Cite the state laws stating the phone must be unlocked should you be ordered to hand it over.
If so ordered, you disable faceID with a two second button press.
You’ve consistently failed to demonstrate how any of the above has anything to do with digital DL or how that adds any risk.
In no digital drivers license use case do you ever hand over your phone.
More importantly you’ve yet to describe the negative impact of this supposed additional risk.
While you talk about the bugaboo of duplicate data, nothing in your DL data is particularly special. Home address? Public record for any homeowner. In myriad places for any renter. Height weight and physical description? Observable by anyone in proximity to your phone. Photo? lol.
So instead of academic hand waving maybe describe the specific impacts should these feared risks come to fruition- and be specific how digital DL creates the exposure vs it existing regardless of digital DL participation.
1. You've posed this question too specific trying to weasel your way into a point as you know, as well as anyone else knows, there are no laws that state that wording specifically, after 30 seconds of searching, every state in the union requires you to follow law enforcement instructions, they ask for the phone, you're handing it over. Sure you can lock it, but how many day-to-day users know the button combination to shut down face ID, furthermore how many that do know it will remember to do so in that moment.
2. I have not failed to demonstrate anything, you have simply failed or refused to understand how more copies of your data being in more places and more accessible increases the threat surface on that data. We received a text just last night that the powerschool app that is used for conveying grades from our child's school suffered a data breach that will require us to implement a fraud alert on their credit data to lock it down. While this is not a digital driver's license, had our child's data not been on powerschool, no data breach would have happened for our child. data in more places will always equal more risk to it, this is a truth that only you seem to deny. I could cite any number of other cases, it will be only a matter of time before your beloved digital ID will be affected.
3. I've said data breach numerous times, you may not know what that is, Google is your friend. A recommended search term "how can a data breach affect me" will net you months worth of education at least.
4. You simply lack the understanding of how your data can, and is, being used against you. Do another search on the topic of digital forensics and see how even the most mundane of personally identifiable information (PII) can be used. Warning, this is also months worth of reading but one that I find very interesting. So much so, it was the subject of my Master's degree and is fascinating.
5. Ok here are some things that your data can be used against you.
You name and address can be leveraged to link you to every online account you've ever had an attacker can then use that to search previous data breaches that your accounts were associated with. They then collect the password lists those sites were associated with and run them through data aggregation looking for duplicates among all of the lists. Most people reuse passwords so this should net results, if people do not reuse the exact password, they often repeat parts of it and only change a few things, attackers can find those patterns also. After that, they start testing these passwords and if they get in, they're off to the races on your life. This is especially damaging if they gain access to your email, because now they can simply wait till you are sleeping and start resetting any passwords they couldn't find. they can also remove multi-factor authentication in many cases as well.
Once they start gaining access to accounts they can find even more PII, such as SSNs, DOBs, and much more. Which can allow them to start opening accounts in your name, unless you have active credit monitoring or are spending time every day scouring the internet looking for this, you will likely not know it is happening until it is too late.
This is only a very brief example of how even the most simple PII can be leveraged into a much more sophisticated attack against someone. But hey go ahead, make your data accessible in more places, what could go wrong.....
I am finished with this silly conversation, you have fully entrenched yourself on this subject and it was never my intention to talk you out of using it. If you want to use it, by all means go for it, but it is not as rock-solid as you think it is and there are always risks involved. Everyone one of my customers (I also own an IT company) have been advised to not allow any of this type of data on their corporate-owned devices, while I did not convey this last part to them, as more of a protection of their employees from the company than it is of the company with the exception of company credit cards issued to these employees. I recommend against those as well as a protection of both parties by simply reducing the places where this data exists reduces it exposure to attackers.
Finally, one more example that you can hopefully understand, one that is relevant but different. You buy a house and install new locks on it. If you and your significant other are the only two that have a key, then the likelihood of entry to your house without brute force (door kick-in, window break) is very low. You make 6 more copies of the key and give it to in-laws, the neighbor, and your idiot cousin who writes the address on it and always loses their keys, then the risk of non-forced entry increases. This is simply a physical example of what you are doing with your data when you make more copies of it available on multiple platforms. It is not a matter of if, but when it is breached.
