In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?”

“I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

  • HiddenLayer555@lemmy.ml
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    9
    ·
    18 days ago

    There’s a good chance they have a Cellebrite in their car and will copy your entire phone’s storage over.

    • bokherif@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      17 days ago

      Forensic acquisition tools like Cellebrite take hours to clone storage. Not saying they wouldn’t do it, just saying that legitimate acquisition that can be used against you has to be collected in a very certain way for it to be proof.

      • HiddenLayer555@lemmy.ml
        link
        fedilink
        English
        arrow-up
        18
        arrow-down
        2
        ·
        edit-2
        18 days ago

        Yeah because the police using a commercially available and ridiculously cheap device to copy data from your phone is totally unbelievable. I must be the crazy one.

        News flash, they’re not FBI tier ultra classified tools anymore, you can find them on eBay for less than $1000. There’s a good chance that’s cheaper than the phone you have right now. You think a police department who is already intent on scrolling through your phone while “checking your ID” wouldn’t just put one in every cruiser?

        • Miaou@jlai.lu
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          edit-2
          18 days ago

          You think a government can ask a couple of dozen thousand, barely literate goons to do something like this without the word getting out within a week?

  • eleitl@lemm.ee
    link
    fedilink
    arrow-up
    8
    ·
    17 days ago
    1. Do not have a mobile device
    2. Do not install anything proprietary or governmental on that device you don’t have
    3. Use borderline secure (GrapheneOS) OS on that device you don’t have and don’t unlock it if demanded unless your health and/or life is in danger
  • Anna@lemmy.ml
    link
    fedilink
    arrow-up
    22
    ·
    19 days ago

    If you are on android you can use screen pinning. That way phone won’t get locked and bother the police but they can’t switch to any other app without your password.

    But I don’t know how much I’ll trust an app by government. Maybe in Europe that app is Open source.

    • Dyskolos@lemmy.zip
      link
      fedilink
      arrow-up
      9
      ·
      18 days ago

      Wouldn’t trust a gov app in europe either. But then again i don’t trust any app and have them firewalled at least .

      • jagged_circle@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        ·
        18 days ago

        The EU covid app was released on fdroid. I would trust it if it was open source, audited by a third party, and finally made available on fdroid.

        • Dyskolos@lemmy.zip
          link
          fedilink
          arrow-up
          1
          ·
          18 days ago

          Ok this has some right for existence… Yet,just being oss isn’t always the point alone. Without checking the code myself I still just have to trust.

          • jagged_circle@feddit.nl
            link
            fedilink
            English
            arrow-up
            1
            ·
            18 days ago

            Fortunately fdroid does some checks. And the third party audit does some checks. Thats already a lot of others checking it.

            • Dyskolos@lemmy.zip
              link
              fedilink
              arrow-up
              1
              ·
              17 days ago

              Sure, but it’s still just trusting others. Ok,maybe it’s just my paranoia speaking…

    • FierySpectre@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      17 days ago

      For some reason that’s only a thing when navigation is set to buttons, when using gestures it’s not available. So yeah it’s a bit hard to go to settings, change the navigation mode, turn on pinning, pin the app and only then hand over the phone…

  • themurphy@lemmy.ml
    link
    fedilink
    arrow-up
    40
    arrow-down
    2
    ·
    19 days ago

    They don’t need to take your phone with them. They literally can just scan the code, because it sends all the info to their screen, that they were gonna look up anyway.

    No way the government implemented an app for this use case. That’s extremely inefficient.

    I thought you actually tried, that they took your phone?

  • UnderpantsWeevil@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    17 days ago

    That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

    Bare minimum, it would take a substantial amount of time and resources to harvest data from every phone of every driver passing through a particular checkpoint. Not that I’d ever recommend handing over my phone to a cop, but this kind of data transfer isn’t trivial. And its not clear what a street cop is going to do with 10 GB of accumulated vacation photos.

    On the flip side, if you have an Automatic Backup feature on your phone, its going to a cloud computer somewhere. And that cloud computer is almost certainly compromised by the state digital security agency (and probably a number of foreign security agencies). At that point, it doesn’t matter if you’ve got a physical id or a digital one, just knowing who you are is enough to tie you back to that digital archive.

    But… again, what is it that front-line state agents are planning to do with all this data? That’s never been made particularly clear.

    • Moonrise2473@feddit.itOP
      link
      fedilink
      arrow-up
      1
      ·
      16 days ago

      it’s more like searching messages for some keywords, then use the result to justify a full car search

  • Shimitar@feddit.it
    link
    fedilink
    arrow-up
    1
    arrow-down
    2
    ·
    18 days ago

    No, se facessero cosi basterebbe che tu toccassi il bottone di blocco mentre glielo passi… A ripetere fino alla nausea.

    No credo che la realtà sia differente: cosi ti invogliano ad avere l’app IO installata sul telefono… Semmai è quello il cavallo di troia.

  • krolden@lemmy.ml
    link
    fedilink
    arrow-up
    10
    ·
    18 days ago

    Pit it on another phone that you keep in your car or another profile with nothing else on it

    • Moonrise2473@feddit.itOP
      link
      fedilink
      arrow-up
      1
      ·
      16 days ago

      and they accept that as a valid id? I mean in a store ok, but a public official? It’s incredibly easy to make a fake screenshot

      the digital version of id cards are glorified qr codes: they scan it and their device downloads from the government servers the official version. Or, for offline usage: the qr code contains all the data, signed with their key, they check if the signature is valid

  • Tattorack@lemmy.world
    link
    fedilink
    arrow-up
    117
    arrow-down
    3
    ·
    19 days ago

    Pretty sure they’re not supposed to take your phone. The point of a digital document is that you don’t have to hand in anything. Scan the QR code and they can run as many background checks on the data they want. You’ll still have your phone.

    • unexposedhazard@discuss.tchncs.de
      link
      fedilink
      arrow-up
      101
      arrow-down
      1
      ·
      19 days ago

      Not supposed to != wont. Police regularily do things that they arent supposed to and as long as people naively consent by giving their phone they can get away with whatever they want i would think.

        • WereHacker@lemmy.ml
          link
          fedilink
          arrow-up
          33
          arrow-down
          2
          ·
          18 days ago

          In my country you cant Sue, only complain. But you complain to the instance you complain about. Eg police is handling complaints about the police. Besides that. For most people sueing isnt something you just do

          • JubilantJaguar@lemmy.world
            link
            fedilink
            arrow-up
            19
            arrow-down
            7
            ·
            18 days ago

            Of course you can. You said you live in Europe.

            Unless you live in Russia or the Vatican, that means your country has signed the European Convention on Human Rights, of which article 8 commits it to respecting your privacy.

            So, sure, you’re not going to bother suing. It’s not that important to you. But let’s go easy on the helplessness of “In my country you can’t do that”. Yes. You can do it.

            • frozenspinach@lemmy.ml
              link
              fedilink
              English
              arrow-up
              2
              ·
              15 days ago

              Wonder why you are getting downvoted as this is a perfectly legitimate point. Are they just not in Europe or something?

              Or who knows, they really could be in the Vativan, stranger things have happened. But I don’t know why they would mention those circumstances without qualification that they are special circumstances. Kind of burying the lede there.