Replacing driver's licenses with QR codes for physical interactions, on the other hand, doesn't seem to solve for much. We have a similar system in Colorado and I've never found any value in it; bars and liquor stores are under no obligation to accept it, so they don't.
Right now, bars/clubs will scan my ID and have all my information (name, birthdate, etc). They don't need that. all they need is a yes/no that I'm over 21.
Not saying I agree with it but in many cases we're beyond the binary check.
We’re quite close as a society to not needing a wallet at all and instead it’s sufficient to have your phone or smart watch with you. Modern iPhones conceivably can even have a dead battery and still provide your ID information.
Btw this is an ISO standard that has good participation from relevant regulatory bodies for some of the largest countries so this will be the standard everyone adopts.
Anyway, for anything to work in the US, there needs to be an incentive for businesses to use this system, and right now, there isn't one for point-of-sale driver's license use, in my opinion. It's technology (perceived as unreliable, slow, expensive) that can break, vs. looking at an ID, which isn't without its faults but is a simple system everyone understands.
If there were a really fast, simple, cheap, readily available system for age verification which was pushed to bars, I could see this system catching on, but "limited private pilot programs" aren't it.
And that's pretty much my point - starting with places where technology is already required (banking etc.) makes more sense in many ways than starting with driver's license replacement. The issue here is that the horribly broken identity system in the US is Federal (Social Security) while these electronic systems are State.
With the way the US works, there needs to be an incentive for businesses to use these systems, and I haven't seen an implementation with this focus yet.
Bars would probably like to spend less resource teaching their bouncers and staff to read fake ID tea leaves, but they also can't afford a system that breaks, or is slow or expensive. On paper, these systems should allow for fast, reliable offline verification with a good scanning device. States could partner with someone to make cheap, reliable, phone/tablet-attached scanning devices available widely off the shelf, rather than running "private pilot programs" that fizzle out, or handwaving.
Since mDL is an ISO standard, maybe there's room for someone to make a cheap mDL reader system for bars and restaurants, even if state programs seem overly shortsighted in funding this kind of development.
https://francozappa.github.io/post/2023/bluffs-ccs23/ and a related but slightly different threat: https://news.ycombinator.com/item?id=38661182 are why I have no interest in that end of the convenience---security spectrum. For clarity, I'm not yucking your yum, just hoping the future is not made up entirely of c libraries written by.. security insensitive.. developers protecting my house and car
Probably could go even further and only carry Apple Watch and AirPods in most cases!
18% of those who do not have internet say the reason is they can’t afford home internet service, and another 4% lack internet availability in their area, says https://www.ntia.gov/blog/2022/switched-why-are-one-five-us-... .
I don't know about the other 20%.
However, does this implement the ISO spec for drivers licenses in Apple/google wallet, or is this some home grown thing?
Unfortunately, history proves relying on regulatory oversight is likely to fail, be subverted or captured by special interests, possibly catastrophically, or worse, silently. This is especially true in rapidly evolving tech domains.
While I can understand that from a purely technical architecture design perspective standardization and centralization can seem like the correct approach, from a risk analysis perspective the downsides are simply too costly. It's really a case of being a reasonable choice "in a perfect world" but a terrible choice "in the real world."
The data and individual rights at stake are too important and too valuable to centralize into one juicy target certain to attract well-funded, highly motivated adversaries ranging from hostile governments, commercial interests and law enforcement overreach to some DMV clerk using a system design flaw to stalk women. None of those examples are theoretical since all of them (and worse) have already actually happened multiple times in different systems carefully designed with the best intentions and substantial legal, procedural and technical safeguards. Arguing "But this time the system won't fail" isn't persuasive when the risks are so high and track-record so clear. While I agree the current situation is far from optimal, we need to be incredibly cautious about jumping from the pan into the fire.
After all, it's simple, safe and easy!
After pairing it with your physical ID via NFC you can generate digital proofs of identity which are time based and contain the recipient's name and the usage for the proof.
Hint, they almost never increase privacy
I've been in an accident. They're trying to figure out who I am for whatever reason (i. e. to hopefully tell my family what happened). The paper card still works. The phone may have been damaged, had the battery go flat, or be locked and they can't guess the PIN. I'd rather they just look at the paper card.
Similarly, if I get pulled over, the cop knows what to do with a paper card, and it's not suddenly going to do something like flash a push notification, or lock the phone because he pressed the wrong button, and escalate the situation.
The problems this solves are both questionable:
1. I can load all my stuff onto my phone and don't need to carry a wallet! Good for you, honey. Frankly, retooling government infrastructure to satisfy an aesthetic pet peeve is sort of a waste of money. Worst case, get one of those fold-open cases with slots for cards, because you're going to have some card that can't be digitized anyway, even if it's the "collect 12 punches and get a free taco" card.
2. It might allow us to generate some "yes this person is over 18" display without leaking the home address. That's assuming that it gets built properly, and consumed properly. We've seen, well, every app in the world. Nobody is going to be selective with permissions when they can ask the moon, and people are generally not in a situation to negotiate over it.
I rarely carry a wallet anymore… Apple Pay, Colorado state app and my insurance company’s website (or pdf of my card) has all of the info I ever need.
But I agree that it should be off-device. It should be a smartcard.
There is a kiosk at SFO, but every time I’ve visited, it was out of order.
Another annoyance is that it’s not integrated with Apple Wallet.
Knowing how the government in California operates, this will likely become a money pit. They will probably abandon the project, sue IDEMIA for breach of contract (or similar reasons), and then start over.
Until then, i'll personally won't have any kind of online/digital ID
https://www.iso.org/standard/69084.html
Or is this something different?
The second problem is that even the SFO airport doesn't take them as legitimate IDs.
For the folks who are worried about giving your phone to the cop - I guess I am not worried about it much. The cop has the right to lethal force and probably knows more about the situation when you are stopped than you ever will. So they take a look at your phone? I don't assume they will just take and keep it.
If you need to call your mom, probably best not to call her when the cop is right in front of you. If you need to call your lawyer - you are permitted to do that by law. If you are Googling for what your rights are - you are doing it way too late.
If you hand the cop your phone, and then say “hey I need that back to call my lawyer” and they say “Sorry, no, I need to keep this for processing”, what happens?
There are cases every day where cops are just outright wrong about the law, your rights, or their own department’s policies. The law protects them from being either criminally or civilly implicated in most of those cases, because they’re not expected to be experts in the law. For most purposes, to have a case against a law enforcement officer for violating your rights, you’d need to show that their behavior was so egregious that it was crystal clear they should have known their action was a violation of your rights. And courts have looked very favorably on LEOs historically in this context: things that to a lay person would count as “obvious” have not met that bar.
So while you may, after spending a pile of money, time, and energy, find out that yes, the police officer overstepped, you’ve still been severely impacted by their action.
The QR code changes each time you open it. So you can't just screenshot it. I guess that's the same reason why you can't add it to Google wallet.
Apple could add an API to wrap apps in guided access automatically … or lock the device on app exit. But that’s not going to happen because they want wallet apps to go though their Apple Wallet APIs
If you’re worried about this keep your id card?
Besides, wariness is wise but assumptions are not.
I hate how police is legally allowed to lie and psychologically trick/pressure people into things they would not normally do. It makes me distrust and question everything they do and say, i.e. being uncooperative to them. Which they then can use as an excuse to escalate and detain or get violent to me.
Interacting with the police is a terrible experience no matter how upright you are because even if you are faultless, they can still make up shit to mess with your day, or life.
The single biggest problem in modern society is a dual rules we have for government agents vs the population at large, this can not stand in a free society. We all either have the same rules or we have tyranny there is no 3rd option
> The mDL offers a quick and secure identity-check at airports, without handing over your phone.