In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?”

“I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

  • krolden@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    Pit it on another phone that you keep in your car or another profile with nothing else on it

  • Anna@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    15 days ago

    If you are on android you can use screen pinning. That way phone won’t get locked and bother the police but they can’t switch to any other app without your password.

    But I don’t know how much I’ll trust an app by government. Maybe in Europe that app is Open source.

    • FierySpectre@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      For some reason that’s only a thing when navigation is set to buttons, when using gestures it’s not available. So yeah it’s a bit hard to go to settings, change the navigation mode, turn on pinning, pin the app and only then hand over the phone…

    • Dyskolos@lemmy.zip
      link
      fedilink
      arrow-up
      0
      ·
      15 days ago

      Wouldn’t trust a gov app in europe either. But then again i don’t trust any app and have them firewalled at least .

      • jagged_circle@feddit.nl
        link
        fedilink
        English
        arrow-up
        0
        ·
        15 days ago

        The EU covid app was released on fdroid. I would trust it if it was open source, audited by a third party, and finally made available on fdroid.

        • Dyskolos@lemmy.zip
          link
          fedilink
          arrow-up
          0
          ·
          14 days ago

          Ok this has some right for existence… Yet,just being oss isn’t always the point alone. Without checking the code myself I still just have to trust.

          • jagged_circle@feddit.nl
            link
            fedilink
            English
            arrow-up
            0
            ·
            14 days ago

            Fortunately fdroid does some checks. And the third party audit does some checks. Thats already a lot of others checking it.

  • UnderpantsWeevil@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    14 days ago

    That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

    Bare minimum, it would take a substantial amount of time and resources to harvest data from every phone of every driver passing through a particular checkpoint. Not that I’d ever recommend handing over my phone to a cop, but this kind of data transfer isn’t trivial. And its not clear what a street cop is going to do with 10 GB of accumulated vacation photos.

    On the flip side, if you have an Automatic Backup feature on your phone, its going to a cloud computer somewhere. And that cloud computer is almost certainly compromised by the state digital security agency (and probably a number of foreign security agencies). At that point, it doesn’t matter if you’ve got a physical id or a digital one, just knowing who you are is enough to tie you back to that digital archive.

    But… again, what is it that front-line state agents are planning to do with all this data? That’s never been made particularly clear.

  • shirro@aussie.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    15 days ago

    Digital licence is all I have used for about 7 years. Police here are careful never to reach for a phone as they can’t legally. You display the licence and give it a shake to animate it and they copy the number down in their notebook. If the police ever did illegally take a phone my force I would wipe it and replace it and lodge a complaint.

    They may have similar protections in Europe. People often post opinions on social media without checking facts. I get why on commercial social media where everything is rage bait. But i don’t know why people can’t take a few minutes to check local laws before posting here.

    • MutilationWave@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      Probably because I live in America but we don’t trust police to not do something just because they’re not supposed to. They do it all the time here.

  • Virkkunen@fedia.io
    link
    fedilink
    arrow-up
    0
    ·
    15 days ago

    In Brazil, the officer just uses their own phone to scan a validation QR on the ID app, at no point your phone leaves your hand and in a few seconds the officer has what they need. Shouldn’t this be the case in the EU? AFAIK the officers only take your physical ID to check the number, so if you’re using the app they shouldn’t need to confirm that as the info is already validated

    • atrielienz@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      15 days ago

      I believe EU also requires that you give up login credentials if they are biometric in nature. Meaning if you use a fingerprint reader or face unlock you are required to provide that to law enforcement when asked. So either way if they want your phone’s contents they can get it.

      • NotMyOldRedditName@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        15 days ago

        They need a warrant or probable cause for that, but yes they can compel it unlike a password. It’s still a search and needs to be lawfully done in the first place.

          • NotMyOldRedditName@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            14 days ago

            Right, but they can’t just do it without reason which he was implying, and he replied to me with

            “Yea but that wasn’t the point of me pointing it out. The point was that they don’t need to resort to such measures in order to clandestinely acquire your unlocked phone.”

            In this case he was on parole where they have the right to search him. That mention of blood draw etc, you’re already under arrest and they can search your person anyway.

            I’m not aware of any law where a cop can walk up to you on the street and demand they unlock your phone with biometrics and search it without cause.

            • frozenspinach@lemmy.ml
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              12 days ago

              On re-reading that other guys comments, they just make no sense. You are right to draw your distinction, because this thread is being strangely vague on details and trying to encourage conspiratorial thinking without specifics.

              That said, I think the core concern can be rephrased in a way that gets at the essence, and to me there’s still a live issue that’s not relieved simply by noting that this requires probable cause.

              What’s necessary to establish probable cause in the United States has been dramatically watered down to the point that it’s a real time, discretionary judgment of a police officer, so in that respect it is not particularly reassuring. It can be challenged after the fact in court, but it’s nevertheless dramatically watered down as a protection. And secondly, I don’t think any of this hinges on probable cause to begin with, because this is about the slow creep normalization of surveillance which involves changes to what’s encompassed within probable cause itself. The fact that probable cause now encompasses this new capability to compel biometric login is chilling even when you account for probable cause.

              And moreover, I think there’s a bigger thematic point here about a slow encroach of surveillance in special cases that eventually become ubiquitous (the manhunt for the midtown shooter revealed that practically anyone in NYC is likely to have their face scanned, and it was a slow-creep process that got to that point), or allow the mixing and matching of capabilities in ways that clearly seem to violate privacy.

              Another related point, or perhaps different way of saying the same thing above, is that this should be understood as an escalation due to the precedent setting nature of it, which sets the stage for considering new contexts where, by analogy to this one, compelled biometric login can be regarded as precedented and extensions of the power are considered acceptable. Whatever the next context is where compelled biometric login is considered, it will at that point no longer be a new idea without precedent.

        • atrielienz@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          14 days ago

          Yea but that wasn’t the point of me pointing it out. The point was that they don’t need to resort to such measures in order to clandestinely acquire your unlocked phone.

    • nossaquesapao@lemmy.eco.br
      link
      fedilink
      arrow-up
      0
      ·
      15 days ago

      Isn’t it impressive that we in Brazil sometimes create the best and most simple solutions to problems, but no one will imitate us and will keep insisting in their problematic systems, because we are the third world and supposedly can’t get anything right? It’s sad when we end up replacing our own good things, because even we think we’re inferior in everything and can’t come up with a good solution for anything.

      • Virkkunen@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        15 days ago

        But you’re not handing your phone over, it stays in your hand and if there’s a QR code to scan they’ll scan it with the phone in your hand

  • eleitl@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago
    1. Do not have a mobile device
    2. Do not install anything proprietary or governmental on that device you don’t have
    3. Use borderline secure (GrapheneOS) OS on that device you don’t have and don’t unlock it if demanded unless your health and/or life is in danger
  • MrSilkworm@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    15 days ago

    Hi, Your dedicated local Secret Service agent here.

    We don’t need your smartphone to access your data. We have surveillance equipment for that. That is why we can scan the qr code of your ID app and do the checks we need.

    If you want us not to track you, you need a degoogled smartphone and use cash exclusively. Also you could use a vpn while you browse the interwebs, but we ll still be, eventually, able to see where you browse.

    BTW we don’t stop randomly ppl on roadblocks. You or your car or your route or all of the above was of concern for us.

  • anti-idpol action@programming.dev
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    14 days ago

    Not a fan of those either, but Android offers something called app pinning (or at least GrapheneOS and probably also LineageOS iirc), basically something like retail mode where only one app is accessible and the rest of the device stays locked.

    • brian@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      your phone isn’t safe from anyone unless it’s been restarted since last unlocked, and is reasonably new. they have exploits for after it’s been unlocked incl while things are pinned

  • anti-idpol action@programming.dev
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    But they have one advantage: They are way easier to counterfeit. Meaning that with a few months of programming at most, if you ever find yourself on a run, you’ll be able to ID yourself on trains or buses or check in to hotels with fake personal info.

    • brian@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      you realize they’re more than just your picture on a screen, right? there’s a whole public key private key verification process that happens, which covers your photo and personal info, at least from what I understand of ISO 18013-5.

      if anything it should be almost impossible to make a fake mobile id, barring exploits in reader software or the govt leaking their private key.

      • anti-idpol action@programming.dev
        link
        fedilink
        arrow-up
        0
        ·
        14 days ago

        Yes I do. Therefore I would never use it in front of state authorities, but I doubt a hotel receptionist would make use of a pubkey cryptography.

        • brian@programming.dev
          link
          fedilink
          arrow-up
          0
          ·
          14 days ago

          you don’t think they’ll just use some app to verify it? my state’s mdl doesn’t even show any personal info other than name, if they want birthday they have to scan it

  • JoeKrogan@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    Either have a cheap second hand sim less phone just for that or carry the physical I’d or perhaps a copy of the physical id.

  • voracitude@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    15 days ago

    You’re absolutely right about the danger of giving up your phone, if the police wanted to take it from you. By sticking with traditional documents you remove any pretense they might have to try. It is not a stupid call, it’s just less convenient - but then, security is always a compromise with accessibility.

  • Shimitar@feddit.it
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    No, se facessero cosi basterebbe che tu toccassi il bottone di blocco mentre glielo passi… A ripetere fino alla nausea.

    No credo che la realtà sia differente: cosi ti invogliano ad avere l’app IO installata sul telefono… Semmai è quello il cavallo di troia.