California DMV Digital ID Pilot Program
dmv.ca.govThe Estonian e-ID system and Qualified Electronic Signature in the EU are good ideas. The government issues you a signed identity. You can use that signed identity to counter-sign challenges in places you'd otherwise (in the US) need to use a Social Security Number and a convoluted private market identity-verification system (for example, the stupid "were you associated with this address 4.5 years ago" things). Like opening a bank account, insurance, paying medical bills, taxes, etc.
Replacing driver's licenses with QR codes for physical interactions, on the other hand, doesn't seem to solve for much. We have a similar system in Colorado and I've never found any value in it; bars and liquor stores are under no obligation to accept it, so they don't.
> Then simply share your TruAge QR code at checkout at select retail locations in Sacramento to safely and securely verify your age, while protecting your privacy.
Right now, bars/clubs will scan my ID and have all my information (name, birthdate, etc). They don't need that. all they need is a yes/no that I'm over 21.
Many bars, clubs, concerts and festivals scan your ID's barcode on the back and both store the data and retrieve data from a threat database. It's actually surprising more don't as the technology is in all of our pockets.
Not saying I agree with it but in many cases we're beyond the binary check.
This says mDL. The QR code is at most a cryptographically signed attestation of relevant attributes (eg age, name, etc). Not sure if this made it in, but originally the ISO group had been talking about also signing >18/>21 of sharing the actual birthday for things like restricted sales. I don’t recall discussing QR codes as it was supposed to be NFC but maybe that changed (don’t see a mention of QR codes on the site). Having a dedicated app always struck me as the wrong experience but I think that’ll get sorted and Apple and Google should integrate it into their wallets.
We’re quite close as a society to not needing a wallet at all and instead it’s sufficient to have your phone or smart watch with you. Modern iPhones conceivably can even have a dead battery and still provide your ID information.
Btw this is an ISO standard that has good participation from relevant regulatory bodies for some of the largest countries so this will be the standard everyone adopts.
This implementation is QR code based, which ruins a lot of the value in terms of low-battery use and makes standardization and acceptance difficult.
Anyway, for anything to work in the US, there needs to be an incentive for businesses to use this system, and right now, there isn't one for point-of-sale driver's license use, in my opinion. It's technology (perceived as unreliable, slow, expensive) that can break, vs. looking at an ID, which isn't without its faults but is a simple system everyone understands.
If there were a really fast, simple, cheap, readily available system for age verification which was pushed to bars, I could see this system catching on, but "limited private pilot programs" aren't it.
And that's pretty much my point - starting with places where technology is already required (banking etc.) makes more sense in many ways than starting with driver's license replacement. The issue here is that the horribly broken identity system in the US is Federal (Social Security) while these electronic systems are State.
I think that’s because the standard (iso 18013-5) allows for NFC & QR codes which makes sense and because they couldn’t do it over NFC for the iOS app so they likely just chose something they could provide a consistent experience for. It wouldn’t surprise me if the app is even built largely starting with the sample reference code[1].
BTW likely the reason QR codes were part of the standard in the first place was because at the time Apple wasn’t involved and their APIs were (& remain?) locked down so that a third party wouldn’t be able to implement the standard. Apple did join later & have integrated support for the standard into their wallet so I imagine California will be added to their list of states sooner rather than later. Many countries in Europe have a strong federal motor vehicle authority so rolling out these IDs is faster nationally whereas in the US & Canada it’s a patchwork of states/provinces that cooperate under AAMVA & rollouts happen piecemeal on each state’s timeline (to be fair, US & Canada are quite large and historically each state develops their own infrastructure which means you have to replicate updating the infrastructure & it’s usually done by contractors under very lucrative contracts).
Keep in mind there are US states that already integrate with Apple wallet via NFC and whatnot and MDL is a shorthand name for the standard & nobody is going to implement anything other than the standard (that’s why AAMVA, RDW, DVLA & other relevant government bodies had representatives involved with and engaged with the standard / running the standard body)
[1] IIRC the sample app was built by the folks at the UDL as a PoC for the ISO group. Funded by the good folks at RDW which also allowed it to be open-sourced and shared freely. The Netherlands government’s approach to tech is a hidden gem into how to structure policy around tech (I think Estonia is also well regarded because of their adoption of cryptographic ID cards so early).
Now imagine they are under obligation to accept it, and you can get to the point where you can leave your wallet at home. With car keys being Bluetooth, I now don’t carry keys in my pocket. To not carry a wallet to drive to the grocery store either would be a joy. I like a physical lightness.
Yes, this idea would be interesting if acceptance were mandated, but I'm not aware of any movement in that direction in any state. Mandating this kind of system would be massively fraught with political and legal peril in the US and is likely impossible.
With the way the US works, there needs to be an incentive for businesses to use these systems, and I haven't seen an implementation with this focus yet.
Bars would probably like to spend less resource teaching their bouncers and staff to read fake ID tea leaves, but they also can't afford a system that breaks, or is slow or expensive. On paper, these systems should allow for fast, reliable offline verification with a good scanning device. States could partner with someone to make cheap, reliable, phone/tablet-attached scanning devices available widely off the shelf, rather than running "private pilot programs" that fizzle out, or handwaving.
Since mDL is an ISO standard, maybe there's room for someone to make a cheap mDL reader system for bars and restaurants, even if state programs seem overly shortsighted in funding this kind of development.
I’m thoroughly confused by your first paragraph. It seems like it would be basically trivial to mandate acceptance of a digital ID system, at least within one of our 50 laboratories of democracy.
Step 1: State adopts digital ID system and mandates that subdivisions and political units of the state are required to accept it for identification purposes in their interactions with the public. Step 2: Step 1 is extended to private actors.
What am I missing? I realize I’m completely handwaving away the details of implementation, as well as assuming that there’s at least one state that would make the political choice to accept a slightly higher baseline of ID misuse compared to a system that verifies that the instrument matches the bearer 99.99999% of the time, but conceptually it seems pretty straightforward. At the bottom of the digital ID, just put 8 pt letters reading “This digital ID constitutes legal identification of the person to which it has been issued for all purposes, public and private.” Boom, done.
I also don’t think there necessarily needs to be an incentive for businesses to invest in expensive card reader systems that phone home to a database and authenticate the QR displayed on the device. Instead, just change the law against selling liquor to kids saying that a good faith effort to validate the authenticity of state issued digital ID is a defense to prosecution under that law. In my state, at least, this is basically how it works now with physical ID cards.
Now, if you’re talking about an ID system operating at the federal and state level simultaneously or across state lines, another poster mentioned the still-not-fully-implemented 2005 Real ID Act and is a fair comment on the difficulties that would exist in coming up with a framework that would work on a many-to-many basis for every purpose for which each type of state ID documents is used.
Or if you’re unwilling to accept the shortcomings of the existing ID card regime (older siblings? doppelgängers?), then sure, you can come up with system requirements that try to eliminate every edge case that exists, and you can have an expensive and administratively burdensome physical AND digital ID system.
But otherwise, I think it would be conceptually pretty simple for a state to create a widely used digital ID ecosystem within that state.
> 2: Step 1 is extended to private actors.
This the part which I believe would be extremely difficult to do by mandate given the current US social and political climate, which is why I think there needs to be some form of market incentive for these private actors.
> I also don’t think there necessarily needs to be an incentive for businesses to invest in expensive card reader systems that phone home to a database and authenticate the QR displayed on the device.
Thankfully nothing needs to phone home anyway, and there is no accessible database. It's all PKI based - the device attests certain facts and the reader verifies these attestations. A reasonably effective system which (for example) corner liquor store owners are going to want needs to exist to perform validation, though.
> Instead, just change the law against selling liquor to kids saying that a good faith effort to validate the authenticity of state issued digital ID is a defense to prosecution under that law. In my state, at least, this is basically how it works now with physical ID cards.
This would be the kind of incentive that I think would help a lot - if! a "good faith" effort to verify a digital ID were easier than a physical one. If using the digital system helps protect liquor vendors from liability and/or police sting operations, that's a huge incentive to use the system.
As to step 2, agreed - obviously we’re currently living in a world where stuff that seemed well within government’s remit since the ‘30s or so is now randomly determined to be extra constitutional. Who knew! But yes, that needs to be part of the system design.
That said, I still think this is fairly “easy” politically (weird court decisions notwithstanding) because there’s already an existing ID regime in place, and no one is saying that’s not a valid government function (yet). If a state wants to say that anyone can rely on a valid digital ID as proof of identity, that’s fundamentally permissive - if a private entity wants to hold itself to a higher standard, and require that every customer submit fingerprints and a birth certificate, it certainly can - good luck with that. But give everyone else the ability to reasonably rely on a standards-compliant identity app, and I think there will be a lot of voluntary uptake there.
Sounds like we’re probably in violent agreement - a system that makes sense for its users is probably going to be well received. States can lead the way by taking the pretty short step from physical IDs to digital IDs that are really not inferior in any way to the existing regime and potentially quite a bit more secure and convenient.
It’s only year 1. Sooner than later it’ll feel silly not to accept it.
Colorado's has been around for four years now. I've tried to use it once (giant fail) and I've never seen or heard of anyone else using it.
> Mandating this kind of system
The US mandated the acceptance of fiat money. That too was controversial at first.
Yes, fiat money was controversial at first, with political and legal peril when the US started printing greenbacks during the Civil War. https://en.wikipedia.org/wiki/United_States_Note#Politics_an...
But after the US switched back to specie (thanks to the large silver strikes and government policy which meant silver coins were priced by government fiat, not commodity value) it took nearly a century before the US fully embraced fiat money. It likely helped that the legal issues related to fiat money were resolved in the 1870s, https://en.wikipedia.org/wiki/Legal_Tender_Cases .
I suspect bri3d was thinking of a timescale in the decade or two range, not 100 years.
The Real ID Act of 2005 still isn't in fully in force, having been extended most recently to May 7, 2025. That should give an idea the likely timescale involved.
> With car keys being Bluetooth
https://francozappa.github.io/post/2023/bluffs-ccs23/ and a related but slightly different threat: https://news.ycombinator.com/item?id=38661182 are why I have no interest in that end of the convenience---security spectrum. For clarity, I'm not yucking your yum, just hoping the future is not made up entirely of c libraries written by.. security insensitive.. developers protecting my house and car
There are car key amplification attacks where people leverage the remotes in peoples homes to break into cars. In the past there have been car brands that only had so many physical key skeletons that thieves would just acquire them all. Homes often have windows that are smashable and very pickable locks.
Perfect security doesn’t exist, especially as the consumer level. I have more faith in software updates.
The first is not an issue if the transmitted data is time-sensitive.
Add a home smart lock and you can get to the point where you only need to carry your phone.
Probably could go even further and only carry Apple Watch and AirPods in most cases!
Stuff like this is rarely worth the cost or effort to implement in the US because like 1% of the population will ever end up using it. We are talking about a country where 1 in 5 households still don't have (and don't want) internet.
While 1 in 5 households do not have internet, and 58% expressed no interest or need to be online, at least roughly a quarter of them do want internet.
18% of those who do not have internet say the reason is they can’t afford home internet service, and another 4% lack internet availability in their area, says https://www.ntia.gov/blog/2022/switched-why-are-one-five-us-... .
I don't know about the other 20%.
I've been using this for a couple months now and it has not helped me at all. It didn't help with closing a PO box in SF, Car rental in Florida denied it, casino in Maryland denied it, but maybe in a couple years it'll be accepted. I think Bevmo accepted it IIRC.
CA says it’s a pilot program and so far only accepted at SFO and LAX. Rollout for something like this will be slow. Thats ok!
I’m enthusiastic about the longer term future of solutions like this. Current IDs can’t do data minimization very easily, but phone-based solutions can. You should be able to get a permission prompt saying “drug store wants to know your >18/21 status” and not hand over any other data. Of course this requires regulatory oversight to ensure that the stores don’t just ask for all the perms available.
However, does this implement the ISO spec for drivers licenses in Apple/google wallet, or is this some home grown thing?
> Of course this requires regulatory oversight
Unfortunately, history proves relying on regulatory oversight is likely to fail, be subverted or captured by special interests, possibly catastrophically, or worse, silently. This is especially true in rapidly evolving tech domains.
While I can understand that from a purely technical architecture design perspective standardization and centralization can seem like the correct approach, from a risk analysis perspective the downsides are simply too costly. It's really a case of being a reasonable choice "in a perfect world" but a terrible choice "in the real world."
The data and individual rights at stake are too important and too valuable to centralize into one juicy target certain to attract well-funded, highly motivated adversaries ranging from hostile governments, commercial interests and law enforcement overreach to some DMV clerk using a system design flaw to stalk women. None of those examples are theoretical since all of them (and worse) have already actually happened multiple times in different systems carefully designed with the best intentions and substantial legal, procedural and technical safeguards. Arguing "But this time the system won't fail" isn't persuasive when the risks are so high and track-record so clear. While I agree the current situation is far from optimal, we need to be incredibly cautious about jumping from the pan into the fire.
It also ensures that in the future all law enforcement and government agencies will have access to your personal device because "everyone's doing it" and why would you be the weird person that doesn't want to unlock it and hand it over for them to scan and verify everything?
After all, it's simple, safe and easy!
If anything this will improve things if Apple/Google allow you to hand over the phone without fully unlocking it to present ID (and other stuff like proof of insurance). The cop would then have to go back to you and get you to unlock it a second time. If they’re using a home grown app, that doesn’t work.
Unless the government starts buying everyone smart phones an id card will be fine.
France's digital ID program called "France identité" does the first part.
After pairing it with your physical ID via NFC you can generate digital proofs of identity which are time based and contain the recipient's name and the usage for the proof.
Your optimism defies the historical record on how these advances tend to play out in reality
Hint, they almost never increase privacy
To me, the killer feature of a paper identification document is that it just works.
I've been in an accident. They're trying to figure out who I am for whatever reason (i. e. to hopefully tell my family what happened). The paper card still works. The phone may have been damaged, had the battery go flat, or be locked and they can't guess the PIN. I'd rather they just look at the paper card.
Similarly, if I get pulled over, the cop knows what to do with a paper card, and it's not suddenly going to do something like flash a push notification, or lock the phone because he pressed the wrong button, and escalate the situation.
The problems this solves are both questionable:
1. I can load all my stuff onto my phone and don't need to carry a wallet! Good for you, honey. Frankly, retooling government infrastructure to satisfy an aesthetic pet peeve is sort of a waste of money. Worst case, get one of those fold-open cases with slots for cards, because you're going to have some card that can't be digitized anyway, even if it's the "collect 12 punches and get a free taco" card.
2. It might allow us to generate some "yes this person is over 18" display without leaking the home address. That's assuming that it gets built properly, and consumed properly. We've seen, well, every app in the world. Nobody is going to be selective with permissions when they can ask the moon, and people are generally not in a situation to negotiate over it.
We’ve had this in Colorado for several years now. On an iPhone, you can use guided access to restrict interactions with your phone… just triple press the power button. But there’s also a barcode they can scan to pull up the info on their own device.
I rarely carry a wallet anymore… Apple Pay, Colorado state app and my insurance company’s website (or pdf of my card) has all of the info I ever need.
Just don’t lose your phone. You’d become a stateless ghost alienated from all the documentation that proves you’re a person.
? The documents still exist stored safely in my home.
It's like losing your wallet, except there's a backup wallet at home. ;-)
You could say the same about your physical wallet.
I can't seem to get past the setup phase where the app "scans" your face via your phone's camera. A dozen attempts, different backgrounds and lighting and I keep getting "try again". Loving this AI-powered future we're in.
"pay with your palm" at Whole Foods-Amazon grocery store, right next to the self-service checkout.
It’s worrying that they are trying to tie your Id to a device that you don’t control
Why? You don't control your ID either.
But I agree that it should be off-device. It should be a smartcard.
I received this, and it seems cool. However, there are some issues. First, it cannot be used as identification at airports, for rental cars, or in bars.
There is a kiosk at SFO, but every time I’ve visited, it was out of order.
Another annoyance is that it’s not integrated with Apple Wallet.
Knowing how the government in California operates, this will likely become a money pit. They will probably abandon the project, sue IDEMIA for breach of contract (or similar reasons), and then start over.
Maybe the app needs some more updates. They claim in the app “the card has been added to your wallet” and nope, it’s not there.
I'm sure once the company contracted to build this is done milking taxpayers and the contract goes to someone who isn't buddy buddy with whoever wrote the bill, it'll get integrated into Apple/Google Wallet so normal people will consider using it.
Digital ID in a world where data privacy&sovereignty is not valued is a red flag, online tracking should be a criminal offense, just like stalking or spying on people IRL
Until then, i'll personally won't have any kind of online/digital ID
Is this just ISO 18013-5 (the MDL standard many states are implementing)?
https://www.iso.org/standard/69084.html
Or is this something different?
I got it when it was in limited beta. It's underwhelming. First problem is that it's another app on your phone instead of using the Wallet app. It's not clear why you wouldn't just use the Android/Apple app.
The second problem is that even the SFO airport doesn't take them as legitimate IDs.
For the folks who are worried about giving your phone to the cop - I guess I am not worried about it much. The cop has the right to lethal force and probably knows more about the situation when you are stopped than you ever will. So they take a look at your phone? I don't assume they will just take and keep it.
If you need to call your mom, probably best not to call her when the cop is right in front of you. If you need to call your lawyer - you are permitted to do that by law. If you are Googling for what your rights are - you are doing it way too late.
If you hand the cop your unlocked phone, and they hop over from the ID app to other apps and find evidence they think implicates you in a crime, what happens?
If you hand the cop your phone, and then say “hey I need that back to call my lawyer” and they say “Sorry, no, I need to keep this for processing”, what happens?
There are cases every day where cops are just outright wrong about the law, your rights, or their own department’s policies. The law protects them from being either criminally or civilly implicated in most of those cases, because they’re not expected to be experts in the law. For most purposes, to have a case against a law enforcement officer for violating your rights, you’d need to show that their behavior was so egregious that it was crystal clear they should have known their action was a violation of your rights. And courts have looked very favorably on LEOs historically in this context: things that to a lay person would count as “obvious” have not met that bar.
So while you may, after spending a pile of money, time, and energy, find out that yes, the police officer overstepped, you’ve still been severely impacted by their action.
Yeah better hope you don't get a text message that gets the cops attention while he has your phone. Say... one that happens to contain one of the many hundreds of slang terms for drugs that the DEA maintains https://www.dea.gov/sites/default/files/2018-07/DIR-022-18.p...
"It's not clear why you wouldn't just use the Android/Apple app"
The QR code changes each time you open it. So you can't just screenshot it. I guess that's the same reason why you can't add it to Google wallet.
This feels like a weird pitch. Yes, the way it works right now is that it loads a fresh QR code every time. But that’s a design choice they made, and they could make a different one. We’ve managed to make secure payments work using phone Wallets, and for those, the phone is performing a handshake with the reader as opposed to sending fixed, static credentials. Likewise, when I add an airline ticket to my Wallet, it automatically updates periodically if my gate or flight time change. Why wouldn’t we be able to find a similar solution here?
Not using the Apple wallet app is a huge bummer. I assumed after approval I’d be able to add it to Apple wallet, is that not the case?
We need data privacy protection laws _before_ implementing something like this, otherwise it is a perfect tool to be abused by overreaching government entities (law enforcement).
I played around with it. Not worth while at this point. Too many privacy risks (e.g. requires you hand over your phone to police unlocked).
This is the thing I think most people aren’t thinking about. I promise you the police either have or are cooking up a way as we speak to image the entire contents of your phone when you hand it to them. Until we get some laws in place around this stuff, no way.
Not from the US, so help me understand here, why would a traffic cop looking to verify a license want to image the entire contents of your phone?
We live in a police state. We have the highest incarceration rate of any country. Many of the people in prison are political prisoners. Our national security apparatus is powerful and unaccountable. Congress just reauthorized 702 which allows warrantless surveillance. Police and security apparatus is constantly looking for more ways to watch and incriminate anybody who resists their power.
Some fraction of people are authoritarian by nature. Most cops have no interest. But the fraction that do, will use any tool they can to find a crime.
Given the amount of deference courts give to cops, that they are allowed to lie without consequence, you don’t need/want to give them any more tools.
People are needlessly paranoid because there will be a few incidents that get a lot of media attention and mindshare, despite being a vast minority of the time.
They don't, but I'm sure there are some who are salivating at the thought of using traffic stops to simplify collecting evidence.
This is exactly the scenario that Apple’s proposed ID solution addresses. Not sure why California chose to go at it alone.
I remember reading that California intends to support Apple and Google’s wallet systems. My guess is that they are working on the backend first and this gives them the opportunity to exercise that system faster. Apple wallet itself likely requires more in depth security infrastructure and will take more time (speculation on my part).
You can use guided access to restrict access outside of the app. Here in Colorado, they just scan the barcode on the back and pull up the info on their own device.
Only maybe 1/10 people even know about guided access. It’s also time consuming to setup.
Apple could add an API to wrap apps in guided access automatically … or lock the device on app exit. But that’s not going to happen because they want wallet apps to go though their Apple Wallet APIs
You could, but in practice essentially no one will do this.
"in practice" everyone has faceid/touchid enabled, which means you can be compelled to unlock your phone, making this point moot to begin with.
> (e.g. requires you hand over your phone to police unlocked).
If you’re worried about this keep your id card?
If I need my physical ID for everything, why do I want a digital ID on my phone?
Sounds like you don’t.
Backup and convenience potentially.
I assume the app will attempt to tie my device identifiers such as IMEI, phone number, and advertiser ID to my government digital ID. Then they can tie it to other ID's such as Facebook or other app ID's on the device that also read device identifiers. It probably would fail to install on my Graphene phone that treats all apps as hostile by blocking them from reading any device identifiers. I would rather wait with the rest of people in lines than submit to this.
Speculating like this with no evidence just to peacock to everyone that you're privacy conscious is not actually helpful for anyone.
It is not speculation. I assume every app is hostile and trying to grab information until it can be proved that it does not. Until the app is open sourced and/or people do network analysis on it, this is the safest default assumption.
It absolutely is speculation if you haven't done the legwork and just want to throw out quick and easy takes like this.
I hope for the best but plan for the worst. The government has a high bar to meet to earn my trust. Government has lied to me too many times. They need to find some way to prove this app is safe for my freedom. Until then, I will endure the sexual abuse of TSA groping my junk when I got through the airport.
If you have PreCheck, this app has literally nothing to do whether or not the TSA will give you a pat down or not. And I don't know about you, but TSA is pretty careful about not "groping your junk" and will always be clear what they intend to do and use the back of their hands specifically to avoid any kind of impropriety. Cut down on the hyperbole about "sexual abuse" because you're trivializing what sexual abuse actually is.
iOS apps also can’t get device identifiers.
Besides, wariness is wise but assumptions are not.
Don't Iphones have advertiser ID's available to apps?
It’s unique per app, I believe.
Californian here - absolutely agree that this is the fiftieth extension of 'government now in surveillance capitalism biz' .. approved by Newsom + company
Obligatory - do not hand your unlocked phone over to a cop
Unfortunately, people who are aware of this won't even use this thing anyway and many who are exploitable would be tricked into giving their phone to the police.
I hate how police is legally allowed to lie and psychologically trick/pressure people into things they would not normally do. It makes me distrust and question everything they do and say, i.e. being uncooperative to them. Which they then can use as an excuse to escalate and detain or get violent to me.
Interacting with the police is a terrible experience no matter how upright you are because even if you are faultless, they can still make up shit to mess with your day, or life.
I would not have a problem with police legally lying, if it was legal for me to lie in response.
The single biggest problem in modern society is a dual rules we have for government agents vs the population at large, this can not stand in a free society. We all either have the same rules or we have tyranny there is no 3rd option
You are not required to tell the truth to the police.
Well Lying to the FBI and other federal agents is direct violation of the law
Lying to general police while not direct violation of the law, can be (and has been) prosecuted under several laws such as obstruction of justice, also several states have statues making false or misleading statements to police or public officials during in official investigation. Then there are also laws that prohibiting lying in specific context like your name, address, and other details.
You can say nothing, but you cannot make a false statement
Currently doesn't work for the police, however 10,000% this.
From the article they seem to be cognizant of this issue.
> The mDL offers a quick and secure identity-check at airports, without handing over your phone.The marketing material is misleading / naive. Cops routinely ask for ids at traffic stop and take them to their vehicle to verify the driver details in their system. I would imagine they would do the same with digital id and therefore one would need to hand them an unlocked phone as California digital DL doesn't appear to integrate with Apple Wallet yet?
Here in Denmark we also have a driver's license app. The app has a feature through which the user can identify themself to another party using the same app on their phone.
When used to identify, the app displays a series of QR codes which can be recorded by the 2nd phone through the camera. No need to hand over th e phone. It tranfers identifying information such as name, age and the photo so that the 2nd party can use it to validate on their screen.