The disturbing thing is that instead of breaking monopolistic behemoths who are feeding their empires from our data, governments are offloading more power to them. If some form of Digital ID is required it must be done on government level with proper public oversight and always available analogue procedures and backup.
But this is convenient, you say.
What is this? Because you have a digital gizmo, knowing all about you, you cannot comprehend the magnitude of situation? You trust a private corporation more than actual laws and government procedures and you feel right and cool?
You have nothing to hide and everyone is having your data anyway?
The Minority Report version of the future is building in front of you and you don't care, because is convenient?
Are you not informed? Are you technically uneducated? Or are you blind? CCP Social rating is working in China. In the next two years will work globally, under different "democratic" branding.
What is a logical response? The logical response is simple. It is time to balance convenience with privacy and some form of "realistic" view of the world.
This corporate power will be abused. The question is how soon.
>You trust a private corporation more than actual laws and government procedures and you feel right and cool?
Governments all around the world have proven many times that they are corrupt, incompetent, constantly make _horrible_ mistakes that impact our privacy, etc.
What's your point exactly?
So have private corporations. The point is that government at least has a mandate to protect it's citizens. Corporations explicitly do not care... and in fact there are many situations where they would be taking on significant liability if they put user privacy above profit (putting any above profit risks a shareholder suit or shareholder activism to bump executives/board)
In Brazil the government has its own app, through which you can produce both your driver's license (it's a national license) and the registration for you vehicle when required. A QR Code is generated along with a fac-simile of the paper-version of the document.
Solutions must be created publicly with active participation of experts from different domains.
Regulations and laws must be defined with expertise and care for the future of humanity, with proper protection of privacy and existing legislative frameworks.
There are proven principles that define our world.
The tech overlords are playing gods at the moment, and the minions are following the lead.
Solutions arise when expertise is manifested trough political and public action.
Bed time stories about convenience and trust are for kids. Grown-up humans are using history as a reference to protect the future and work actively towards balanced implementation.
One logical tech solution is everything that is of critical importance to be open-sourced and scrutinized on a regular basis. The other is to regulate big tech and create a line that cannot be crossed.
What is Apple anyway? Entertainment company? Utility company? Automotive company? Digital services company?
Now they are police and government?
Whats going on actually?
> Regulations and laws must be defined with expertise and care for the future of humanity, with proper protection of privacy and existing legislative frameworks.
This isn’t happening.
> Whats going on actually?
Because it isn’t happening, Apple is offering commercial solutions.
A corporation like Apple has by definition a conflicting view on upholding the law. They have financial interests, and putting someone with that in charge of identity (and therefore all freedom rights) is the definition of as corruptable as possible.
Apple cannot be trusted as long as they even don't give a damn on paying taxes. They only give a damn about the law when it fits their financial agenda.
> The disturbing thing is that instead of breaking monopolistic behemoths who are feeding their empires from our data, governments are offloading more power to them.
I was on the ISO standard body for a short time on this. Not sure how much impact I had, but I advocated for this. There were also proposals for letting you only disclose subsets of information, although I don't know the state of that adoption. This would, for example, let you present your verified ID at a supermarket for restricted items purchase without disclosing anything other than that you are of a sufficient age and a photo (no name, address, etc).
RDW (the Dutch DMV, except allowed to be technologically competent) allowed the excellent prototype work that they funded (built by engineers at UL) to be open-sourced (https://github.com/mDL-ILP).
As per the announcement, the prompt will show you what information specifically the reader is requesting, which implies that depending on the use case it will be configured to request only the information needed (if your local supermarket requests your home address or anything else besides your age), you'd see that and be able to refuse the prompt.
Thank you for advocating for it, I am sure it made a difference!
I know even in the US when stores started scanning physical drivers licenses people were / are irked when we're talking about validating a birth date... I think just presenting what the user wants is a good proposal.
> I don't want to hand an unlocked phone over to someone just to show ID.
this reminds me of a time when i traveled to Canada from U.S and the customs dude wanted to see my return flight ticket. I handed over my phone without thinking much and i can see from the glare on his eyeglasses that he opened my Messages app and scrolled through them and also went inside my conversation with my Dad. it was a learning experience.
What a creep... People will often abuse any little power they have. You should have reported the guy, anonymously if possible.
As for the problem at hand, ideally we should be able to 'lock' the device on a certain screen or while using a certain app whenever we wanted. Notifications disabled as well.
How long until we get a video of the first officer demanding the person hand over their phone because "I just need to take this back to my cruiser to verify your ID"?
You can currently use Wallet and Apple Pay without unlocking the rest of the phone. I'm sure they've thought of this and probably made it so that only the license can be unlocked.
In my state of Australia, NSW, we have digital IDs we can access through the state services app. I was glad to know I was never required to had my device over. The cops can look but not touch which is great.
> Biometric authentication using Face ID and Touch ID ensures that only the person who added the ID to the device can view or present their ID or license in Wallet.
Triangulation isn't needed. Most phones have GPS chips already. If your phone is powered on, and with you, there is no difference between presenting an ID on the phone or physically. The carrier and (for most people) a bunch of apps on your phone already know your location and who you are. Data brokers have merged this information with your credit cards, vehicle registration, voting records, social media posts and tons of other information to create a digital twin. In fact, they probably already predicted you would be at the location you're worried about keeping private before you even arrived.
This person can comment wherever they want— and the implication of your comment (that someone is out of place or out of line for expressing opposition to digital government ID on a monopoly's platform) is ridiculous.
I'm not. I'm in a comment thread about Apple announcing the first states to adopt a digital driver's license. I don't have to be a supporter of that news to comment in a thread about it, do I?
No, I’m saying you’re in the wrong thread to be complaining about pre-existing biometric authentication (Face/Touch ID), being used to verify ID usage on the same phone.
I also think you misunderstand how biometric models on phones/laptops work.
We are building a society where one or two companies get to decide "I don't like your face" and then you are shut out of communication, commerce, and now mandatory interactions with the government.
The decisions these companies make will be unaccountable, probably with the input from an inscrutable AI, and limited only by the terms of service which you click through without reading.
The dystopian consequences of this trend are so concerning, they deserve to be brought up in every thread on this site.
There have already been cases of people having their YouTube and Gmail accounts blocked because of their politics[0] and app stores are notorious for banning apps (and thus businesses) that allow access to legal but politically-unpopular speech[1][2]. You might argue that this censorship is a positive thing, or at least legal, for these platforms to do, but I don't know why you would call my concerns "fake FUD".
I admit I was using the phrase "I don't like your face" as it's a provocative idiom, but this article is about a technology which stores pictures of people's faces, and is activated by a picture of their face, so the real issue is that companies might react negatively to what's behind someone's face — that is, their opinions and beliefs — and lock them out of this facial recognition ecosystem.
None of your examples have anything to do with the commenter’s faces, and everything to do with their hate speech and/or rule breaking.
You’ve linked stories about Jordan Peterson, Dissenter, and Unjected as if they prove your point about biometric authentication, so I’m going to stop commenting now.
It sounds like you took my comment about not liking faces too literally. I apologise if my metaphorical use of language was ambiguous, and I can only take comfort from the fact that the people who upvoted my original comment seemed to have understood my choice of idiom.
Typically better because the phone is locked & the data is stored within the SE, which puts it out of reach for most people. The proposal (not sure if adopted) was also that these have extremely short expiration times (like on the order of a month) so that you need to resign the credentials through the government body regularly. This further limits the damage - just report the device is stolen. This should put it on the revocation list & will prevent the government issuer from reissuing the ID (this also keeps the revocation lists shorter as they can be pruned).
That raises an interesting new dimension: the ability to revoke someone's ID remotely (if there is no physical version) by twiddling a few bits in a server somewhere.
Wouldn't someone be able to do that now if they were able to gain access to the DMV/police/state database? You might have a physical ID but if they called it in it could be flagged as revoked or something else.
I think you would still at least have a shot in hell since that physical id is in-hand. Maybe it could be flagged as revoked but the cops would have alternative ways of checking it out or at the least visually inspecting it and deciding you are at least who you say you are on the ID. This versus your soft-id just disappearing.
Your ID wouldn't disappear from your wallet, though. It would probably just show an alert. Either way, the cops would have to check the validity of your license/ID. They don't just accept IDs at face value unless they're only verifying something like your age.
> That raises an interesting new dimension: the ability to revoke someone’s ID remotely (if there is no physical version) by twiddling a few bits in a server somewhere.
For most critical uses, you can do that now, since IDs are electronically verified against a central server. For incidental uses, sure, an unverified physical ID works.
Of course, using a third-party ID storage system on which you have an account increases the threat surface to which that threat applies, since there are more places where compromise can occur with the ability to kill your usable ID that way (your account, the storage system, the ID issuers systems vs. just the first of those.)
> Biometric authentication using Face ID and Touch ID ensures that only the person who added the ID to the device can view or present their ID or license in Wallet.
I assume it works similarly to Apple Wallet currently does:
If you double click the power button without looking at the screen, it’ll request face unlock for the payment card; and after exiting this screen, it still requires another face unlock for the phone itself.
I don't know if Apple has it but a secondary sort of light lock unlock layer might be kinda weird ... and disconnected from the existing ID system we have.
Not impossible, probably a good idea, but it would be some level of friction you don't have with a typical ID.
I assume it works similarly to Apple Wallet currently does:
If you double click the power button without looking at the screen, it’ll request face unlock for the payment card; and after exiting this screen, it still requires another face unlock for the phone itself.
I learned this with the App Store last week. My flight was delayed and I needed to start looking for a hotel since I would miss the last flight home at my connection. Masked up at the airport, I inadvertently triggered this lockout. At least I know FaceID is somewhat secure.
If you are aware that your iPhone has been stolen, the first thing you should do is mark it as lost/stolen in iCloud. This will deactivate all functionality behind a newly assigned pin code.
Despite the constant of pessimism about tech. I think most folks glib claims of "yet" don't happen.
And I kinda wonder what use all that pessimism is in the face a protection that we would seem to want ... we like that it doesn't inform the state when the ID is presented right? No?
I think you're underestimating what DID happen. I think anyone from the 80s, 90s and even 00s would be shocked to know what's going on in the private data markets of today.
- Apple, which previously has stated that they have a strong commitment to privacy & encryption, starts scanning photos on local devices; an expansion of their previous policy of scanning/sharing only data in iCloud [link](https://www.eff.org/deeplinks/2021/08/if-you-build-it-they-w...)
- The censorship of the lab leak theory for covid is a particularly interesting one... in 2020 it was ridiculed and censored, and then began to be taken seriously by the US govt and other "official" sources, showing that the censorship was way out of line [link](https://www.wsj.com/articles/facebooks-lab-leak-about-face-1...).
Does that mean you don't sign in to your email provider (or any websites) on your phone? Or that you only use the browser in private mode and close all tabs as soon as they are done?
Just curious how you mitigate the danger of a third party accessing your private information if your phone is ever lost/stolen.
If you are logged in to your email on the device, whoever gains access can trivially reset most of your passwords though, so even if your password manager is locked, it only helps for passwords for things that don’t offer an email reset option…
I am not particularly paranoid but I would feel very nervous about living like this…
Yeah, I know they can reset my passwords. They would have to care enough to do that first. They're not going to reset my bank password like that though... there is more security than just a password there.
So what are they going to get to? My Amazon account? I don't really care about that.
No, you can only use it (for credit cards) if you have a pin, face unlock or fingerprint id enabled on your phone. It has no locking ability on its own.
> Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma, and Utah are among the first states to bring state IDs and driver’s licenses in Wallet to their residents
This currently may only be for a TSA usecase but this area of using a phone to show ID starts to get very murky very quickly
My insurance company has an app that will display my proof of insurance - just hand your phone to the police officer at the stop.
The trouble is you are legally surrendering the possession of your unlocked phone to a police officer who can then search through it. I asked a lawyer friend about this and he said the law doesn't allow you to granularly declare the terms under which you surrender your property (ie you can't say "don't look at anything else officer, just keep that app window open").
It's the same with finger prints as biometric - no one considered that you can plead the 5th when asked for a pin code but you can't decline to have your fingerprints taken (including on your own phone sensor). I'm assuming face recognition is same.
Back to this Apple Wallet announcement, TSA scanning is a very restrictive usecase that feels like just a wedge otherwise it's pretty low value.
But then why would anyone want to hand over their phone to the police (or another government agency) so they can take the phone with the ID on it back to their cruiser to write up your ticket. Of course they are going to have a quick search through your phone. That's not paranoia, that's good police work on their part.
Adding your government ID to Apple Wallet just seems like something that sounds technically cool but not properly thought out OR will only have very limited usecases.
There's an iOS feature called Guided Access[1], which allows you to hand over your phone in a limited-access state (locked to the current app, optionally with areas of the screen disabled for input - or whole input classes like touch/keyboard/motion/volume control disabled). You can also apply a time limit, after which time the phone requires you to authenticate (you can even prohibit Face ID to exit guided access, requiring a PIN instead).
Once enabled and in an app, you just triple-click the side button to start
It's not designed for fully-untrusted users, of course - my understanding is that no in-memory key storage is invalidated. It's useful for handing a phone to friends and relatives to browse some photos with limited access to the rest of your files, and without notifications appearing
Too bad that apps cannot access integrated Guided Access APIs. It's a little clunky for most people to remember to use this setting for sharing something like an ID.
> It's the same with finger prints as biometric - no one considered that you can plead the 5th when asked for a pin code but you can't decline to have your fingerprints taken (including on your own phone sensor). I'm assuming face recognition is same.
Always worth mentioning that you can hold power and either volume button for 3 seconds on an iPhone to disable biometrics until the next unlock. It brings up the power off/SOS controls, but dismissing those will require a passcode to unlock.
Good to know as it's fairly easy to do in a pocket or when under duress.
You still need to Face/Touch ID for Wallet, as you already do.
It won’t unlock your device as well, is their point. Just like Wallet currently operates.
> Biometric authentication using Face ID and Touch ID ensures that only the person who added the ID to the device can view or present their ID or license in Wallet.
That's fair point which I both missed and not personally familiar with as I'm an Android user (Android's equivalent of Apple Wallet does require you to unlock your phone).
I still worry about relying on my phone to hold my ID and then surrendering my phone when it's reasonable for the other party (presumably a government entity) to want to look at it in more detail or take the ID away for a period of time (eg during a traffic stop they will take your ID to run you through the computer and write your ticket up)
I also worry functionality like this leads to changes in general expectations which leads to more implementation that may not be as carefully executed
> Android's equivalent of Apple Wallet does require you to unlock your phone
There is no single equivalent, you are free to choose yours. PassAndroid is quite happy to show a pass on a locked phone, although you have to start the app first, but it's the best you can do in Android.
With Face ID, there's also the risk that a malicious viewer who is holding your phone could point it at you and get it fully unlocked before you are able to react. A cop who is standing at the window of your car would absolutely be close enough to do that. The only way this would be safe is if it engaged the emergency mode which requires the PIN/password to fully unlock.
I have children who like to play "unlock the phone" games, and we have tested quite a bit.
In my experience the cone is rather larger. Holding the phone and looking at the forearm or below it - which is easily 40 degrees off - will still unlock.
Not only that but you are legally permitted to withdraw your consent to search at any time. Just merely handing your phone to an officer unlocked does not permit a limitless search and seizure.
However if during that time the officer sees material that constitutes probable cause for a search, they can seize the phone without your ability to withdraw consent.
As mentioned in my previous comment, a lawyer told me you can't arbitrarily withdraw your consent in that way you are describing.
The police officer may also have taken your phone back to their car to use the ID details to write up the ticket so you can't easily ask form the phone back at that point.
However it'll very likely require first unlock which puts the phone in a very vulnerable state (storing unencrypted data, or at least the keys in memory).
It is way easier for law enforcement to get into phones after first unlock than it is from a powered down phone.
Before First Unlock (BFU) is a term used to describe the state of your phone after it has booted and been unlocked at least once. Even if locked again, the phone is still in a less secured state until it has been shut down again.
The linked to quote does not describe it's ability to function before first unlock. Many phone functions are disabled in the BFU state.
And one day these bugs will be worked out and it'll be commonplace.
We do a great job of pointing out the things people will stub their toes on, technologically, and then fail to take advantage of the improvements when they become commonplace.
Sure, using my phone as my identity, medical record, car key, and ATM has potential flaws...but then they're mostly worked out (or end up being not an issue) and...hey, it's a pretty neat idea.
(that just happens to lock you into a walled garden, leasing the hardware, for the rest of your life.)
I’ve seen the non-tech version of this first hand. A wallet was handed to a police officer at a traffic stop to show the ID in the clear plastic window. The cop then rifled through the rest of the wallet and found a second fake ID.
Imagine a cop taking your unlocked phone back to his car to “run your license”.
One use case for this is places like Pennsylvania where you typically need to produce a government-issued ID to purchase alcohol.
In 100%-proof-of-ID stores, cashiers often don't look at the photo on the ID, they scan the bar code on the back of the Driver's License that's presented.
Why not use the Digital ID in an Apple Wallet in those situations?
THIS is what strikes me as the use case for this, and 100% absolutely not using it with any interaction with the law. Preferably the only way I ever go through any law interaction with my phone on me is if it's turned off, or at the very very least have used the emergency function to disable Touch ID/Face ID which also discards the transient keys for decrypting storage (and no I don't use iCloud Backup or iCloud Photos). Smartphones and computers at this point fare essentially exocortexes, but the law does not protect them the same way it protects the contents of our minds.
However, there are lots and lots and lots of private interactions where cryptographic assertable proof of identity would be enormously valuable and a big win for privacy, fraud reduction etc, but the other party certainly has zero right or capability to demand your device, go through it and use force against you based on what they find there. Not just in retail but particularly online the state of identity verification in the US is just fucking abysmal even now. Common workarounds include stuff like literally taking a photo of your government ID and then emailing it, which of course is terrible in every respect.
From the description and example screen it appears this offers reasonably fine-grained information options. So if there was a secure generally available API ala Apple Pay wherein sites could simply request the minimum needed like age verification and address verification (obviously I'm supplying the address anyway to have things shipped, but this would help assert that yes that was my address) that could be quite valuable if still imperfect.
I'm surprised so many of the comments jumped right to presenting ID to the government. This sort of thing was exactly what I had in mind too. My watch can already:
- stream music when I go for a run in the park
- give emergency info to first responders if something happens to me while I'm out
- pay for the bus or train home if I need it for some reason with Omny + Apple Pay
- pay for things I stop to buy with Apple Pay
Giving govt-issued proof of age so I can buy a beer on occasion after a workout without taking my drivers' license with me is a welcome addition to all the rest of that power.
If I'm crossing a border, I've already got alternative hard-copy ID on me.
In the words of Neil Postman "What problem is this technology trying to solve??"
I just don't get it. How much easier do you need it to be than to hand someone an ID card?
The trade offs being made here for the ever slightest convenience make absolute no sense to me.
It is this weird technological addiction to novelty even when there is basically no value or even difference. The only gain is that it is new and novel.
It's not just convenience -- it's also about privacy. For example, I don't like disclosing my home address just to prove I'm old enough to buy alcohol.
With this, I won't have to since it allows for asserting proof of age without disclosing additional information.
Makes sense. COVID vaccination credentials are a great example. The work done with SMART health credentials and vertical solutions like NY Excelsior Pass and Israel’s Greenpass pave the way.
Being able to pay to bypass TSA or cut the line for TSA has always been a thing. Private jets, Precheck, and this monstrosity where you pay a private company to become a more equal member of US society:
I'm not sure it's ALWAYS been a thing, or at least it's scale has definitely grown more recently, but, yeah, that's why I thought of it being extended to 'those with e-wallets', of course.
I do won't do any of that "clear" or even "pre-check" stuff just on principle; most everyone I know thinks I'm crazy. I try to fly as little as I can these days, even before pandemic, it's just so unpleasant both in terms of security/dignity as well as physical comfort.
Digital ID for everyone, here we go.
Globally, right?
Not for me do. Until there is no other option than this, I will refuse it.
If I am lucky I have 30-40 something years ahead of me, more is a bonus territory.
So I intend to live as a human being, not some database record "because of digitalization".
If this means not to have smartphone or using computers in local networks, so be it.
Big F--- you for corporations and governments of the world for collaborating behind the scenes to move us to Minority Report reality.
Apple the global leader in surveillance and government control. Who would guess?
What is the new slogan Apple: You are living it wrong?
> So I intend to live as a human being, not some database record
You are already a database record, so are you not currently living as a human being? Do my medical records prevent me from living as a human being? I have so many questions.
I'm not grandparent poster, but depending on who supplies and configures the ID reader, a digital system makes it easier to track people. E.g. if you show your ID at a liquor store, currently the cashier would just check your age and then forget about you. If s/he has a barcode scanner or an Apple ID scanner, then that scanner can log your visits. And your whereabouts can be tracked by following where your ID was scanned throughtout time.
In China, ID cards have RFID and they have to be scanned when entering a train station or airports (or the old town of Lhasa in Tibet), so a future government here might abuse a similar system to track you and maybe harass you by saying "You were in this area yesterday, there was $SOME_BAD_EVENT, what's your alibi?". China also implements long distance travel bans by refusing you entry to the train station/airport, e.g. if you have a bad "social score", which, I imagine would be ripe for abuse in a Trumpian regime. (Although the FBI already abused the no-fly list for the purposes of harassing individuals)
> If s/he has a barcode scanner or an Apple ID scanner, then that scanner can log your visits
This system actually lets you only supply your age to the reader and no other info, to avoid the tracking. In other discussions of this, I've learned that many shops and bars in the US already optically scan IDs to verify them digitally (not trusting staff to verify security features), so this is actually an improvement on privacy compared to before.
Can someone explain the huge net gain in conveinence you get from not carrying a wallet?
I know if I drop my wallet, the cards inside will still work. They won't be out-of-service-area or forgot to be charged.
The wallet also caters to many use cases the phone will never support. That can be high-tech stuff like some obscure closed-loop fare card or keycard system that isn't NFC-compatible, or the paper punch card from the local burrito place.
And it lets me carry cash, which is still less of a production number for plenty of informal payments-- I'm not walking through a Apple Pay/Zelle/PayPal transaction at a yard sale.
Maybe it's because I'm fat and wear loose fitting clothes-- having a wallet in my pocket is not a huge frustration.
You say this as if having a physical wallet doesn't also have huge downsides in exchange for being physical.
If you drop your wallet and lose it, someone has access to everything you have and any accounts tied to anything in your wallet. If you lose your phone, they get nothing.
If you have a physical card and it's been worn down, it will fail to scan. That's never an issue with digital cards.
Physical wallets have physical limits to how much they can carry without being a giant lump in your clothing. Digital wallets stay the same size no matter what you put in them.
Physical wallets are limited to what you put in them. If you forget a punch card, boarding pass, or ticket, you have no recourse. Digital wallets never lose anything and always have ways to retrieve the passes or cards within them.
We could go on and on but both options have advantages and disadvantages...
I am preserving your and some other (more explicit) heavily-downvoted comments here that paint a disturbingly prophetic picture of where things are going to go. We know what's happening to our freedoms and what the future will look like. Too bad there's not enough of us to fight back.
>> Too bad there’s not enough of us to fight back.
I don’t think so. You can see glimmers of hope in people who refuse to buy into propaganda every day if you go looking for it. Just today, for example, Project Veritas successfully got a California high school teacher fired for literally trying to convert his students to communists.
There are lots of people doing horrible things with tech, and programmers willing to write the shit code that executes on those desires, but all of that comes from the desire for more money and power. It has always been the case that smart humans with drive chase money and power, but it often only takes a small handful of people to bring change to even the worst tyranny. Don’t lose hope for freedom, friend.
The rise of authoritarianism isn't a left vs right issue, unfortunately --- same with things like right to repair and such issues of ownership; there's no one big side that's for or against.
Why is this being done by Apple and not the government itself? This should be device agnostic.
Like Indian Govt's DigiLocker.
https://en.m.wikipedia.org/wiki/DigiLocker
What makes you think governments aren't involved? The article says:
> Apple’s mobile ID implementation supports the ISO 18013-5 mDL (mobile driver’s license) standard which Apple has played an active role in the development of
If you do a little casual googling, you will find references to the Australian government being involved in the development of that standard. You can also find proposals from the US Department of Homeland Security that refer to the standard.
Speaking of Google, Wikipedia says
> For example, Android's JetPack suite comes with specific support for ISO 18013–5 from version API 24.
REAL ID only happened because of 9/11 (reactionaries are against it) and figured out how to use it to suppress voting. Individual states vary greatly in the US - there are people who don’t want people to have easy access to ID.
Im not super fond of the idea of having a brand lock-in to make it easier to work with the governments. This feels a bit like a world where Turbotax was the only game in town for softwares to file taxes. So you'd have either the manual way, or Intuit and that's it.
This isn't as bad, and I didn't look much into it so maybe there's stuff I don't know that lessens the negative, but seeing it being Apple specific doesn't make me feel so good.
Yeah, the case where I can see myself using this is if I wanted to pop out to pick up food or something real quick, I could actually leave my wallet at home (using the payment and now DL on my phone).
Previously I got very limited use out of phone-based payments because I had to have my wallet on me anyway, for my ID.
Arizona is one of the few states that already has a digital ID through the DMV. If you download the DMV app, you can scan the barcode on the back of your license to get your digital copy. It doesn't go into Apple Wallet yet but it's legal and has an interactive certification banner to prove it's real.
Seems like this would work best in places with free high-speed public wifi and device charging infrastructure. Do those places exist? Western Europe, East Asia? As with the rest of Apple Wallet/Pay offerings, turning analog into digital has its trade-offs.
So when your iphone gets hacked they have every thing they need in a nice neat package to make your life hell. The more valuable you make the phone the more likely bad actors are to go after it ... I can only see bad things from this.
I am from outside of US and don't grok all the nuance of US laws. What is the difference between having my driver license in Apple wallet and having a digital photo of it in my phone?
Certification, basically. There's nothing that validates that the image is authentic if it's just a picture. Having it in Apple Wallet validates that it's a certified ID. AZ, for example, is one of the states going first because they already have a Digital ID. From what I understand, the digital version shows the same info as the ID but has an animated certification banner that can be interacted with to verify that it's a legitimate ID.
Thank you for reply, it's getting clearer now. Still don't understand what exactly is being certified here. Does Apple wallet somehow communicates with government database and verifies the ID, and then protects it against spoofing with some kind of government-approved cryptography?
At this point it isn't even a big deal. Apple has and can see all your nudes in your non-e2e iCloud Backup (including all of the ones sent to you by others, even via SMS), all of your chats, your address book, your phone number (your iPhone uploads it to Apple when you insert it, even if you don't use iCloud), and device serial number (sent to iTunes when you open the App Store). They have your 24/7 location if you have location services enabled.
Providing your name and address is basically no big deal at this point.
One ID, strongly linked to government identifiers, strongly linked to every activity you take on your most important computer, one you can't install apps on without permission.
They don’t have your location. That is passed in an encrypted form from device to apps like Find My Phone. Apple’s servers don’t store it, nor have access.
This is false. The device transmits all visible Wi-Fi access points and their signal strengths (which is analogous to your location) to Apple at all times. The API returns location data to the handset.
There is no way to verify that Apple's servers don't store this information.
They absolutely have access to it, as they provide the location information to the phone based on the Wi-Fi data.
Apple says [0]: "These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."
The phone uses a local database of wifi locations to help triangulate on-device. Separately, the locations of wifi APs are uploaded to apple to maintain the database, but the source of the data is not saved, just the location of the WAP. A subset of the database is cached on-device.
They tried to clear this up in a 2011 press release but of course it just comes down to trusting it works the way apple says it does:
In time, if not already they will be more powerful than governments. How far away are they from passport storage? What if they produce their own apple passport predicated on the data about you and the trust score you have.
There is a reason the writer stopped making Black Mirror.
You’d still have your physical ID. It would be reasonable for there to be statute that prohibits Apple from revoking your digital ID, as the state retains the property rights of the ID, not Apple.
I think the idea that an id would be digital only but then you're beholden to whomever software runs it would be frowned upon by the courts pretty fast.
Lots of 'software gone bad and dorked up someone's life' kinda situations out there but when it comes to IDs and simple interactions like presenting one the courts are pretty generally pretty reasonable.
I would expect some physical ID to continue for a long time.
You’ve got a lot of faith in the courts. What if our government becomes more dysfunctional? What if court appointments become super partisan and the other tribe is appointing them?
I would guess that a physical ID makes the states and the economy a lot of money. It cost almost $40 to renew a license here in Alabama and it can be done in less than 15 minutes. It is a token that allows third parties to verify the ID of someone with pretty good accuracy.
So far as I know, Apple can change arbitrary bits in the memory and file system of any online device they make. So, they can turn it off, change files, change the functioning of processes and apps, including removing any particular app. They can cause an iPhone to not display an image of or transmit the details of a drivers license, even if one is stored in the device, despite the effort of the user.
But the status of being licensed to drive is kept in one or several databases controlled by one or many states or agencies. Similarly, the status of having a credit card is kept in a database controlled by at least one credit card company. Licenses and payment accounts can be verified for everyday use with less than 100bits even without a physical or digital representation of the card face available.
If Apple can stop a device from transmitting or displaying license details, then I guess you'll... need either a physical copy or the license number.
I use Apple Pay quite a lot and I'm looking forward to vaccination record support in iOS 15. But I don't think I have a use case for this. If I did, it would be my choice; I don't particularly like do not need to unlock, show, or hand over their device to present their ID.
Still I'm ok with Apple providing this feature, but I have to find a use case before I'd use it. And I don't like its opt-in once, broadcast thereafter approach.
It doesn't exactly 'broadcast' your ID, physical proximity to your phone is still needed. It's like adding a loyalty card, etc. to apple wallet where you can just tap your device to the reader.
I'm hoping it's like Apple Pay, where I choose and authorize with Face ID + button. It shouldn't be passively readable. Anyways, it will be awhile before it applies in California. CA DMV is not an early adopter of this.
According to the announcement, that's exactly how it works. It uses the same functions as Apple Pay, Transit Passes, and Rewards cards to authenticate/authorize and then uses the new digital ID standard to present.
That's what they said about RFID until it was broken, and people starting building hardware that could snoop on it from a backpack several meters away.
What part of that don't you like? You'd still need to authenticate your device no matter how you present it. You just don't have to unlock the device to validate your ID. It would work exactly like Apple Pay.
Interesting. If they can make the creation of these state IDs free and easily done remotely it may tip the balance towards making voter ID laws reasonable. If all major smartphone providers implemented this, smart phone ownership is already 80% and growing among the poor ($<30k / year)in the united states according to a google search.
Never understood the voter id controversy. Even India which has a lot of poor people mandates voter IDs and it's easy to get one. And there are 800 million voter IDs in India.
If India can do it then why can't USA?
It is the "easy to get one" part that is often the kicker. There are a lot of examples out there, many of them concerning poor people, but I will use my late grandmother as an example:
In 2011 Wisconsin instituted a Voter ID law that required a valid government ID in order to vote. Being in her 90s at the time my grandmother had stopped driving (at her childrens' wise insistence) a number of years prior. That being her only government ID that was acceptable, she needed to get a renewal of it, but this time as a non-driving ID.
So she was taken to the DMV to renew it, only to be told that they could not renew it (or convert it), because it had expired too long ago. She needed to start the application from scratch, and for that she needed an original birth certificate, with a stamp. The only birth certificate that she had had no stamp (the county she was born in not having had one until much later). So that was going to require her to get a new one of those.
So my aunt called around, finally finding the proper number for the hall of records in the county where my grandmother was born. Unfortunately it is a small county, so the hall of records is only open once or twice a week for part of a day... and the only place they accurately record that is on the door of the building apparently. So just getting in contact was quite a pain (a couple weeks of occasional work).
Then we learned that she would have to present herself in person to get her birth certificate. I remind you that she is in her late 90s at this point, and had never traveled far in her life (the farthest ever was probably to my wedding on the other side of the state), so this was not going to be a minor trip for her (only an hour-and-a-half... but for her...).
This was just too much for her, so she gave up. She grouced about not being able to vote in what wound up being her last major election, but... the hurdles she faced were just too much.
She had voted in pretty much every election she could, but her last one was denied her by the Voter Id Laws.
The answer to your question is that this is entirely an attempt by one political party to make it harder for people to vote, knowing that the people with the largest hurdles are likely the ones who are going to vote against them. It is disgraceful and underhanded, especially from the party that likes to associate itself with religion.
Pakistani living in US here. As far as I understand,
Democratic party has relatively poorer voters. Some of these voters do not want to take off and get their voter Id, because if they do, they will loose their wages for the day.
Republican party wants to make IDs mandatory so that these guys won't come and vote.
If you look at percentages, these voters will be less than 1% of the electorate...but important American election results are decided by a single county or a few 1000 votes, so these issues make a lot of headlines. In India, the victory margin is higher, so it doesn't make headlines yet
You can't just assume that the background is "ID works like it does in India", because it doesn't. (E.g. from my understanding, India has a free central ID system for all citizens, in the US that is something many people fundamentally oppose ever existing. And in reverse, people push for requirements on voter ID on top of just "an ID", which again excludes people and causes opposition to voter ID laws)
Exactly. Even as a New Yorker , I can’t get my ID without an accompany physical document proving who I am. The only document I have that is my Birth Certificate and I’m lucky enough that my parents still had it. If they didn’t I would have to wait 1-2 months to get it. And that’s not even mentioning the fact that an appointment for the DMV is 2 months out as well, so even if I didn’t have the birth certificate there would be waiting either way.
Voter ID laws should never be thing unless people willing to accept a national database and they’re free and given to everybody and can be given in a speedy matter with little to no obstructions.
Its largely a political issue in which the republican party claims fraud is rampant without voter IDs but simultaneously makes it difficult for poor people to get them. In many locations they're not free. In some, like Georgia I think, it is free, but you still need to gather documents and go to a DMV and register, which is, frankly, difficult to do when you're poor and don't have a car.
The effect of requiring voter IDs when they're not free AND easy to acquire is disproportionately preventing the poor from voting vs. stopping fraud.
The key part of your statement is "and it's easy to get one." Voter ID requirements in some US states is usually accompanied by a very restrictive list of acceptable forms of ID, and the requirements for getting such IDs are often tightened. Making it easy to get an ID is not the goal of such legislation.
Has one political party in India got a long history of using voting qualification mechanisms to exclude large groups of the population from voting at all?
Because the US does: these mechanisms replay the old literacy tests which were used to disenfranchise immigrants and Blacks in the US until the voting rights act was passed.
For clarity, while India does have a voter ID system distinct from the national Aadhaar ID, the voter ID itself isn't required to vote. IIRC any government issued photo ID (like Aadhaar) is accepted.
If voter ID laws were accompanied by a strong push to make it easy to get the ID, I don’t think there’d be much pushback.
This is analogous to simultaneously outlawing abortion and making it very difficult to get good sex education in school, defunding Planned Parenthood, and underfunding the social safety net for poor mothers.
There is going to be a rough transition. Suppose I live in Oklahoma, which accepts driver's licenses in Apply Wallet. So I leave my physical driver's license at home. Later my friend in Texas calls, so I cross state lines and the police pull me over. Now I don't have a license the police will accept?
A valid license is a valid license? Whether or not rural cops are aware is a different issue. I'm also curious how it will work to hand over "license and registration" info. Traditionally, you give them your physical license, they might go back to their vehicle with it, and come back after several minutes. No way I'm giving them my phone!
Until the technology is ubiquitous, people will have to carry the physical copy like normal. If it becomes ubiquitous, it should become ubiquitous in tandem with something like a handheld scanner the police brings to your window. Will it ever completely replace the physical copy? I doubt it... Apple Pay has been out for 6 years now and not all point of sale terminals accept it. It's hard to know beforehand which places accept. Not to mention that phones run out of battery and can get misplaced. Redundancy is good.
Why wouldn't the police accept a legal document that is valid for the state you received your drivers license in?
Police in Texas also will happily accept a drivers license from out of the country in whatever form that happens to be. Same way I can travel around Europe with my US drivers license...
> Presenting a driver’s license or state ID to TSA: Once added to Wallet, customers can present their driver’s license or state ID to the TSA by simply tapping their iPhone or Apple Watch at the identity reader. Upon tapping their iPhone or Apple Watch, customers will see a prompt on their device displaying the specific information being requested by the TSA. Only after authorizing with Face ID or Touch ID is the requested identity information released from their device, which ensures that just the required information is shared and only the person who added the driver’s license or state ID to the device can present it. Users do not need to unlock, show, or hand over their device to present their ID.
Please read the article. It's presented there, and not even hidden away.
TSA aren't cops. I was referring to a traffic stop, where the default order from a cop when presented with something like this would be simply "give me your phone."
If the cop doesn't have a reader that can read this on his belt, he is not going to accept it anyway, just like they wouldn't accept a photo of an ID. They'd require the physical license.
If he has a reader on his belt, you would still not need to hand over the phone, you would just tap it on his reader, which would then prompt you to agree to share the specific fields from the driver license that he needs.
I mean yeah, of course they could still demand your phone, they can also demand you get out of the car, handcuff you, search the car and take anything they find on the most vaguely worded suspicions, but there's no technical solution for that problem.
Yes, they should verify the information with their reader. But many wouldn't.
I'm Ukrainian, we've got a government app called Дія, that contains a digital copy of ID card, driver's license and some other documents. The document is presented in text+photo form (which is obviously easy to fake) and in form of a QR code that has a TTL of 3 minutes. Police is supposed to scan the QR code with the same app on their phone and that will load a copy of the document from government server, which is a way to properly verify the document.
Still, on my last interaction with police, they just took a picture of my phone screen. It would take a bit of time to train all personnel on using digital documents.
Even though a normal transaction won't have you handing your phone over to TSA or the police, I am still hesitant of showing them that you have access to unlock the phone.
What happens when the traditional "analog" alternative is no longer commonly used? Digital, network dependent "upgrades" to traditional protocols and infrastructure are obviously convenient, but what happens when the network fails? When carrying "old style" ID becomes inconvenient and "unnecessary", do entire classes of services simply shut down if the network fails, suffers some sort of DOS attack (or overloaded OCSP server), or a terrorist (or unlucky backhoe) cuts an important fiber optic cable?
Are services like a "digital wallet" useful? How are they harmful? These questions are, of course, very important and need to be carefully investigated. However, whenever this type of technological convenience is introduced that might de facto replace existing protocols or infrastructure people currently rely upon, I rarely see any discussion of the ramifications of introducing technological interdependence and the resulting transitive risk.
Dan Geer, on this topic[1]:
>> The root source of risk is dependence, especially dependence on the expectation of stable system state. Dependence is not only individual but mutual, not only am I dependent or not but rather a continuous scale asking whether we are dependent or not; we are, and it is called interdependence. Interdependence is transitive, hence the risk that flows from interdependence is transitive, i.e., if you depend on the digital world and I depend on you, then I, too, am at risk from failures in the digital world. If individual dependencies were only static, they would be eventually evaluable, but we regularly and quickly expand our dependence on new things, and that added dependence matters because we each and severally add risk to our portfolio by way of dependence on things for which their very newness confounds risk estimation and thus risk management. [...] Remember, something becomes "a critical
infrastructure" as soon as it is widely enough adopted; adoption is the gateway drug to criticality.
>> The most telling fork in the road of them all is whether we retain an ability to operate our world, or at least the parts we would call critical, by analog means. Analog means, and only analog means, do not share a common mode failure with the digital world at large. But to preserve analog means requires that they be used, not left to gather dust on some societal shelf in the hope than when they are needed they will work. This requires a base load, a body of use and users that keep the analog working. [...]
>> What we have here is an historic anomaly, an anomaly where the most readily available counter to an otherwise inexorable drift into a vortex of singleton technology risk and the preservation of a spectrum of non-trivial civil rights is one and the same counter: the guarantee, by force of law where necessary, that those who choose to not participate in the digital melange can nevertheless fully enjoy life, liberty, and the pursuit of happiness, that to opt out of the digital vortex does not thereby require that they live in medieval conditions, and, by doing so, we reap a national security benefit in the bargain as those opting out are the base load for the analog alternative. [...]
>> And that is what I am here to tell you, that the future of humanity and cybersecurity are conjoined, so that as we prepare to make some decisions that are of the fork-in-the-road sort, we need to think it through because in making decisions about cybersecurity we are choosing amongst possible futures for humanity. Those decisions will be expensive to later reverse in either dollars or clock-ticks.
>> The onrushing world of full personalization means the rational decision for the individual or the small entity does not and will not aggregate into the rational decision for society at large. Perhaps that is the core effect from a rate of change up with which we cannot keep. [...]
>> You, we, are the masters of the universe now. What will we do with that power, which we have but a short while more?
>We should start thinking about how to ensure that physical IDs will always be available
Same the reason why I am extremely against getting rid of physcial money.
>Create a user controlled devices to store critical documentation like this (something like a crypto wallet but with an easier setup/interface)
Yes. This. One point in time you would have thought having everything on your Smartphone, everything simple was utopia. But reality is we need better power structure and separation of concerns. Or in reality I lost trust with Apple.
I don't know. I really don't like big companies forcing themselves into this. There are already great open source solution ready to be used like IRMA[1], I would love for them to be used instead of Apple or Google becoming even more indispensable.
But this is convenient, you say. What is this? Because you have a digital gizmo, knowing all about you, you cannot comprehend the magnitude of situation? You trust a private corporation more than actual laws and government procedures and you feel right and cool?
You have nothing to hide and everyone is having your data anyway? The Minority Report version of the future is building in front of you and you don't care, because is convenient? Are you not informed? Are you technically uneducated? Or are you blind? CCP Social rating is working in China. In the next two years will work globally, under different "democratic" branding.
What is a logical response? The logical response is simple. It is time to balance convenience with privacy and some form of "realistic" view of the world. This corporate power will be abused. The question is how soon.