Privacy @lemmy.ml Moonrise2473 @feddit.it 3mo ago

I realized why governments are so fast in approving digital ID cards on smartphones

In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it's valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought "wow this is so convenient I won't need to take the wallet with me anymore". I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn't want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say "wait I pin the app with a lock so you can't see the content?"

"I have nothing to hide" but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

143

143 comments

In Brazil, the officer just uses their own phone to scan a validation QR on the ID app, at no point your phone leaves your hand and in a few seconds the officer has what they need. Shouldn't this be the case in the EU? AFAIK the officers only take your physical ID to check the number, so if you're using the app they shouldn't need to confirm that as the info is already validated
- Isn't it impressive that we in Brazil sometimes create the best and most simple solutions to problems, but no one will imitate us and will keep insisting in their problematic systems, because we are the third world and supposedly can't get anything right? It's sad when we end up replacing our own good things, because even we think we're inferior in everything and can't come up with a good solution for anything.
  
  Say what you will about the country, but gov.br and PIX put everything else to shame and no one even came close to something like that
  
  For all that Russia is an imperialist police state, our e-government services are pretty slick too
- As op said, the whole point is to get you to hand your phone over unlocked. Thats the point.
  
  But you're not handing your phone over, it stays in your hand and if there's a QR code to scan they'll scan it with the phone in your hand
- I believe EU also requires that you give up login credentials if they are biometric in nature. Meaning if you use a fingerprint reader or face unlock you are required to provide that to law enforcement when asked. So either way if they want your phone's contents they can get it.
  
  They need a warrant or probable cause for that, but yes they can compel it unlike a password. It's still a search and needs to be lawfully done in the first place.
They went as far here in Ukraine as making some services exclusive to those who have the app. The official government app for digital documents and services, Diia, also has stupid integrity check, which makes it unable to be installed from Aurora Store, which makes me cut out from such services, because I don't have Google Services installed. By the way, there are Google trackers in the app.
- Yeah, welfare here is mostly app/phone based. You can technically get around it, but it requires visiting a dwindling number of centres very regularly and waiting in long queues.
- The IRS (tax authority) in the US has Google trackers loaded into the DOM including pages listing your Social Security number too, yikes.
Yup, if you hand them your unlocked phone they can look through it.
They don't need to take your phone with them. They literally can just scan the code, because it sends all the info to their screen, that they were gonna look up anyway.

No way the government implemented an app for this use case. That's extremely inefficient.

I thought you actually tried, that they took your phone?
- Illinois at least passed a law to limit the consent given when using a digital ID with a police officer such that they’re ONLY allowed to use it for ID and not snooping, but that’s the only state to do so.
  
  https://www.eff.org/deeplinks/2024/10/should-i-use-my-states-digital-drivers-license
  
  But do you trust them to follow the law? I certainly don't.
- Couldn’t these apps also use the Android/iOS’ wallet manager which allows handing it over unlocked while the phone is “closed” (not necessarily locked, though…)?
  
  I don't know if they could, because they will probably compromise all information into the wallet.
  
  But it's a good idea. I hope that it can be implemented like you said in a secure way.
On iOS you can enable Guided Access and restrict what one can do, for example disable touch and lock it to an app, until you enter a Code. I imagine Android will have something similar.

This obviously doesn’t protect against electronic forensics, but it does protect against just opening different apps and searching through the phone manually.
- Yes, Android has app pinning. But they still have access to anything the app gives them.
  
  They can see my ID on the phone. But if they want to take it, then no, I don't have that ID on me. But then, I live in the US where digital ID isn't valid.
  
  It is valid in some states. OP raises an excellent point. I live in the U.S. and have the digital ID on my phone, but I won't be handling it to law enforcement. I'll make sure I have the physical copy when I'm driving.
  
  You can block off certain sections of the screen, or disable touch completely. If all the info they need is on the screen just make it so they can’t tap anything.
Digital licence is all I have used for about 7 years. Police here are careful never to reach for a phone as they can't legally. You display the licence and give it a shake to animate it and they copy the number down in their notebook. If the police ever did illegally take a phone I would wipe it and replace it and lodge a complaint.

They may have similar protections in Europe. People often post opinions on social media without checking facts. I get why on commercial social media where everything is rage bait. But i don't know why people can't take a few minutes to check local laws before posting here.
- Probably because I live in America but we don't trust police to not do something just because they're not supposed to. They do it all the time here.
Why is nobody mentioning that by installing it and authenticating, there is sweet fuck all you can do to stop them tracking your movements and downloading your whole address book so they can see who you Associate with?

Taking the phone isn't the problem if they are already in it.
- You have to explicitly allow that, at least on android. However, most people hit allow and don't think anyways :/
  
  iOS too. Permissions can even be given only while the app is active if it “requires” them, or for location for example an approximate one is sufficient.
- In most phones it is possible to set permissions (to contacts, locaton, etc) for every app.
- Honestly, I wouldn't worry about all the comments discussed here. Mainly because the governments already have access to everything and I mean EVERYTHING. They will get a subpoena in under a minute if they want to check something regarding your digital life. Not condoning it, just a fact of present life.
  
  Mainly because the governments already have access to everything and I mean EVERYTHING.
  
  There's limits, largely around the speed and accuracy by which data can be ingested and processed. You can look for everyone somewhere sometimes and someone everywhere sometimes and someone somewhere at any time, but it takes a ton of digital resources to monitor everyone everywhere all the time. For the data to be meaningful it has to be interpreted.
  
  Manned checkpoints allow local state actors to make decisions in near-real time relative to immediately present information. The classic example is someone with a stale warrant or notice on their record. The sheer volume of delinquents makes pursuing every individual troublesome, but as soon as a known offender steps across a checkpoint the police can pounce on the individual offender in that instance. If you've got a five year old traffic ticket, a police officer can be in your face about it as soon as they run your ID.
- fwiw, my state's mobile id app doesn't even ask for the location permission. so maybe some, but it's not universal
If you are on android you can use screen pinning. That way phone won't get locked and bother the police but they can't switch to any other app without your password.

But I don't know how much I'll trust an app by government. Maybe in Europe that app is Open source.
- Wouldn't trust a gov app in europe either. But then again i don't trust any app and have them firewalled at least .
  
  The EU covid app was released on fdroid. I would trust it if it was open source, audited by a third party, and finally made available on fdroid.
- For some reason that's only a thing when navigation is set to buttons, when using gestures it's not available. So yeah it's a bit hard to go to settings, change the navigation mode, turn on pinning, pin the app and only then hand over the phone...
  
  I also have my phone setup to gesture navigation. If I swipe up and click on app icon I see option to pin it.
Hi, Your dedicated local Secret Service agent here.

We don't need your smartphone to access your data. We have surveillance equipment for that. That is why we can scan the qr code of your ID app and do the checks we need.

If you want us not to track you, you need a degoogled smartphone and use cash exclusively. Also you could use a vpn while you browse the interwebs, but we ll still be, eventually, able to see where you browse.

BTW we don't stop randomly ppl on roadblocks. You or your car or your route or all of the above was of concern for us.
- They aren’t from the USA
You're absolutely right about the danger of giving up your phone, if the police wanted to take it from you. By sticking with traditional documents you remove any pretense they might have to try. It is not a stupid call, it's just less convenient - but then, security is always a compromise with accessibility.
I just double checked on my phone, on Android you can pin the current app, that limits access for the user to only that app. Unpinning requires you to essentially unlock the phone again. I wouldn't hand my phone to a pig either, but if I pinned the app, it would be secure enough for a traffic stop.
- For people with iPhone you can do this too.
  
  Go to settings and pull down with your finger to get the search box to appear, then search for “Guided” and click “Guided access”.
  
  Enable this setting as well as toggling “Accessibility shortcut”. Now you can open an app and triple click the lock button and select guided access.
  
  Then on this screen you can press start in the top right or options in the bottom left to refine the controls, for instance:
  
  Side button
  
  Volume controls
  
  Motion
  
  Software keyboards
  
  Touch
  
  Time limits
  
  Now the phone is locked in that app and to come out of it requires the passcode.
  
  Thanks man. This is really useful whenever i need to show someone anything on my iphone.
- Does this work well for the camera app when I'm filming the police
As others already stated there are solutions already to pin apps and to be honest, I feel I would not give the phone to a policeman like that.

On the other hand, what I'm more concerned about is giving the access to my phone's data through different permissions to my government.

For example this is the list of permissions for the Hungarian government app: https://reports.exodus-privacy.eu.org/en/reports/hu.gov.dap.app/latest/#trackers
Nah, I'll just carry my ID card around.
Not in Australia where it is illegal for the police to touch your phone.
- They can compel you to reveal your password ~~without a warrant~~ but can't touch your phone? Is that a state law?
  
  Dont we have a right to a lawyer and to not self incriminate? Surly they need a court order to compelled u to reveal ur password?
There's a good chance they have a Cellebrite in their car and will copy your entire phone's storage over.
- And you'll get a tinfoil hat as a reward
  
  Yeah because the police using a commercially available and ridiculously cheap device to copy data from your phone is totally unbelievable. I must be the crazy one.
  
  News flash, they're not FBI tier ultra classified tools anymore, you can find them on eBay for less than $1000. There's a good chance that's cheaper than the phone you have right now. You think a police department who is already intent on scrolling through your phone while "checking your ID" wouldn't just put one in every cruiser?
- Forensic acquisition tools like Cellebrite take hours to clone storage. Not saying they wouldn't do it, just saying that legitimate acquisition that can be used against you has to be collected in a very certain way for it to be proof.
Pit it on another phone that you keep in your car or another profile with nothing else on it
- That sounds like carrying an ID card with extra steps.
- Or... Keep the card in the car?
- A phone that still has your GPS tracking data stored in it?
  
  ...no
that's odd. in south africa while we don't have a digital license the physical ones do have a code. they scan the code and that's it. they never take the license unless they asking for a bribe.
To add to this, a lot of what keeps us safe is the friction of bureaucracy. Authoritarians cannot micromanage every decision you make or round up every person they want because those actions take time and resources that aren't infinite. But you can reduce the time and resources required if you make identification more convenient and therefore enforcement more targeted. Maybe now they can justify making you present ID every time you pay cash at Starbucks, buy a backpack, get on a bus, use a bike share, watch hot snuff porn, you name it.
- Every country in Europe that has vastly better privacy laws than the US, also already has national ID since forever.
  
  Now they even became electronic biometric IDs, and I still don't need to show it whenever I buy a loaf of bread.
  
  Even if, why would anyone ever want to bother when they could just track your payment cards?
Do not have a mobile device

Do not install anything proprietary or governmental on that device you don't have

Use borderline secure (GrapheneOS) OS on that device you don't have and don't unlock it if demanded unless your health and/or life is in danger
That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

Bare minimum, it would take a substantial amount of time and resources to harvest data from every phone of every driver passing through a particular checkpoint. Not that I'd ever recommend handing over my phone to a cop, but this kind of data transfer isn't trivial. And its not clear what a street cop is going to do with 10 GB of accumulated vacation photos.

On the flip side, if you have an Automatic Backup feature on your phone, its going to a cloud computer somewhere. And that cloud computer is almost certainly compromised by the state digital security agency (and probably a number of foreign security agencies). At that point, it doesn't matter if you've got a physical id or a digital one, just knowing who you are is enough to tie you back to that digital archive.

But... again, what is it that front-line state agents are planning to do with all this data? That's never been made particularly clear.
- it's more like searching messages for some keywords, then use the result to justify a full car search
Convenience always has a cost
We have that app and I never give my phone to anyone. Nobody asks me for it, not even the cops. They just note the details and take it with them.

Oh, and the cops don’t care about your photos or messages when all you’ve done was exceed speed limit by 10km/h.
- In normal countries
  
  Police in the US have admitted that traffic stops are just a way to search people and find bigger charges. Cops like that are absolutely nosing around your phone.
  
  Lets not bring that capitalist dystopia to a discussion about functional countries.
  
  In the US they need probable cause. Just leave your window rolled up and give them the finger when they knock. They'll puff and shout, but eventually they'll let you through. Be sure to film it and make it clear you're filming
You can pin the app (android) or have it in guided access mode (ios). Although, yeah, I wouldn't be surprised if there's an exploit to get out and access memory it shouldn't. Maybe if you install the govt spyware app in a different user profile (Android) then it will be restricted to that certain memory.
Either have a cheap second hand sim less phone just for that or carry the physical Id or perhaps a copy of the physical id.
I have the digital id in case i forget my physical one (despite not legaly being required to carry id) but its in an empty graphene os profile.
That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

Do they actually take your phone when you present it to them for digital ID? They don't scan it and bring up the same information on their scanner?
- No they don't, they just scan it and dont take the phone. But of course, they could.
  
  That's true, presenting your phone to them would make it easier for them to invent a reason to take your phone
Meanwhile, there's me who just likes paper versions of this stuff because I like to be able to order a backup hard copy just in case something happens to the first one.

Edit: I'm a fucking dumbass. I was 100% aware they were talking about driver's licenses, yet I was only referring to other vital documents like one's birth certificate, and yet I didn't make the connection in my brain. Apologies. :/
- Wait, what? There are countries that let you have multiple valid copies of the same ID??
  
  Sorry, my bad. I meant more stuff like the birth certificate and other vital documents. I really should've specified.
  
  (I swear I'm not a dumbass sometimes.)
If you use an android phone, just create a separate account on your phone just with the apps you want the police to see. No email, photos, social media, or anything. This way you can switch to the restricted user before giving the cop your phone.
Don't get me wrong, it's great that you figured this out. But why did you not consider this sooner? Wouldn't it have been obvious that you would have to have the phone unlocked and that having a police person have any access to an unlocked device would be a real problem?
- What's obvious to you may not be obvious to other people?
  
  Likewise, what's obvious to you at one moment may not be obvious to you at another, simply because you're thinking about the situation from a different angle.
Containerized apps on Android when?
- There's already a containerized Personal / Work split in the OS. You'd think the partitions could be made smaller.
  
  But then Google is as deep into the NatSec industry as any other tech company. Even if you have containerization, there's little reason to believe Five Eyes doesn't have a back door.
This is the biggest issue I have with them. The only way this will work in modern society where the police can't be trusted, is if the ID is accessible while the rest of the device is locked down.

And that's really only possible if Apple and Google integrate that directly into the OS.
- It is.
  
  Apple has "guided access", android has "pin app".
  
  I only have experience with the latter, it works by opening the task management view, and selecting "pin application" on a running app.
  
  That then locks the device to that app. To access anything else, it has to be unlocked as if the screen were locked.
  
  App Pinning DOES NOT lockdown the device, even if you have it set to require a PIN to unpin, biometrics still work to unlock the device.
  
  It also gives you a warning that personal data may still be accessible and the pinned app can open other apps. It specifically says "Only use app pinning with people you trust"... which is the exact opposite of the use case here. And app pinning is turned off by default, you have go go searching in the settings to enable the ability.
That's a limitation in your countries implementation then. The owner must have full control of what data to present or at least category based requests.
For the most surface level concerns like risking them accessing any app on your phone, you can enable app lock on those that support it. Usually the most sensitive do: WhatsApp, Signal, banking apps and others.
If they don't, take advantage of the private space which locks apps until you unlock, and you can relock whenever you want
I'm thinking of going stoic and dropping anything Android, but this would require setting up an emulator working good enough for WhatsApp, Google Authenticator, MS Authenticator and probably something else.
I've always just shown a scan of my ID on my phone. It's just a picture?
- and they accept that as a valid id? I mean in a store ok, but a public official? It's incredibly easy to make a fake screenshot
  
  the digital version of id cards are glorified qr codes: they scan it and their device downloads from the government servers the official version. Or, for offline usage: the qr code contains all the data, signed with their key, they check if the signature is valid
  
  Yeah, I think they have some sort of input for the ID. Number if they want that's visible on the photo
Yeah, as a rule you should always turn off your phone before approaching any control point like that
What's the possibility and legality of something like getting implemented in the US?
- drivers licensees are by state and my only federal id is my ss card which doesnt have my picture or any current information. i dont think it would work as well here since you would need 50 different apps
  
  Google wallet has begun implementing state IDs depending on the state.
But they have one advantage: They are way easier to counterfeit. Meaning that with a few months of programming at most, if you ever find yourself on a run, you'll be able to ID yourself on trains or buses or check in to hotels with fake personal info.
- you realize they're more than just your picture on a screen, right? there's a whole public key private key verification process that happens, which covers your photo and personal info, at least from what I understand of ISO 18013-5.
  
  if anything it should be almost impossible to make a fake mobile id, barring exploits in reader software or the govt leaking their private key.
  
  Yes I do. Therefore I would never use it in front of state authorities, but I doubt a hotel receptionist would make use of a pubkey cryptography.
- i don't think that there's no check at all. There's either a server side check or a digital signature to verify, or both. You can trick the train ticket check (here they don't even scan the qr code, they see the screen on the phone and continue) or the lazy airbnb landlord, but that can be done also today
No, se facessero cosi basterebbe che tu toccassi il bottone di blocco mentre glielo passi... A ripetere fino alla nausea.

No credo che la realtà sia differente: cosi ti invogliano ad avere l'app IO installata sul telefono... Semmai è quello il cavallo di troia.
NSA has all your info already anyway
- more certainty and specificity is more betterer

143 comments