Well, clearly if the state is allowing a digital state ID then encounters with law enforcement won’t be a worrry (as far as providing ID goes). And I bet that if states start issuing digital IDs than all those other examples will accept them, too. All those other examples already accept state issued ID, why wouldn’t they accept the same ID in a different form?
With a physical ID, there's a fairly high minimum level of sophistication required for someone to produce even a fairly compelling duplicate. With a Digital ID, a kid could literally screenshot a legit ID, use an image editor, and create a fake.
Well, sure, if a screen shot is all that’s required, but I doubt that’s the way it would work. Just like when I use Apple Pay it’s not just an image of a credit card that enables my payment.
What if: I download the app developed by my state or visit the RMV website and register/log in/whatever (keep in mind, in Massachusetts I have to renew my license every 5 years BUT I only have to go in to the RMV every 10 years, the middle time I can renew online). Once I’ve verified I am who I say I am (and clearly I want to because getting an ID of someone who doesn’t resemble me is pretty useless) I click on an “Add to Apple Wallet” button, like I can for concert or airline tickets. Now my digital ID is added to Wallet but behind the scenes there’s verification going on between my phone and the RMV. In order to view my ID I need to unlock the phone OR, like with Apple Pay, double click the side button, use Face ID to confirm my identity and then maybe swipe once move the credit card out of view and instead reveal my state ID, while keeping the phone locked.
It isn’t out of the realm of possibility that police could use NFC and the digital license use a token code just for an added level of verification.
I’m with you on the anti-state-by-state approach. There needs to be a good standard set that all the states can follow, similar to how our current licenses work.
By the way, I did chuckle a little at your comment that with a physical license there’s a fairly high minimum level of sophistication required to fake it. When my cousin was in college but below the legal drinking age she used to fake her way into bars all the time. She showed me how she did it (and she was shown by someone else). She had a NY license and at the time they were not laminated, it was basically just paper, the texture was similar to the paper they print money on but I think it was a little thicker (this was quite a long time ago so I don’t remember exactly). The background was sort of yellow and it turned out the color was very similar to the chalk teachers used in school (not the white chalk, ha ha). Using a light enough touch and being careful she was able to “adjust” her birth year. Again, I don’t remember exactly but I think she changed the “8” to a “3”.
Well, sure, if a screen shot is all that’s required, but I doubt that’s the way it would work. Just like when I use Apple Pay it’s not just an image of a credit card that enables my payment.
So, I've actually built exactly what you outlined ... and I'm also in MA and have a very legit looking Mass Digital Driver's License (I actually got let into a bar with it ... hehe).
My app + web service allow an end-user to scan the barcode of a physical ID and take a "selfie" (as much as I hate that word). The online service then uses AWS Rekognition to compare the face in an on-file photo (e.g., your RMV photo) against the "selfie" (it knows which photo to use as a comparison from an identifier in the barcode data). If there's a match, it returns a Digital ID you can "Add to Apple Wallet".
I agree 100% with you that the verifiable, machine-readable data should not be shown until after the ID is "unlocked" via biometrics (or PIN) ... much like Apple Pay.
As for NFC (I received Apple's permission to use NFC-enabled passes for my testing), it's actually very complicated. The biggest challenge is that Apple Wallet NFC data exchange requires bi-directional communication between the Apple Wallet "pass" and the reading terminal ... and the terminal needs to request data using a specific identifier. This wouldn't be an issue if one Digital ID company had a monopoly in the US (therefore allowing all readers to be programmed to ask for that one company's specific identifier), but that's extremely unlikely to happen ... but then how are readers setup to "request" from possibly 50 different identifiers?
My conclusion is that, while sexy, NFC for driver's licenses (in America, anyways) is probably a bridge too far. I think a QR code w/ a cryptographic digital signature (+ some other modifications to Apple Wallet) is the way to go.
Not a passport story but about Apple the iPhone and proof of identity. I brought my 6s for a battery replacement during the first year I owned it. An Apple store staff brought it out to me but would not give it too me unless I could show him government ID. I told him "why don't I use my finger to unlock the phone, wouldn't that prove it was mine?" I still had to provide a photo ID (you know like when you go to the grocery store...) My point Apple doesn't trust their own system as proof of identity why should they consider reinventing the passport.
Not a passport story but about Apple the iPhone and proof of identity. I brought my 6s for a battery replacement during the first year I owned it. An Apple store staff brought it out to me but would not give it too me unless I could show him government ID. I told him "why don't I use my finger to unlock the phone, wouldn't that prove it was mine?" I still had to provide a photo ID (you know like when you go to the grocery store...) My point Apple doesn't trust their own system as proof of identity why should they consider reinventing the passport.
Of course their system isn't good enough to function as a gov't ID right now… that's the whole point of this article!
My point Apple doesn't trust their own system as proof of identity why should they consider reinventing the passport.
You know you can add up to 5 fingers to TouchID, right? It also isn’t uncommon for people to add the fingerprint of, say, a spouse. (I don’t think that’s a good idea but people do it.) You never know what personal business is going on between two people, so asking for government issued photo ID to verify the name and face of the person who dropped off the phone seems more than reasonable.
Just because my finger could unlock my wife’s phone does not necessarily mean she wants me to have it.
So maybe I've missed something, but shouldn't this be as simple as signed data being available through passbook?
We already have everything we need to assert authenticity. We have an issuer of the credential (the govt) who signed whatever data, be it an image, bio data (hopefully to an open standard) or biographic information.
The only piece missing is the privacy aspect which apparently is what is addressed by the secure enclave?
There's already chip data on passports, it's not a big leap to think it could be hosted on a person's personal device, given the appropriate protections.
FWIW iOS is already certified in many jurisdictions for government applications so a lot of the pieces of the puzzle are already in place.
How about starting by replacing drivers licenses with something digital? My health insurance card is now digital. The only reason I still carry a wallet is for my drivers license.
Like the Passport, maybe even more so, having your driver license on your phone means you are in effect unlocking your phone and giving it to the police, and like the normal license, bringing it back to their car and they run it. But now they can just go through everything on your phone. After all you unlocked it and freely gave it to the police. No warrant needed now. Your privacy has just gone out the window. If you don't think the police wouldn't go through your phone looking for anything, you're fooling yourself.
You keep saying this unlocks your phone, but at least with ApplePay - and presumably an ID card system or passport system would work similarly - you do not need to unlock the phone to use ApplePay.
Or or it could be accessed similarly to how MedicalID work on iPhone today. Again, no device unlock required.
itjink your overall concern is valid , but given that two of the close equivalents do not expose users to that risk today - it’s a stretch to say it MUST do so in the future, if it’s extended to that
I see a problem with this idea. To view the passport, you will unlock your phone, breaking your security measures. You are forced to identify yourself with your phone and risking the phone being confiscated without a security measure. Further, don’t forget software and battery concerns, I will stick to the old fashion method on this one. No battery, no software, always works unless stolen.
Another problem with this idea is the new automated passport control kiosks at airports in Europe and here in the U.S. The one I used in Schiphol in Amsterdam a few days ago, the passport went inside the machine to scan it. This wouldn't work unless the kiosks are replaced or upgraded. I highly doubt countries will want to pay to have this feature. I prefer having a physical passport, especially since I like having the stamps from all the countries I've visited.
Except — I now use a digital boarding pass almost exclusively when I travel. Instead of investing in new equipment to accomodate that new technology, it would have been a lot cheaper to just to keep using the old equipment and systems in place. But now I can scan my phone. Eventually, they’ll need to invest in equipment that uses an NFC chip so passengers merely approach a kiosk and the data is read and confirmed without even removing the phone.
Also, your nostalgic need for stamps in your paper passport is not the governments problem. Many countries are giving up on archaic stamps and using electronic methods instead, which are much easier for tracking visitors. Australia doesn’t stamp anymore. Some EU countries actually charge people if they want a stamp! Much easier and cheaper to impart a visitors entire entry/exit/visa information in a single burst of data connected to a national database, than a stamp which conveys little information.
I see a problem with this idea. To view the passport, you will unlock your phone, breaking your security measures. You are forced to identify yourself with your phone and risking the phone being confiscated without a security measure. Further, don’t forget software and battery concerns, I will stick to the old fashion method on this one. No battery, no software, always works unless stolen.
Usually people don't carry their passport on a day to day basis, so the chances of losing it or having it stolen is small. OTOH phones are now carried almost 24/7 and constantly unlocked so the chance of something happening to, including the content is relatively high. I doubt authorities would want the passport being backed up to iCloud or other backup services for restore, so when a phone is lost, stolen or sold, there is bureaucracy to get a new passport onto the phone again.
Depending on destination and airline, passports can be collected on boarding the plane, and the crew will do document control in-flight, only to return the passport before landing.
Likewise, in some countries and destinations you have to deliver your passport when checking in to a hotel, only to be returned on checkout.
If visiting another country, the police or immigration authorities may confiscate your passport to prevent you leaving the country in certain situations. Likewise a citizen's passport may be confiscated to prevent (or make it harder for) the citizen to leave the country. In both cases it may not be desirable to confiscate the phone, and countries usually will not revoke the passport of a citizen when abroad (that only happens to people like Snowden...)
1) a method will have to be implemented and approved by governments to ensure their concerns are met. In the long run, replacing a digital passport would solve a lot of problems for governments, and a lot of incentive to do so. A digital passport would be a convenience anyway, allowing the physical passport to be stored safely during the entire trip.
2) airlines will be able to do this much more efficiently by simply scanning the digital signature of the passport output by the phone. I can’t even pay with cash on an airplanes anymore.
3) I have to keep track of the various rules and regulations of every country already. Again the digital passport is not a replacement for the physical one, but a convenience which allows the physical passport to be stored safely. If a hotel has it in their safe, I know it’s safe, while still having the use of it as needed in places which might result in it being stolen..
4) with a digital passport, there’s no need to confiscate anything. The country in question merely inputs a flag into their database, and attempting to use the passport to leave the country, digital or otherwise is thwarted. For those countries who are not online with digital passports, you’ll still have a physical copy — probably being held by the hotel of that country anyway!
Comments
What if: I download the app developed by my state or visit the RMV website and register/log in/whatever (keep in mind, in Massachusetts I have to renew my license every 5 years BUT I only have to go in to the RMV every 10 years, the middle time I can renew online). Once I’ve verified I am who I say I am (and clearly I want to because getting an ID of someone who doesn’t resemble me is pretty useless) I click on an “Add to Apple Wallet” button, like I can for concert or airline tickets. Now my digital ID is added to Wallet but behind the scenes there’s verification going on between my phone and the RMV. In order to view my ID I need to unlock the phone OR, like with Apple Pay, double click the side button, use Face ID to confirm my identity and then maybe swipe once move the credit card out of view and instead reveal my state ID, while keeping the phone locked.
It isn’t out of the realm of possibility that police could use NFC and the digital license use a token code just for an added level of verification.
I’m with you on the anti-state-by-state approach. There needs to be a good standard set that all the states can follow, similar to how our current licenses work.
By the way, I did chuckle a little at your comment that with a physical license there’s a fairly high minimum level of sophistication required to fake it. When my cousin was in college but below the legal drinking age she used to fake her way into bars all the time. She showed me how she did it (and she was shown by someone else). She had a NY license and at the time they were not laminated, it was basically just paper, the texture was similar to the paper they print money on but I think it was a little thicker (this was quite a long time ago so I don’t remember exactly). The background was sort of yellow and it turned out the color was very similar to the chalk teachers used in school (not the white chalk, ha ha). Using a light enough touch and being careful she was able to “adjust” her birth year. Again, I don’t remember exactly but I think she changed the “8” to a “3”.
My app + web service allow an end-user to scan the barcode of a physical ID and take a "selfie" (as much as I hate that word). The online service then uses AWS Rekognition to compare the face in an on-file photo (e.g., your RMV photo) against the "selfie" (it knows which photo to use as a comparison from an identifier in the barcode data). If there's a match, it returns a Digital ID you can "Add to Apple Wallet".
I agree 100% with you that the verifiable, machine-readable data should not be shown until after the ID is "unlocked" via biometrics (or PIN) ... much like Apple Pay.
As for NFC (I received Apple's permission to use NFC-enabled passes for my testing), it's actually very complicated. The biggest challenge is that Apple Wallet NFC data exchange requires bi-directional communication between the Apple Wallet "pass" and the reading terminal ... and the terminal needs to request data using a specific identifier. This wouldn't be an issue if one Digital ID company had a monopoly in the US (therefore allowing all readers to be programmed to ask for that one company's specific identifier), but that's extremely unlikely to happen ... but then how are readers setup to "request" from possibly 50 different identifiers?
My conclusion is that, while sexy, NFC for driver's licenses (in America, anyways) is probably a bridge too far. I think a QR code w/ a cryptographic digital signature (+ some other modifications to Apple Wallet) is the way to go.
Just because my finger could unlock my wife’s phone does not necessarily mean she wants me to have it.
Yes. For as long as I can remember. I started international (and overseas) travel before I was 5 years old.
Why exclude Canada? A passport is still required.
We already have everything we need to assert authenticity. We have an issuer of the credential (the govt) who signed whatever data, be it an image, bio data (hopefully to an open standard) or biographic information.
The only piece missing is the privacy aspect which apparently is what is addressed by the secure enclave?
There's already chip data on passports, it's not a big leap to think it could be hosted on a person's personal device, given the appropriate protections.
Or or it could be accessed similarly to how MedicalID work on iPhone today. Again, no device unlock required.
itjink your overall concern is valid , but given that two of the close equivalents do not expose users to that risk today - it’s a stretch to say it MUST do so in the future, if it’s extended to that
Also, your nostalgic need for stamps in your paper passport is not the governments problem. Many countries are giving up on archaic stamps and using electronic methods instead, which are much easier for tracking visitors. Australia doesn’t stamp anymore. Some EU countries actually charge people if they want a stamp! Much easier and cheaper to impart a visitors entire entry/exit/visa information in a single burst of data connected to a national database, than a stamp which conveys little information.
1) a method will have to be implemented and approved by governments to ensure their concerns are met. In the long run, replacing a digital passport would solve a lot of problems for governments, and a lot of incentive to do so. A digital passport would be a convenience anyway, allowing the physical passport to be stored safely during the entire trip.
2) airlines will be able to do this much more efficiently by simply scanning the digital signature of the passport output by the phone. I can’t even pay with cash on an airplanes anymore.
3) I have to keep track of the various rules and regulations of every country already. Again the digital passport is not a replacement for the physical one, but a convenience which allows the physical passport to be stored safely. If a hotel has it in their safe, I know it’s safe, while still having the use of it as needed in places which might result in it being stolen..
4) with a digital passport, there’s no need to confiscate anything. The country in question merely inputs a flag into their database, and attempting to use the passport to leave the country, digital or otherwise is thwarted. For those countries who are not online with digital passports, you’ll still have a physical copy — probably being held by the hotel of that country anyway!