link
    fedilink
    11 day ago

    For the most surface level concerns like risking them accessing any app on your phone, you can enable app lock on those that support it. Usually the most sensitive do: WhatsApp, Signal, banking apps and others.
    If they don’t, take advantage of the private space which locks apps until you unlock, and you can relock whenever you want

  • @rottingleaf
    link
    11 day ago

    I’m thinking of going stoic and dropping anything Android, but this would require setting up an emulator working good enough for WhatsApp, Google Authenticator, MS Authenticator and probably something else.

    • @[email protected]OP
      link
      fedilink
      12 days ago

      and they accept that as a valid id? I mean in a store ok, but a public official? It’s incredibly easy to make a fake screenshot

      the digital version of id cards are glorified qr codes: they scan it and their device downloads from the government servers the official version. Or, for offline usage: the qr code contains all the data, signed with their key, they check if the signature is valid

  • @[email protected]
    link
    fedilink
    233 days ago

    Why is nobody mentioning that by installing it and authenticating, there is sweet fuck all you can do to stop them tracking your movements and downloading your whole address book so they can see who you Associate with?

    Taking the phone isn’t the problem if they are already in it.

    • @[email protected]
      link
      fedilink
      183 days ago

      You have to explicitly allow that, at least on android. However, most people hit allow and don’t think anyways :/

      • @stetech
        link
        43 days ago

        iOS too. Permissions can even be given only while the app is active if it “requires” them, or for location for example an approximate one is sufficient.

        • @[email protected]
          link
          fedilink
          23 days ago

          Yep, but there was some news about that recently. Apparently their security doesn’t quite work as it should. Perhaps that’s been fixed by now, but then again, Apple does not have a great reputation there.

    • @EarJava
      link
      83 days ago

      In most phones it is possible to set permissions (to contacts, locaton, etc) for every app.

    • @bokherif
      link
      23 days ago

      Honestly, I wouldn’t worry about all the comments discussed here. Mainly because the governments already have access to everything and I mean EVERYTHING. They will get a subpoena in under a minute if they want to check something regarding your digital life. Not condoning it, just a fact of present life.

      • @UnderpantsWeevil
        link
        English
        1
        edit-2
        2 days ago

        Mainly because the governments already have access to everything and I mean EVERYTHING.

        There’s limits, largely around the speed and accuracy by which data can be ingested and processed. You can look for everyone somewhere sometimes and someone everywhere sometimes and someone somewhere at any time, but it takes a ton of digital resources to monitor everyone everywhere all the time. For the data to be meaningful it has to be interpreted.

        Manned checkpoints allow local state actors to make decisions in near-real time relative to immediately present information. The classic example is someone with a stale warrant or notice on their record. The sheer volume of delinquents makes pursuing every individual troublesome, but as soon as a known offender steps across a checkpoint the police can pounce on the individual offender in that instance. If you’ve got a five year old traffic ticket, a police officer can be in your face about it as soon as they run your ID.

    • @[email protected]
      link
      fedilink
      13 days ago

      fwiw, my state’s mobile id app doesn’t even ask for the location permission. so maybe some, but it’s not universal

  • Matt
    link
    fedilink
    133 days ago

    Nah, I’ll just carry my ID card around.

  • @UnderpantsWeevil
    link
    English
    83 days ago

    That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

    Bare minimum, it would take a substantial amount of time and resources to harvest data from every phone of every driver passing through a particular checkpoint. Not that I’d ever recommend handing over my phone to a cop, but this kind of data transfer isn’t trivial. And its not clear what a street cop is going to do with 10 GB of accumulated vacation photos.

    On the flip side, if you have an Automatic Backup feature on your phone, its going to a cloud computer somewhere. And that cloud computer is almost certainly compromised by the state digital security agency (and probably a number of foreign security agencies). At that point, it doesn’t matter if you’ve got a physical id or a digital one, just knowing who you are is enough to tie you back to that digital archive.

    But… again, what is it that front-line state agents are planning to do with all this data? That’s never been made particularly clear.

    • @[email protected]OP
      link
      fedilink
      11 day ago

      it’s more like searching messages for some keywords, then use the result to justify a full car search

  • @Tattorack
    link
    1124 days ago

    Pretty sure they’re not supposed to take your phone. The point of a digital document is that you don’t have to hand in anything. Scan the QR code and they can run as many background checks on the data they want. You’ll still have your phone.

    • @[email protected]
      link
      fedilink
      974 days ago

      Not supposed to != wont. Police regularily do things that they arent supposed to and as long as people naively consent by giving their phone they can get away with whatever they want i would think.

      • @Tattorack
        link
        -144 days ago

        Then sue them. You have the right.

        • @[email protected]
          link
          fedilink
          314 days ago

          In my country you cant Sue, only complain. But you complain to the instance you complain about. Eg police is handling complaints about the police. Besides that. For most people sueing isnt something you just do

          • @JubilantJaguar
            link
            134 days ago

            Of course you can. You said you live in Europe.

            Unless you live in Russia or the Vatican, that means your country has signed the European Convention on Human Rights, of which article 8 commits it to respecting your privacy.

            So, sure, you’re not going to bother suing. It’s not that important to you. But let’s go easy on the helplessness of “In my country you can’t do that”. Yes. You can do it.

            • @[email protected]
              link
              fedilink
              English
              212 hours ago

              Wonder why you are getting downvoted as this is a perfectly legitimate point. Are they just not in Europe or something?

              Or who knows, they really could be in the Vativan, stranger things have happened. But I don’t know why they would mention those circumstances without qualification that they are special circumstances. Kind of burying the lede there.

  • @[email protected]
    link
    fedilink
    83 days ago
    1. Do not have a mobile device
    2. Do not install anything proprietary or governmental on that device you don’t have
    3. Use borderline secure (GrapheneOS) OS on that device you don’t have and don’t unlock it if demanded unless your health and/or life is in danger
  • Virkkunen
    link
    fedilink
    664 days ago

    In Brazil, the officer just uses their own phone to scan a validation QR on the ID app, at no point your phone leaves your hand and in a few seconds the officer has what they need. Shouldn’t this be the case in the EU? AFAIK the officers only take your physical ID to check the number, so if you’re using the app they shouldn’t need to confirm that as the info is already validated

    • @[email protected]
      link
      fedilink
      274 days ago

      Isn’t it impressive that we in Brazil sometimes create the best and most simple solutions to problems, but no one will imitate us and will keep insisting in their problematic systems, because we are the third world and supposedly can’t get anything right? It’s sad when we end up replacing our own good things, because even we think we’re inferior in everything and can’t come up with a good solution for anything.

      • Virkkunen
        link
        fedilink
        94 days ago

        Say what you will about the country, but gov.br and PIX put everything else to shame and no one even came close to something like that

      • @[email protected]
        link
        fedilink
        23 days ago

        For all that Russia is an imperialist police state, our e-government services are pretty slick too

    • @[email protected]
      link
      fedilink
      English
      14 days ago

      As op said, the whole point is to get you to hand your phone over unlocked. Thats the point.

      • Virkkunen
        link
        fedilink
        04 days ago

        But you’re not handing your phone over, it stays in your hand and if there’s a QR code to scan they’ll scan it with the phone in your hand

    • @atrielienz
      link
      English
      04 days ago

      I believe EU also requires that you give up login credentials if they are biometric in nature. Meaning if you use a fingerprint reader or face unlock you are required to provide that to law enforcement when asked. So either way if they want your phone’s contents they can get it.

      • @NotMyOldRedditName
        link
        5
        edit-2
        3 days ago

        They need a warrant or probable cause for that, but yes they can compel it unlike a password. It’s still a search and needs to be lawfully done in the first place.

        • @atrielienz
          link
          English
          2
          edit-2
          3 days ago

          Yea but that wasn’t the point of me pointing it out. The point was that they don’t need to resort to such measures in order to clandestinely acquire your unlocked phone.

          • @NotMyOldRedditName
            link
            1
            edit-2
            2 days ago

            Right, but they can’t just do it without reason which he was implying, and he replied to me with

            “Yea but that wasn’t the point of me pointing it out. The point was that they don’t need to resort to such measures in order to clandestinely acquire your unlocked phone.”

            In this case he was on parole where they have the right to search him. That mention of blood draw etc, you’re already under arrest and they can search your person anyway.

            I’m not aware of any law where a cop can walk up to you on the street and demand they unlock your phone with biometrics and search it without cause.

            • @[email protected]
              link
              fedilink
              English
              1
              edit-2
              12 hours ago

              On re-reading that other guys comments, they just make no sense. You are right to draw your distinction, because this thread is being strangely vague on details and trying to encourage conspiratorial thinking without specifics.

              That said, I think the core concern can be rephrased in a way that gets at the essence, and to me there’s still a live issue that’s not relieved simply by noting that this requires probable cause.

              What’s necessary to establish probable cause in the United States has been dramatically watered down to the point that it’s a real time, discretionary judgment of a police officer, so in that respect it is not particularly reassuring. It can be challenged after the fact in court, but it’s nevertheless dramatically watered down as a protection. And secondly, I don’t think any of this hinges on probable cause to begin with, because this is about the slow creep normalization of surveillance which involves changes to what’s encompassed within probable cause itself. The fact that probable cause now encompasses this new capability to compel biometric login is chilling even when you account for probable cause.

              And moreover, I think there’s a bigger thematic point here about a slow encroach of surveillance in special cases that eventually become ubiquitous (the manhunt for the midtown shooter revealed that practically anyone in NYC is likely to have their face scanned, and it was a slow-creep process that got to that point), or allow the mixing and matching of capabilities in ways that clearly seem to violate privacy.

              Another related point, or perhaps different way of saying the same thing above, is that this should be understood as an escalation due to the precedent setting nature of it, which sets the stage for considering new contexts where, by analogy to this one, compelled biometric login can be regarded as precedented and extensions of the power are considered acceptable. Whatever the next context is where compelled biometric login is considered, it will at that point no longer be a new idea without precedent.

              • @NotMyOldRedditName
                link
                1
                edit-2
                12 hours ago

                That said, I think the core concern can be rephrased in a way that gets at the essence, and to me there’s still a live issue that’s not relieved simply by noting that this requires probable cause.

                Well ya. The whole thing is really fucked in the first place. It’s very disturbing that it was ruled they can compel biometics in any circumstance.

                In a far off future, this ruling would probably even allow a mind reading device to figure out a PIN, which would be protected, because they didn’t force you to say it, and reading electrical signals isn’t really any different than reading ridges on a finger.

    • @[email protected]
      link
      fedilink
      23 days ago

      your phone isn’t safe from anyone unless it’s been restarted since last unlocked, and is reasonably new. they have exploits for after it’s been unlocked incl while things are pinned

  • @[email protected]
    link
    fedilink
    93 days ago

    that’s odd. in south africa while we don’t have a digital license the physical ones do have a code. they scan the code and that’s it. they never take the license unless they asking for a bribe.

  • @[email protected]
    link
    fedilink
    354 days ago

    They don’t need to take your phone with them. They literally can just scan the code, because it sends all the info to their screen, that they were gonna look up anyway.

    No way the government implemented an app for this use case. That’s extremely inefficient.

    I thought you actually tried, that they took your phone?

      • @MutilationWave
        link
        13 days ago

        But do you trust them to follow the law? I certainly don’t.

    • @stetech
      link
      1
      edit-2
      3 days ago

      Couldn’t these apps also use the Android/iOS’ wallet manager which allows handing it over unlocked while the phone is “closed” (not necessarily locked, though…)?

      • @[email protected]
        link
        fedilink
        22 days ago

        I don’t know if they could, because they will probably compromise all information into the wallet.

        But it’s a good idea. I hope that it can be implemented like you said in a secure way.

  • @voracitude
    link
    204 days ago

    You’re absolutely right about the danger of giving up your phone, if the police wanted to take it from you. By sticking with traditional documents you remove any pretense they might have to try. It is not a stupid call, it’s just less convenient - but then, security is always a compromise with accessibility.

  • @Sam_Bass
    link
    83 days ago

    Convenience always has a cost