403
submitted 10 months ago by Moonrise2473@feddit.it to c/privacy@lemmy.ml

In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it's valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought "wow this is so convenient I won't need to take the wallet with me anymore". I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn't want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say "wait I pin the app with a lock so you can't see the content?"

"I have nothing to hide" but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

top 50 comments
sorted by: hot top controversial new old
[-] Virkkunen@fedia.io 69 points 10 months ago

In Brazil, the officer just uses their own phone to scan a validation QR on the ID app, at no point your phone leaves your hand and in a few seconds the officer has what they need. Shouldn't this be the case in the EU? AFAIK the officers only take your physical ID to check the number, so if you're using the app they shouldn't need to confirm that as the info is already validated

[-] nossaquesapao@lemmy.eco.br 30 points 10 months ago

Isn't it impressive that we in Brazil sometimes create the best and most simple solutions to problems, but no one will imitate us and will keep insisting in their problematic systems, because we are the third world and supposedly can't get anything right? It's sad when we end up replacing our own good things, because even we think we're inferior in everything and can't come up with a good solution for anything.

[-] Virkkunen@fedia.io 11 points 10 months ago

Say what you will about the country, but gov.br and PIX put everything else to shame and no one even came close to something like that

load more comments (3 replies)
load more comments (1 replies)
load more comments (10 replies)
[-] moreeni@lemm.ee 53 points 10 months ago* (last edited 10 months ago)

They went as far here in Ukraine as making some services exclusive to those who have the app. The official government app for digital documents and services, Diia, also has stupid integrity check, which makes it unable to be installed from Aurora Store, which makes me cut out from such services, because I don't have Google Services installed. By the way, there are Google trackers in the app.

load more comments (1 replies)
[-] MangoPenguin 49 points 10 months ago

Yup, if you hand them your unlocked phone they can look through it.

[-] themurphy@lemmy.ml 39 points 10 months ago

They don't need to take your phone with them. They literally can just scan the code, because it sends all the info to their screen, that they were gonna look up anyway.

No way the government implemented an app for this use case. That's extremely inefficient.

I thought you actually tried, that they took your phone?

[-] subtext@lemmy.world 7 points 10 months ago

Illinois at least passed a law to limit the consent given when using a digital ID with a police officer such that they’re ONLY allowed to use it for ID and not snooping, but that’s the only state to do so.

https://www.eff.org/deeplinks/2024/10/should-i-use-my-states-digital-drivers-license

load more comments (1 replies)
load more comments (2 replies)
[-] unskilled5117@feddit.org 29 points 10 months ago

On iOS you can enable Guided Access and restrict what one can do, for example disable touch and lock it to an app, until you enter a Code. I imagine Android will have something similar.

This obviously doesn’t protect against electronic forensics, but it does protect against just opening different apps and searching through the phone manually.

[-] catloaf@lemm.ee 14 points 10 months ago

Yes, Android has app pinning. But they still have access to anything the app gives them.

They can see my ID on the phone. But if they want to take it, then no, I don't have that ID on me. But then, I live in the US where digital ID isn't valid.

[-] 1024_Kibibytes@lemm.ee 12 points 10 months ago

It is valid in some states. OP raises an excellent point. I live in the U.S. and have the digital ID on my phone, but I won't be handling it to law enforcement. I'll make sure I have the physical copy when I'm driving.

load more comments (1 replies)
[-] MrSilkworm@lemmy.world 28 points 10 months ago

Hi, Your dedicated local Secret Service agent here.

We don't need your smartphone to access your data. We have surveillance equipment for that. That is why we can scan the qr code of your ID app and do the checks we need.

If you want us not to track you, you need a degoogled smartphone and use cash exclusively. Also you could use a vpn while you browse the interwebs, but we ll still be, eventually, able to see where you browse.

BTW we don't stop randomly ppl on roadblocks. You or your car or your route or all of the above was of concern for us.

[-] thedeadwalking4242@lemmy.world 13 points 10 months ago

They aren’t from the USA

[-] MyNameIsIgglePiggle@sh.itjust.works 26 points 10 months ago

Why is nobody mentioning that by installing it and authenticating, there is sweet fuck all you can do to stop them tracking your movements and downloading your whole address book so they can see who you Associate with?

Taking the phone isn't the problem if they are already in it.

[-] Boomkop3@reddthat.com 16 points 10 months ago

You have to explicitly allow that, at least on android. However, most people hit allow and don't think anyways :/

[-] stetech@lemmy.world 4 points 10 months ago

iOS too. Permissions can even be given only while the app is active if it “requires” them, or for location for example an approximate one is sufficient.

load more comments (1 replies)
[-] EarJava@lemmy.world 7 points 10 months ago

In most phones it is possible to set permissions (to contacts, locaton, etc) for every app.

load more comments (3 replies)
[-] shirro@aussie.zone 25 points 10 months ago* (last edited 10 months ago)

Digital licence is all I have used for about 7 years. Police here are careful never to reach for a phone as they can't legally. You display the licence and give it a shake to animate it and they copy the number down in their notebook. If the police ever did illegally take a phone I would wipe it and replace it and lodge a complaint.

They may have similar protections in Europe. People often post opinions on social media without checking facts. I get why on commercial social media where everything is rage bait. But i don't know why people can't take a few minutes to check local laws before posting here.

load more comments (1 replies)
[-] voracitude@lemmy.world 20 points 10 months ago

You're absolutely right about the danger of giving up your phone, if the police wanted to take it from you. By sticking with traditional documents you remove any pretense they might have to try. It is not a stupid call, it's just less convenient - but then, security is always a compromise with accessibility.

[-] AnnaFrankfurter@lemmy.ml 18 points 10 months ago

If you are on android you can use screen pinning. That way phone won't get locked and bother the police but they can't switch to any other app without your password.

But I don't know how much I'll trust an app by government. Maybe in Europe that app is Open source.

load more comments (3 replies)
[-] transientpunk@sh.itjust.works 17 points 10 months ago

I just double checked on my phone, on Android you can pin the current app, that limits access for the user to only that app. Unpinning requires you to essentially unlock the phone again. I wouldn't hand my phone to a pig either, but if I pinned the app, it would be secure enough for a traffic stop.

[-] dependencyinjection@discuss.tchncs.de 11 points 10 months ago* (last edited 10 months ago)

For people with iPhone you can do this too.

Go to settings and pull down with your finger to get the search box to appear, then search for “Guided” and click “Guided access”.

Enable this setting as well as toggling “Accessibility shortcut”. Now you can open an app and triple click the lock button and select guided access.

Then on this screen you can press start in the top right or options in the bottom left to refine the controls, for instance:

  • Side button
  • Volume controls
  • Motion
  • Software keyboards
  • Touch
  • Time limits

Now the phone is locked in that app and to come out of it requires the passcode.

load more comments (2 replies)
load more comments (1 replies)
[-] barcaxavi@lemmy.world 15 points 10 months ago

As others already stated there are solutions already to pin apps and to be honest, I feel I would not give the phone to a policeman like that.

On the other hand, what I'm more concerned about is giving the access to my phone's data through different permissions to my government.

For example this is the list of permissions for the Hungarian government app: https://reports.exodus-privacy.eu.org/en/reports/hu.gov.dap.app/latest/#trackers

[-] HiddenLayer555@lemmy.ml 14 points 10 months ago

There's a good chance they have a Cellebrite in their car and will copy your entire phone's storage over.

[-] Boomkop3@reddthat.com 12 points 10 months ago

And you'll get a tinfoil hat as a reward

[-] HiddenLayer555@lemmy.ml 14 points 10 months ago* (last edited 10 months ago)

Yeah because the police using a commercially available and ridiculously cheap device to copy data from your phone is totally unbelievable. I must be the crazy one.

News flash, they're not FBI tier ultra classified tools anymore, you can find them on eBay for less than $1000. There's a good chance that's cheaper than the phone you have right now. You think a police department who is already intent on scrolling through your phone while "checking your ID" wouldn't just put one in every cruiser?

load more comments (2 replies)
[-] bokherif@lemmy.world 5 points 10 months ago

Forensic acquisition tools like Cellebrite take hours to clone storage. Not saying they wouldn't do it, just saying that legitimate acquisition that can be used against you has to be collected in a very certain way for it to be proof.

[-] DieserTypMatthias@lemmy.ml 13 points 10 months ago

Nah, I'll just carry my ID card around.

[-] Greyghoster@aussie.zone 12 points 10 months ago

Not in Australia where it is illegal for the police to touch your phone.

[-] brisk@aussie.zone 4 points 10 months ago* (last edited 10 months ago)

They can compel you to reveal your password ~~without a warrant~~ but can't touch your phone? Is that a state law?

[-] UnderpantsWeevil@lemmy.world 9 points 10 months ago

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

Bare minimum, it would take a substantial amount of time and resources to harvest data from every phone of every driver passing through a particular checkpoint. Not that I'd ever recommend handing over my phone to a cop, but this kind of data transfer isn't trivial. And its not clear what a street cop is going to do with 10 GB of accumulated vacation photos.

On the flip side, if you have an Automatic Backup feature on your phone, its going to a cloud computer somewhere. And that cloud computer is almost certainly compromised by the state digital security agency (and probably a number of foreign security agencies). At that point, it doesn't matter if you've got a physical id or a digital one, just knowing who you are is enough to tie you back to that digital archive.

But... again, what is it that front-line state agents are planning to do with all this data? That's never been made particularly clear.

load more comments (1 replies)
[-] riodoro1@lemmy.world 8 points 10 months ago

We have that app and I never give my phone to anyone. Nobody asks me for it, not even the cops. They just note the details and take it with them.

Oh, and the cops don’t care about your photos or messages when all you’ve done was exceed speed limit by 10km/h.

[-] Maggoty@lemmy.world 8 points 10 months ago

In normal countries

Police in the US have admitted that traffic stops are just a way to search people and find bigger charges. Cops like that are absolutely nosing around your phone.

[-] riodoro1@lemmy.world 9 points 10 months ago

Lets not bring that capitalist dystopia to a discussion about functional countries.

[-] haui_lemmy@lemmy.giftedmc.com 8 points 10 months ago

Germany in the meantime: „leftist extremism is threatening the democratic system“ [quote from the constitution protection agency] while fascist crimes outnumber them 5 to 1. All that while the EU keeps trying to sneak chatcontrol by us through the backdoor, again and again.

I dont have that much hope for our world tbh.

load more comments (2 replies)
load more comments (2 replies)
[-] eleitl@lemm.ee 8 points 10 months ago
  1. Do not have a mobile device
  2. Do not install anything proprietary or governmental on that device you don't have
  3. Use borderline secure (GrapheneOS) OS on that device you don't have and don't unlock it if demanded unless your health and/or life is in danger
[-] krolden@lemmy.ml 7 points 10 months ago

Pit it on another phone that you keep in your car or another profile with nothing else on it

[-] gazter@aussie.zone 5 points 10 months ago

That sounds like carrying an ID card with extra steps.

load more comments (5 replies)
[-] potatopotato@sh.itjust.works 7 points 10 months ago* (last edited 10 months ago)

To add to this, a lot of what keeps us safe is the friction of bureaucracy. Authoritarians cannot micromanage every decision you make or round up every person they want because those actions take time and resources that aren't infinite. But you can reduce the time and resources required if you make identification more convenient and therefore enforcement more targeted. Maybe now they can justify making you present ID every time you pay cash at Starbucks, buy a backpack, get on a bus, use a bike share, watch hot snuff porn, you name it.

load more comments (1 replies)
[-] Avenging5@sh.itjust.works 6 points 10 months ago

that's odd. in south africa while we don't have a digital license the physical ones do have a code. they scan the code and that's it. they never take the license unless they asking for a bribe.

load more comments
view more: next ›
this post was submitted on 08 Dec 2024
403 points (100.0% liked)

Privacy

42736 readers
1044 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS