> Digital driver’s licenses cannot be used as proof of name and address to fulfill the lawful order of a police officer.
This drives me nuts…a police officer can look up my license if I offer my name and address. Why do I need to carry an easily lost piece of plastic and paper to prove I’m me? It’s harder to forge a record on the DMV db than my license…
This is a genuine question, if anyone knows the reasoning behind this I’d be thrilled.
But, in general, the further you get from physical artifacts and in-person authentication, the easier it gets to fabricate. I was pretty annoyed earlier this year when I had to show up at a brokerage office for something that was done over email and phone during the pandemic. But I also sorta understand the preference.
There's definitely a tradeoff involved with doing everything online vs. physically showing up in an office.
Even if there were ubiquitous, 100% uptime DMV database access:
If somebody looking roughly like you (or your DMV photo anyway) learns your name and date of birth, that could be an issue: Unlike a physical or digital license/ID, you can't revoke biometrics, and you can't change your name/DOB.
> Digital driver’s licenses cannot be used as proof of name and address to fulfill the lawful order of a police officer.
You know, it's pretty common for the police to accept registration and insurance on a phone.
I suspect officers will be able to use their own judgement and maybe bow to social pressure to accept it anyway.
Their own judgement might also go the other way depending on circumstances, and even with a digital license available, they might require a physical one.
The one time I got pulled over, the officer took my license and reg to run a check, I'm not sure I would want them handling my phone. I'll stick to the card.
Your average person couldn't forge either one. The CA license has a lot of anti-forgery features that I'm sure could be worked around, but not by anyone who isn't premeditating a whole lot of crime.
I can understand a reasonable wish from police departments to verify someone's identity even if they're in a place with bad cell coverage, or during a thunderstorm, or when the radio's busted. An ID card is pretty strong evidence of your real ID that doesn't require power or a radio connection or a computer. A cop can just look at it and say, no, that's clearly your older brother.
The world changed so fast. It was the norm when I went to college in the mid 00's to forge your birthday on your drivers license to get into bars. Kids will have a less interesting and unpredictable future I fear.
I would think "replay attack" works in a lot of cases now. Find someone over 21, get their barcode on the back of the license, sticker that over yours. For bars that just scan and get yes/no, you're in. No need to modify the face of the license, which nobody but the TSA seems to look at. (I buy sudafed every month... the pharmacy never checks that I look like the ID; just that the barcode scans.)
A place I used to work had 3D badges, so that your face kind of appeared to be sticking out as you inspected the badges. (Lenticular lenses.) I thought this was a neat security feature, so I color printed a copy of my badge and just put it in my badge holder in front of the actual badge to see if anyone would notice mine wasn't 3D. They did not notice, never in 5 years.
Having spent a lot of time around today's kids, particularly the ones who grew up in my house, I have the utmost faith in their ability to create new kinds of mischief. They'll be alright.
California licenses launched in Google Wallet just recently. I added mine last week. The thing I found interesting is that the instructions emphasized that you are not supposed to have to hand your phone to anyone. The license is checked wirelessly via Bluetooth. I'm certain people checking digital IDs are going to ask for your phone anyway though...
The hope when I was on the standard body was that norms would shift as technology enabled it to be shifted. That’s also the reason the ID can contain multiple records that attest various proofs while preserving privacy (eg a store age check for restricted items or bar age check wouldn’t get anything other than your photo and a statement that you’re over a certain age without revealing your name, birthday, etc)
Privacy is one nice benefit of the US Passport card, it doesn't have your address. Another big one is you can self-ID your gender so you can have a correct ID if your state makes it difficult or impossible to get a corrected driver's license.
In a physical context this needs a photo to be included in the proof too, right? So the instructions for the verifier includes matching the face with the actual person.
> ... digital driver's licenses and state identification cards are currently accepted at ... Apple Stores in the U.S. and in select apps that require identity or age verification.
Delightful.
It's only a few years until anonymity on the internet will be a thing of the past. Every account will be tied to your government issued ID card.
In the mean time, enjoy the novelty of using bluetooth to prove your age to the bartender.
It's funny. I switched back to using Bluetooth exclusively in my car instead of Android Auto because the latter constantly pauses functionality when I'm driving for "safety pauses". So I literally can't change the song on.
All I need is the technology, I don't want the product. The product intrudes on my life and personal decisions. Same with this ID/Wallet thing. I want the technology. I don't want the product.
Europe has had interoperable eID for a while now, yet it hasn't lead to an increased number of sites digitally authenticating me.
On the other hand, for the few sites that do have a legitimate need for wanting to verify my identity (banks, tax authorities etc.), I feel much better about using actual eID than doing the weird dance of sharing my SSN (the worst bearer token in history) and maybe uploading a photo of my license that they might (but probably won't) check for being lost/stolen/involved in prior identity theft.
Unlike with the "photo of a physical ID" non-model, eID even has the potential to only share some assertions about you selectively (e.g. only your age, but not your name or even date of birth, or a company-specific/non-cross-correlateable identifier).
I think that would have a pretty concerning chilling effect in many public forums.
Not everything needs to be on the public record permanently; among other problems, it makes it that much harder for people to walk themselves back from a previous extreme position as they grow up, make new experiences etc.
Of course it depends on the use case, but for some, pseudonyms are really great. It's working pretty well over here, for example!
Sure, and I have pseudonyms in some forums and I would prefer to continue to use those.
That doesn't mean there can't be optional forums or messaging platforms where everyone is required to have state-issued IDs.
We're pretty close to a world where anonymous forums are going to be overrun with LLMs that are somewhat indistinguishable from real people.
In addition, the main True Identity (TM) platforms are Facebook and Twitter, private companies in a privileged position regarding identity verification. I'd much rather have a public institution issuing PKI enabled ID cards and having individual states operating as certificate authorities with DMVs being the gatekeepers.
I think this is disturbing and should be made illegal—to tie a government service to a single corporate provider in this way. I don't care how much money Apple paid to develop this, or how convenient they made it for the state of Hawaii to adopt their ready-made product, or how inconvenient it would be to a do this in an platform-agnostic way equitable to all of their residents. This is simply a monopolistic abuse of government services, and of the public.
Any such service should be free and open to many providers, or not available at all. No fast-lanes for Apple customers. This is not how a fair, equitable public service should work.
- "Requires iPhone 8 or later with iOS 16.5 or later, Apple Watch Series 4 or later with WatchOS 9.5 or later" (hidot.hawaii.gov)
(I've browsed around this website and there doesn't appear to be any other option equivalent to this one).
The search term you're googling for is "ISO/IEC 18013-5", which explains how Apple, Google, and anyone else who wants to implement the standard can do this. Of course, then you'd need to go through a fairly massive audit for the local government to trust that you're not going to immediately upload all your users' PII to the dark web. I'd be shocked if Apple and Google weren't the first ones to successfully complete that part.
I agree with the sentiment. However i’m not too concerned about this specific situation because at least apple seems to have gone about it in a reasonable way.
They are forcing each state to build an integration, own the infrastructure, database, and code. Apple is also using a known standard. Using a standard is a good thing, and i’m glad that the state is not beholden to apple to run a core government service.
I’m glad apple didn’t push some proprietary BS and try to lock the state into their custom solution.
I installed the official App for California a while back but the kicker was they said you can't use it for anything. You still need a physical driver license for buying alcohol, if a police officer needs to see it.
Can't remember if they're even usable for domestic travel yet.
Oregon doesn't even have this on the radar anywhere, and I'm kinda bummed. Probably still carry my wallet with me for the indefinite future, but having an alternate option would be nice.
I'd be up for a mobile passport, too. Already has a chip anyway that gets read, so what's the difference? And on the plus side that would be something you wouldn't accidentally forget in the hotel safe.
What I'd want to establish, however, is what the backup plan looks like if your phone gets lost/stolen/destroyed. How quickly can I bet up and running on a replacement device, and what hoops will I have to jump through to get it working again?
I expect that, if this becomes the norm, you're basically in a world of hurt if your phone gets stolen, lost, broken, etc. Bad things obviously can already happen if your backpack gets lifted etc. But I'm personally already very nervous about tying everything to my phone. I do still carry a wallet, albeit a small front-pocket one with just a little cash and some important cards.
But, then, I don't really like not to have a paper map of some sort when hiking in unfamiliar locations either.
That's great - if it feels like a valuable service to you, then have at it! I'm not against the option; I'm just feeling really uncomfortable with the proliferation of "no cash accepted" signs I've been seeing lately, and it's easy to imagine the same situation developing with regard to the rest of one's wallet. "Pick which of these two giant corporations gets to control your proof of identity" is not a future I want to live in; I hope there's a way to avoid that.
I do some bartending and I'm really curious whats going to happen with digital wallets, on the ID and payment end. I think they're amazing and would love to not worry about losing plastic but we aren't there yet. Lots of POS systems need to be upgraded and that is not something bars are looking to spend money on.
I have 21yos come in all the time nowadays without a wallet/license/debit cards expecting to use digitalID and ApplePay for literally everything in their lives.
We reluctantly take Apple Pay now, the reluctance is it's not like opening a normal tab. The card number is rolling so you have to give give me a card first to even open a tab or else I have to trust you're "Jon at Seat 3 Who Will Pay Me Later", because I can't ring you out without grabbing your phone and shoving it at my POS right when you're paying out. Also I have to have you unlock your phone and bring it over to my POS and hope it doesn't lock by the time I scan it. And if its busy and you want to Apple Pay you're a nightmare.
I flew to Vegas last year with only a digital ID and paper temp, lost mine right before flight. I actually don't think I had any problems other than being brought aside to be searched at each airport since I was an "Exception" with my temp license but I know places for sure won't accept a digital ID yet for drinks.
Retail and a lot of places just aren't there with the tech yet.
Also.. will there really be an era where nobody can use fake IDs? They're kinda fun to catch..
When I use Apple Pay at a gas pump, it first creates a temporary charge for more than I'm likely to spend. When I'm done pumping, it charges the actual amount and removes the reservation. I wonder if a bar tab could eventually work like that, where you temporarily hold $50 or whatever and then reconcile it when I close my tab. As a bonus, you'd never have someone forget and leave there credit card there again.
A few years ago (pre-COVID) I somehow lost my license between the car and the airport door. To my complete amazement wasn't a particular issue with TSA. WAS an issue checking into a Travelodge of all places and only made it work by paying cash.
Yeah I've always wondered how bar tabs would work. Can they automatically be rung out (with the usual 20% tip) at the end of the night? That would seem to make sense and means people don't have to show up the next day asking for their cards back.
I just came back from short business trip Australia. Getting the visa was an interesting exercise, you install the AU gov app on the phone and fill out a form which at one point photographs your passport and then read yours passport via NFC to validate you were in possession of it and to get IDs and whatnot. It was a little finicky with the passport read, I had to move the phone really slowly across until it detected it and then NOT touch it at all. The submission took just minutes and the approval of the visa came in few more minutes later. Definitely a 21st century experience of submitting your ID!
I am comparing it to getting visa to China in 2000 which required me to send off all kinds of paperwork, maybe even my passport? I don't fully recall, but it took weeks.
It's been awhile since I've had a send off your passport for a visa situation but I've definitely done it a number of times and actually canceled a couple of business trips to India because the timing didn't work.
It's based on an open standard which Apple implements, as far as I understand.
State DMVs don't have to use Apple Wallet, in any case. I have a New York license that uses NY DMV's own (pretty clunky, to be honest) solution based on Bluetooth and QR codes.
Great to see this starting to spread. I don't live in Hawaii, but I am envious of those that live there that can now use this feature.
I live in California and have been wanting this for a while now. I just recently found out that California has a limited public rollout from last year [1], but it does _not_ have Apple Wallet support, yet anyways.
Also Californian, and I envy Hawaii this. I've had the CA DMV Wallet app installed since its launch. Every single time I open it,
1. It tells me I need to refresh my license. I click the button.
2. It tells me I need to log into the DMV website. I grit my teeth and log in.
3. It tells me my password has expired and I need to update it because no one there has read the NIST guidelines. I snarl and update it.
4. I get an error message that the system is temporarily unavailable or something and my password can't be updated, so I can't log in, so I can't refresh my ID, so I can't use the app at all.
At this point I only keep testing it out of sheer bullheadedness and a high pain tolerance.
Same here in Utah. We had crazies screaming about mark of the beast when digital ID first came up. They finally started it and it’s only through some garbage app. Probably someone connected or whatever.
I grew up in another state with a large population of religiously conservative residents. When Amazon emailed me an ad for their new Amazon One service[0] that lets you literally buy things with a palm scan, I was able to correctly name the people I knew who'd lose their freaking mind about it. I'm convinced that they didn't include one single evangelical in their focus group, or that they ignored the feedback.
That doesn't appear to be specific to the app. I also have the same thing happen on the website itself, on a desktop. It's not clear that logging in to the DMV is possible at all if your password is expired.
Why so many government services in the US have such an obsession with scheduled periodic password resets, which the government's own standards body recommends against, is baffling.
Yeah, I just tried and confirmed that I still can't update my password on my desktop since I last tried on my phone this morning. It's just made that much harder to try on a phone.
I have no idea. OK, I lied. I have some idea. At a previous job I had a meeting with an enterprise customer who was auditing our security controls. Part of the conversation went a lot like this:
Them: How often do you require your employees to change their passwords?
Me: We don't.
Them: Hehe, you'll have to start doing that!
Me: We comply with NIST 800-63B section 5.1.1.2 that says not to do that unless you suspect a password's been compromised.
Them: Uh, what? Can you send me a link?
Me: You bet!
My boss, to me in Slack: OMFG did that really just happen?
Yes, I did have (and do have) that exact citation memorized because it came up often enough that it was handy to bust that out. "Do you rotate..." "NIST!" "...once every 90..." "SP 800-63B!" "...days?" "5 dot 1 dot 1 dot 2!"
Meanwhile New York just absolutely had to do their own thing – or rather use a vendor's app-based solution that's still only available to iOS and Android, combining the disadvantage of being only available for these two OSes with the inconvenience of not being integrated to the respective wallet apps natively.
On the other hand, I’m glad that this is not being totally gatekept by Apple, even if that comes at the expense of personal convenience in this case.
I was surprised to get an alert months ago that Georgia was participating. Added my driving license to Apple Wallet … and had zero opportunity to use it from there.
It doesn't work well with TSA. It's hit or miss. At Hartsfield at least, half the times the reader comes back with an error. So the TSA person will ask me to show my physical ID. Initially I thought it was my phone, which is an old Iphone XS. Then I tried it my work phone which is a iphone 14. Same issue.
Down here in Georgia we got this option couple of years ago. It seems that only place its valid is at TSA checkpoints. But its still doesn't work well at TSA checkpoints. I've made several flights this year and on half of them, the ID checker has never worked. Requiring me to pull out my physical license to show the TSA officer. Not sure if its an issue with Apple wallet or the TSA NFC scanners.
I live in Hawai'i and have a Hawai'i driver's license. I don't own a phone, so this isn't relevant to me, but think it's cool, and happy for those who want it.
Also, for other HN readers from Hawai'i, check out the first ever Honolulu Tech Week happening next month: https://www.honolulutechweek.com/
They are working toward phones replacing physical wallets entirely. If your phone reduces the number of things you have to carry, that makes it more useful to you and therefore a better product.
Of course there's no chance I would stop carrying my license anytime soon. Maybe in 20 years everything will be ready for that to happen.
I go running with nothing but clothes, shoes, my Apple watch, and airpods. It's awfully nice to have the option to stop by the corner store afterward to grab a cool drink without needing my wallet. It would be similarly nice if I could use the same setup to stop for a glass of wine at the winery where I turn around and come home. (Bonus points that I can hail an Uber because I don't want to run home after drinking wine.)
I'm unlikely to stop carrying a wallet anytime soon. It's a welcome addition to have an extra form of ID with me in case my wallet was lost or stolen though.
Apple gets 15 basis points for purchases made through Apple Pay. If you don't carry a physical wallet/credit cards, that's a huge additional revenue stream they capture.
I don't believe Google has the pricing power to demand a cut of payments (yet), but they need to offer this to keep up with Apple.
For Apple it all contributes to selling hardware. For google, they make money from phone manufacturers installing the google suite by default (afaik), usage of Google, and data collected.
I'm afraid it's staring right at you, in the name of the app: "Wallet". They want to replace your wallet. It's not enough for them to be in every person's pocket; they need the rest of the pockets to be empty, as well.
And there are certainly people here who would like to get away from (and some who have) from carrying plastic and paper with them in any form. I don't personally agree in the reasonably near term but that's one perspective.
I think I agree with your comment the most, even though other comments did provide useful information.
I still think too many people suffer from the "Google, Apple, etc" want to do this because they are altruistic.
The only digital ID, wallet, etc I would want to use would be open source and non proprietary. Someone more intelligent than I could describe it more technically but I'm talking about a digital wallet that's the equivalent of SMS or ethernet. Like a technical standard, not a corporate product.
> Transmission of identity data to the identity reader follows the ISO/IEC 18013-5 standard, which provides for multiple security mechanisms available that are able to detect, deter and mitigate security risks. These consist of identity data integrity and antiforgery, device binding, informed consent, and user data confidentiality over radio links.
You know how some companies require a SMS capable phone number to "prove" you're a real person before they let you register an account? It's usually a measure to reduce spam, or prevent banned users from making new accounts.
It's pretty hard for your every day user to get a new phone number at the moment. Dedicated spammers can still get around it though.
But imagine requiring every user to provide their government issued ID on sign up! You instantly know they're a real person, their age, their gender, their demographics!
Oh yeah, and it makes banning / unpersoning people really easy too. The government can distribute a list of "wanted individuals", and they won't be able to use online services!
Aside from the data collection aspect, they seem to like adding features to their phone offerings so customers stay engaged and in Apple's case buy more products. In Google's case, it's all a big funnel to search.
Further adoption of just using your phone in replacement of your whole wallet.
Right now when I need to carry my ID I still just end up carrying my wallet. The wallet full of cards not tied to Google Wallet. When I buy things with the Google Wallet tap to pay I imagine they're getting some amount of metadata about that transaction.
Also, its yet another feature for Google to have over Apple, or vice-versa. If one side gets it, the other will probably want to match the feature.
I am very skeptical of digital IDs and digitization in general. I have a feeling it will lead to violation of privacy and an increase in government surveillance and control. Why do people welcome this?
the implementation seems quite reasonable to me. i’m not sure how this is any different than carrying your physical ID when going through TSA security?
i suppose you could in theory imagine a future where apps “require” you to supply this to access some service online? is that the fear?
Just FYI some financial apps already require you to take a picture with your drivers license and upload it as part of KYC and other requirements. Having an official way to validate this seems better than entrusting that data with private companies, no?
I fear things like needing to scan IDs everywhere (like public transit) and then having your ID revoked for whatever reason (political, financial, whatever). If you look at China, you can see how digitization has been abused to infiltrate and control daily things.
got it. i mean, what’s to say a physical ID cant be black listed today…nothing stopping them from creating a black list of ID numbers. Would be trivial to do from the governments perspective.
Does anyone have a handle on how we’re getting screwed by RealID? The state governments are pushing it surprisingly strongly and without really explaining what is wrong with the IDs we already have.
When I lived in a state without REAL ID, I showed up at the DMV with a couple of easily forged papers and walked out with a drivers license. Did you know there's not actually an official government standard for a christening document, and you could make one at home on a laser printer if you wanted to? Getting a REAL ID was the first time I ever felt like I'd truly proved my identity to a reasonable standard.
I'm sure some states without REAL ID already make it hard to get a license. That wasn't my experience though. Missouri and Nebraska were more like, "oh, you've got a letter from your neighbor vouching that you're really Rusty Shackleford? Here you go, Mr. Shackleford!"
I think states and the feds have a legitimate non-nefarious interest in proving a person's identity under the appropriate circumstances.
Texas allowed midwives to personally issue birth certificates. The political machinery in Texas has been historically pretty egregious on their abuse of these sorts of systems. They’ve cracked down in recent years.
Birth certificates in general are pretty awful. IIRC there are like 12,000 known entities that issue them. Big states have required central registration for decades. For example, in New York the local municipality issues the birth certificate, but files a copy with the NYS (or NYC) Department of Health. Some smaller states left it to the town clerk in some tiny village. (Or did until relatively recently)
There are many many corner cases with these sorts of records. Normie middle class people born in the US with two parents have very neat chains of custody of their records. There are millions who have very messy backgrounds or who don’t have their DOB or name officially recorded at all.
Thats why voter ID laws are awful. You don’t have a fundamental right to an ID or obligation to have one, but you do have a right to vote. Putting friction in front of that is a means to disenfranchise people, it’s a form of poll tax.
Huh, I didn't realize there was that much variance. I was also a little anxious that you were going to complain about Texas previously allowing trans people to update their gender or something similar.
I totally agree about voter ID laws. I'm sympathetic to at least the claimed reasons for wanting them, but in practice there's statistically insignificant amounts of provably invalid voting. It's not worth disenfranchising millions of legitimate voters to stop the handful of frauds.
Exactly. The problem with voting is that nobody does it! ID is a weird issue that unites the extreme left and right of the spectrum.
The reactionaries are worried about the mark of the beast nonsense. When they cared about civil liberties beyond firearms, that would come up too. The left wingers are worried about disenfranchising the poor and elderly.
Thats one of the reasons why the ID landscape is and has been so crazy - there was opposition to central birth records 100 years ago.
Texas isn’t alone - in point it out because a few years ago a few thousand people, including serving military officers, were effectively stripped of citizenship. They were likely born in Mexico and issued a birth certificate on a fraudulent basis as an infant.
REAL ID is a federal standard for verifying identity and producing matching IDs. State identification cards and driver’s licenses that doesn’t conform to REAL ID only follow the standards of the state that produced it, and not the federal one (hence the pending regulation that federal orgs, including the TSA, would only accept REAL ID compatible identification, and not the state-only regulated identification cards).
Like it or not, it's effectively a federal ID. Look at some old state drivers licenses and they would be laughably easy to forge today without even photos. And that's not even getting into the back-end information exchange.
I mean, if your position is that state IDs shouldn't really mean much, that's fine. But say that. But without REAL ID we'd require at least passport cards for air travel and a lot of other federal-related purposes. Which is fine I guess but probably a more expensive and heavyweight process than it needs to be.
We already are able to travel without any “passport cards”, with the IDs we already have. And with pervasive facial recognition they already know who we are. If I were to guess it’s not just the ID that’s changing, it’s also the backends, which would no longer be per-state. But I’m just hypothesizing here. I’d appreciate if someone knowledgeable chimed in
There was definitely some standardized data exchange stuff involved though I never dove into the details. REAL ID effectively does as a federal ID, albeit in a somewhat more politically palatable way in a country where a lot of people have an aversion to federal IDs and databases at least as they relate to domestic travel.
If I read the legislation correctly, states are required to check the relevant federal databases to validate status of non-citizens (if you provide a document attesting citizenship, that check needn't be performed), and the social security numbers of anyone providing it.
I don't know if the immigration status checks are tracked, but the social security number checks are, as part of the check is to verify no cross-state usage of the same number for different identities.
RealID essentially ties your identity from a state id perspective to your SSN.
The Feds are trying to mandate it, hence the push.
The issue with it is that many people, especially the elderly, poor people, and kids in complex non-custodial families have a hard time getting their physical social security card. Replacement of that document is a major pain in the ass.
It’s a big waste of money, tied to even bigger wastes of money like voter id.
This drives me nuts…a police officer can look up my license if I offer my name and address. Why do I need to carry an easily lost piece of plastic and paper to prove I’m me? It’s harder to forge a record on the DMV db than my license…
This is a genuine question, if anyone knows the reasoning behind this I’d be thrilled.