In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?”

“I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

  • shortwavesurfer@lemmy.zip
    link
    fedilink
    arrow-up
    0
    ·
    15 days ago

    Don’t get me wrong, it’s great that you figured this out. But why did you not consider this sooner? Wouldn’t it have been obvious that you would have to have the phone unlocked and that having a police person have any access to an unlocked device would be a real problem?

    • EveryMuffinIsNowEncrypted@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      15 days ago

      What’s obvious to you may not be obvious to other people?

      Likewise, what’s obvious to you at one moment may not be obvious to you at another, simply because you’re thinking about the situation from a different angle.

  • halcyoncmdr@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    15 days ago

    This is the biggest issue I have with them. The only way this will work in modern society where the police can’t be trusted, is if the ID is accessible while the rest of the device is locked down.

    And that’s really only possible if Apple and Google integrate that directly into the OS.

    • MentalEdge@sopuli.xyz
      link
      fedilink
      arrow-up
      0
      ·
      15 days ago

      It is.

      Apole has “guided access”, android has “pin app”.

      I only have experience with the latter, it works by opening the task management view, and selecting “pin application” on a running app.

      That then locks the device to that app. To access anything else, it has to be unlocked as if the screen were locked.

      • halcyoncmdr@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        15 days ago

        App Pinning DOES NOT lockdown the device, even if you have it set to require a PIN to unpin, biometrics still work to unlock the device.

        It also gives you a warning that personal data may still be accessible and the pinned app can open other apps. It specifically says “Only use app pinning with people you trust”… which is the exact opposite of the use case here. And app pinning is turned off by default, you have go go searching in the settings to enable the ability.

        • MentalEdge@sopuli.xyz
          link
          fedilink
          arrow-up
          0
          ·
          15 days ago

          Was definitely on by default on my device.

          Personal data is still accessible, if the app you choose to pin is something like the dialer, or your mail app, then yes, you can obviously access contacts and emails. The feature doesn’t block the pinned app from accessing everything it normally accesses.

          As for opening other apps, this applies to stuff like links or launchers. If the app has links somewhere, you could open your default browser app. It does not allow you to “escape” the pinned app to anywhere else in the system, unless the pinned app has a way to launch other apps the way launchers do.

          The feature could certainly use improvement, but if it were only useful with people you trust, it would be pointless.

          It’s obviously intended for situations where you have to let someone use your phone, and don’t want to give them free reign. With people you trust, you wouldn’t need something like that.

          It’s far better than nothing, and is in fact part of android.

  • Virkkunen@fedia.io
    link
    fedilink
    arrow-up
    0
    ·
    15 days ago

    In Brazil, the officer just uses their own phone to scan a validation QR on the ID app, at no point your phone leaves your hand and in a few seconds the officer has what they need. Shouldn’t this be the case in the EU? AFAIK the officers only take your physical ID to check the number, so if you’re using the app they shouldn’t need to confirm that as the info is already validated

    • atrielienz@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      15 days ago

      I believe EU also requires that you give up login credentials if they are biometric in nature. Meaning if you use a fingerprint reader or face unlock you are required to provide that to law enforcement when asked. So either way if they want your phone’s contents they can get it.

      • NotMyOldRedditName@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        15 days ago

        They need a warrant or probable cause for that, but yes they can compel it unlike a password. It’s still a search and needs to be lawfully done in the first place.

        • atrielienz@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          14 days ago

          Yea but that wasn’t the point of me pointing it out. The point was that they don’t need to resort to such measures in order to clandestinely acquire your unlocked phone.

          • NotMyOldRedditName@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            14 days ago

            Right, but they can’t just do it without reason which he was implying, and he replied to me with

            “Yea but that wasn’t the point of me pointing it out. The point was that they don’t need to resort to such measures in order to clandestinely acquire your unlocked phone.”

            In this case he was on parole where they have the right to search him. That mention of blood draw etc, you’re already under arrest and they can search your person anyway.

            I’m not aware of any law where a cop can walk up to you on the street and demand they unlock your phone with biometrics and search it without cause.

            • frozenspinach@lemmy.ml
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              12 days ago

              On re-reading that other guys comments, they just make no sense. You are right to draw your distinction, because this thread is being strangely vague on details and trying to encourage conspiratorial thinking without specifics.

              That said, I think the core concern can be rephrased in a way that gets at the essence, and to me there’s still a live issue that’s not relieved simply by noting that this requires probable cause.

              What’s necessary to establish probable cause in the United States has been dramatically watered down to the point that it’s a real time, discretionary judgment of a police officer, so in that respect it is not particularly reassuring. It can be challenged after the fact in court, but it’s nevertheless dramatically watered down as a protection. And secondly, I don’t think any of this hinges on probable cause to begin with, because this is about the slow creep normalization of surveillance which involves changes to what’s encompassed within probable cause itself. The fact that probable cause now encompasses this new capability to compel biometric login is chilling even when you account for probable cause.

              And moreover, I think there’s a bigger thematic point here about a slow encroach of surveillance in special cases that eventually become ubiquitous (the manhunt for the midtown shooter revealed that practically anyone in NYC is likely to have their face scanned, and it was a slow-creep process that got to that point), or allow the mixing and matching of capabilities in ways that clearly seem to violate privacy.

              Another related point, or perhaps different way of saying the same thing above, is that this should be understood as an escalation due to the precedent setting nature of it, which sets the stage for considering new contexts where, by analogy to this one, compelled biometric login can be regarded as precedented and extensions of the power are considered acceptable. Whatever the next context is where compelled biometric login is considered, it will at that point no longer be a new idea without precedent.

      • Virkkunen@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        15 days ago

        But you’re not handing your phone over, it stays in your hand and if there’s a QR code to scan they’ll scan it with the phone in your hand

    • nossaquesapao@lemmy.eco.br
      link
      fedilink
      arrow-up
      0
      ·
      15 days ago

      Isn’t it impressive that we in Brazil sometimes create the best and most simple solutions to problems, but no one will imitate us and will keep insisting in their problematic systems, because we are the third world and supposedly can’t get anything right? It’s sad when we end up replacing our own good things, because even we think we’re inferior in everything and can’t come up with a good solution for anything.

  • voracitude@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    15 days ago

    You’re absolutely right about the danger of giving up your phone, if the police wanted to take it from you. By sticking with traditional documents you remove any pretense they might have to try. It is not a stupid call, it’s just less convenient - but then, security is always a compromise with accessibility.

  • unskilled5117@feddit.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    15 days ago

    On iOS you can enable Guided Access and restrict what one can do, for example disable touch and lock it to an app, until you enter a Code. I imagine Android will have something similar.

    This obviously doesn’t protect against electronic forensics, but it does protect against just opening different apps and searching through the phone manually.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      15 days ago

      Yes, Android has app pinning. But they still have access to anything the app gives them.

      They can see my ID on the phone. But if they want to take it, then no, I don’t have that ID on me. But then, I live in the US where digital ID isn’t valid.

      • 1024_Kibibytes@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        15 days ago

        It is valid in some states. OP raises an excellent point. I live in the U.S. and have the digital ID on my phone, but I won’t be handling it to law enforcement. I’ll make sure I have the physical copy when I’m driving.

      • ifItWasUpToMe@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        15 days ago

        You can block off certain sections of the screen, or disable touch completely. If all the info they need is on the screen just make it so they can’t tap anything.

  • potatopotato@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    15 days ago

    To add to this, a lot of what keeps us safe is the friction of bureaucracy. Authoritarians cannot micromanage every decision you make or round up every person they want because those actions take time and resources that aren’t infinite. But you can reduce the time and resources required if you make identification more convenient and therefore enforcement more targeted. Maybe now they can justify making you present ID every time you pay cash at Starbucks, buy a backpack, get on a bus, use a bike share, watch hot snuff porn, you name it.

    • skarn@discuss.tchncs.de
      link
      fedilink
      arrow-up
      0
      ·
      15 days ago

      Every country in Europe that has vastly better privacy laws than the US, also already has national ID since forever.

      Now they even became electronic biometric IDs, and I still don’t need to show it whenever I buy a loaf of bread.

      Even if, why would anyone ever want to bother when they could just track your payment cards?

  • sovietknuckles [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    0
    ·
    15 days ago

    That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

    Do they actually take your phone when you present it to them for digital ID? They don’t scan it and bring up the same information on their scanner?

    • Shimitar@feddit.it
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      No they don’t, they just scan it and dont take the phone. But of course, they could.

  • themurphy@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    15 days ago

    They don’t need to take your phone with them. They literally can just scan the code, because it sends all the info to their screen, that they were gonna look up anyway.

    No way the government implemented an app for this use case. That’s extremely inefficient.

    I thought you actually tried, that they took your phone?

  • riodoro1@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    15 days ago

    We have that app and I never give my phone to anyone. Nobody asks me for it, not even the cops. They just note the details and take it with them.

    Oh, and the cops don’t care about your photos or messages when all you’ve done was exceed speed limit by 10km/h.

    • Maggoty@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      15 days ago

      In normal countries

      Police in the US have admitted that traffic stops are just a way to search people and find bigger charges. Cops like that are absolutely nosing around your phone.

        • haui@lemmy.giftedmc.com
          link
          fedilink
          arrow-up
          0
          ·
          15 days ago

          Germany in the meantime: „leftist extremism is threatening the democratic system“ [quote from the constitution protection agency] while fascist crimes outnumber them 5 to 1. All that while the EU keeps trying to sneak chatcontrol by us through the backdoor, again and again.

          I dont have that much hope for our world tbh.

          • skarn@discuss.tchncs.de
            link
            fedilink
            arrow-up
            0
            ·
            15 days ago

            TBF, Germany has been one of the countries often opposing Chatcontrol, so there’s at least that.

            Do you have a link for the 5:1 fash vs commie crimes? Not doubting, just want to read more.

      • jagged_circle@feddit.nl
        link
        fedilink
        English
        arrow-up
        0
        ·
        15 days ago

        In the US they need probable cause. Just leave your window rolled up and give them the finger when they knock. They’ll puff and shout, but eventually they’ll let you through. Be sure to film it and make it clear you’re filming

        • Maggoty@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          15 days ago

          They really won’t though. I’m going to believe the body cam footage of them breaking windows and hauling people out of cars over edited YouTube footage.

  • /home/pineapplelover@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    You can pin the app (android) or have it in guided access mode (ios). Although, yeah, I wouldn’t be surprised if there’s an exploit to get out and access memory it shouldn’t. Maybe if you install the govt spyware app in a different user profile (Android) then it will be restricted to that certain memory.

  • Avenging5@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    that’s odd. in south africa while we don’t have a digital license the physical ones do have a code. they scan the code and that’s it. they never take the license unless they asking for a bribe.