Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I disagree with your sentiment, events do not require legal sentiment to happen anyway. For example, Joe dives his car down the road, perfectly legal, Joe drives his car through a crowd of people, not legal, but it can happen anyway. You and I will simply have to agree to disagree, however, your disagreement with me does not invalidate the concerns with this in any way.

LOL. I'm stating fact, not sentiment.

You presumed that having a digital drivers license creates an obligation to hand over your phone.

That is factually incorrect: No such obligation exists.

As such, having or not having a digital DL does not affect the (very small) chance of an officer forcefully (and illegally) seizing your locked phone.
 
  • Like
Reactions: CarlJ
LOL. I'm stating fact, not sentiment.

You presumed that having a digital drivers license creates an obligation to hand over your phone.

That is factually incorrect: No such obligation exists.

As such, having or not having a digital DL does not affect the (very small) chance of an officer forcefully (and illegally) seizing your locked phone.
I never said that, I said if the officer asks for the phone you could be compelled to hand it over, some state laws may require that one must comply with all instructions from a law enforcement officer. You are simply saying things out of context because you have offered little to further your point and have offered nothing tangible to diminish mine, which is there is an increase in the threat surface of data security the more places that data exists and that there are situations where an officer may take your phone from you and that there is a possibility that you hand over an unintentionally unlocked phone.
 
  • Like
Reactions: onenorth
None, unless you've purposefully or accidentally unlocked your phone from the pretty easy to accidentally do face unlock, now they have your unlocked phone and can (illegally) do a lot of things. It can happen is all I am saying and that is a risk that I am not willing to take, and anyone concerned about privacy and security should be concerned with as well.
Here is the simple problem with your argument, that you still have not addressed. You have proposed a situation where for the officer to gain access to one’s phone because of something related to mDL, he almost certainly has to lie (in a way that is easily documented), or grab it illegally. However, if he wants your phone, there is a simple way for him to get it that is completely legal (“I smell marijuana. I need to do a protective pat down, please empty your pockets.”), so why would he go down a route that is way more likely to cause him a problem by doing something that is easily challengable?

If one is concerned, one can disable FaceID before one hands over one’s phone in any event.
 
  • Like
Reactions: CarlJ
I never said that, I said if the officer asks for the phone you could be compelled to hand it over, some state laws may require that one must comply with all instructions from a law enforcement officer.
Cite the state laws stating the phone must be unlocked should you be ordered to hand it over.

If so ordered, you disable faceID with a two second button press.

You’ve consistently failed to demonstrate how any of the above has anything to do with digital DL or how that adds any risk.

In no digital drivers license use case do you ever hand over your phone.

More importantly you’ve yet to describe the negative impact of this supposed additional risk.

While you talk about the bugaboo of duplicate data, nothing in your DL data is particularly special. Home address? Public record for any homeowner. In myriad places for any renter. Height weight and physical description? Observable by anyone in proximity to your phone. Photo? lol.

So instead of academic hand waving maybe describe the specific impacts should these feared risks come to fruition- and be specific how digital DL creates the exposure vs it existing regardless of digital DL participation.
 
  • Like
Reactions: CarlJ
Cite the state laws stating the phone must be unlocked should you be ordered to hand it over.

If so ordered, you disable faceID with a two second button press.

You’ve consistently failed to demonstrate how any of the above has anything to do with digital DL or how that adds any risk.

In no digital drivers license use case do you ever hand over your phone.

More importantly you’ve yet to describe the negative impact of this supposed additional risk.

While you talk about the bugaboo of duplicate data, nothing in your DL data is particularly special. Home address? Public record for any homeowner. In myriad places for any renter. Height weight and physical description? Observable by anyone in proximity to your phone. Photo? lol.

So instead of academic hand waving maybe describe the specific impacts should these feared risks come to fruition- and be specific how digital DL creates the exposure vs it existing regardless of digital DL participation.

1. You've posed this question too specific trying to weasel your way into a point as you know, as well as anyone else knows, there are no laws that state that wording specifically, after 30 seconds of searching, every state in the union requires you to follow law enforcement instructions, they ask for the phone, you're handing it over. Sure you can lock it, but how many day-to-day users know the button combination to shut down face ID, furthermore how many that do know it will remember to do so in that moment.

2. I have not failed to demonstrate anything, you have simply failed or refused to understand how more copies of your data being in more places and more accessible increases the threat surface on that data. We received a text just last night that the powerschool app that is used for conveying grades from our child's school suffered a data breach that will require us to implement a fraud alert on their credit data to lock it down. While this is not a digital driver's license, had our child's data not been on powerschool, no data breach would have happened for our child. data in more places will always equal more risk to it, this is a truth that only you seem to deny. I could cite any number of other cases, it will be only a matter of time before your beloved digital ID will be affected.

3. I've said data breach numerous times, you may not know what that is, Google is your friend. A recommended search term "how can a data breach affect me" will net you months worth of education at least.

4. You simply lack the understanding of how your data can, and is, being used against you. Do another search on the topic of digital forensics and see how even the most mundane of personally identifiable information (PII) can be used. Warning, this is also months worth of reading but one that I find very interesting. So much so, it was the subject of my Master's degree and is fascinating.

5. Ok here are some things that your data can be used against you.

You name and address can be leveraged to link you to every online account you've ever had an attacker can then use that to search previous data breaches that your accounts were associated with. They then collect the password lists those sites were associated with and run them through data aggregation looking for duplicates among all of the lists. Most people reuse passwords so this should net results, if people do not reuse the exact password, they often repeat parts of it and only change a few things, attackers can find those patterns also. After that, they start testing these passwords and if they get in, they're off to the races on your life. This is especially damaging if they gain access to your email, because now they can simply wait till you are sleeping and start resetting any passwords they couldn't find. they can also remove multi-factor authentication in many cases as well.

Once they start gaining access to accounts they can find even more PII, such as SSNs, DOBs, and much more. Which can allow them to start opening accounts in your name, unless you have active credit monitoring or are spending time every day scouring the internet looking for this, you will likely not know it is happening until it is too late.


This is only a very brief example of how even the most simple PII can be leveraged into a much more sophisticated attack against someone. But hey go ahead, make your data accessible in more places, what could go wrong.....


I am finished with this silly conversation, you have fully entrenched yourself on this subject and it was never my intention to talk you out of using it. If you want to use it, by all means go for it, but it is not as rock-solid as you think it is and there are always risks involved. Everyone one of my customers (I also own an IT company) have been advised to not allow any of this type of data on their corporate-owned devices, while I did not convey this last part to them, as more of a protection of their employees from the company than it is of the company with the exception of company credit cards issued to these employees. I recommend against those as well as a protection of both parties by simply reducing the places where this data exists reduces it exposure to attackers.


Finally, one more example that you can hopefully understand, one that is relevant but different. You buy a house and install new locks on it. If you and your significant other are the only two that have a key, then the likelihood of entry to your house without brute force (door kick-in, window break) is very low. You make 6 more copies of the key and give it to in-laws, the neighbor, and your idiot cousin who writes the address on it and always loses their keys, then the risk of non-forced entry increases. This is simply a physical example of what you are doing with your data when you make more copies of it available on multiple platforms. It is not a matter of if, but when it is breached.
 
For the folks worried about fraud or hacking, when I tried turning on the Gas at my very first Apartment when I was 18, they told me no because I already had an Account with a balance that wasn't paid. My Mom had to go to an office with paperwork to prove me is me and not them.. Social Security fraud. That was roughly 30 years ago, long before smart phones and any sort of technical fraud that can happen now. Our "Data" is already out there. One company reports that they've been hacked and by the time you change up your passwords, some other company lets you know they've been hacked. If any of you think you can still protect your data, I'm sure that time has probably come and gone. All they have left to learn about you is what new password you'll use.

With these Digital IDs, you only need to have an NFC Reader to display your License Information just like when they swipe the strip on your actual ID. I'm not sure why or how we got this far down the path of all these technicalities. The Process is actually quite straight forward, and for the most part, will only be useful in specific situations like going through customs at an airport or maybe entering a Government building, and I could see in the future even using an NFC reader at a bar to check IDs. But substituting a Digital ID for a Real ID? We're not there (yet). That seems like the kind of thing that would need Nationwide Support, not just support in a few States.
 
Last edited:
  • Like
Reactions: CarlJ
1. You've posed this question too specific trying to weasel your way into a point as you know, as well as anyone else knows, there are no laws that state that wording specifically, after 30 seconds of searching, every state in the union requires you to follow law enforcement instructions, they ask for the phone, you're handing it over. Sure you can lock it, but how many day-to-day users know the button combination to shut down face ID, furthermore how many that do know it will remember to do so in that moment.

2. I have not failed to demonstrate anything, you have simply failed or refused to understand how more copies of your data being in more places and more accessible increases the threat surface on that data. We received a text just last night that the powerschool app that is used for conveying grades from our child's school suffered a data breach that will require us to implement a fraud alert on their credit data to lock it down. While this is not a digital driver's license, had our child's data not been on powerschool, no data breach would have happened for our child. data in more places will always equal more risk to it, this is a truth that only you seem to deny. I could cite any number of other cases, it will be only a matter of time before your beloved digital ID will be affected.

3. I've said data breach numerous times, you may not know what that is, Google is your friend. A recommended search term "how can a data breach affect me" will net you months worth of education at least.

4. You simply lack the understanding of how your data can, and is, being used against you. Do another search on the topic of digital forensics and see how even the most mundane of personally identifiable information (PII) can be used. Warning, this is also months worth of reading but one that I find very interesting. So much so, it was the subject of my Master's degree and is fascinating.

5. Ok here are some things that your data can be used against you.

You name and address can be leveraged to link you to every online account you've ever had an attacker can then use that to search previous data breaches that your accounts were associated with. They then collect the password lists those sites were associated with and run them through data aggregation looking for duplicates among all of the lists. Most people reuse passwords so this should net results, if people do not reuse the exact password, they often repeat parts of it and only change a few things, attackers can find those patterns also. After that, they start testing these passwords and if they get in, they're off to the races on your life. This is especially damaging if they gain access to your email, because now they can simply wait till you are sleeping and start resetting any passwords they couldn't find. they can also remove multi-factor authentication in many cases as well.

Once they start gaining access to accounts they can find even more PII, such as SSNs, DOBs, and much more. Which can allow them to start opening accounts in your name, unless you have active credit monitoring or are spending time every day scouring the internet looking for this, you will likely not know it is happening until it is too late.


This is only a very brief example of how even the most simple PII can be leveraged into a much more sophisticated attack against someone. But hey go ahead, make your data accessible in more places, what could go wrong.....


I am finished with this silly conversation, you have fully entrenched yourself on this subject and it was never my intention to talk you out of using it. If you want to use it, by all means go for it, but it is not as rock-solid as you think it is and there are always risks involved. Everyone one of my customers (I also own an IT company) have been advised to not allow any of this type of data on their corporate-owned devices, while I did not convey this last part to them, as more of a protection of their employees from the company than it is of the company with the exception of company credit cards issued to these employees. I recommend against those as well as a protection of both parties by simply reducing the places where this data exists reduces it exposure to attackers.


Finally, one more example that you can hopefully understand, one that is relevant but different. You buy a house and install new locks on it. If you and your significant other are the only two that have a key, then the likelihood of entry to your house without brute force (door kick-in, window break) is very low. You make 6 more copies of the key and give it to in-laws, the neighbor, and your idiot cousin who writes the address on it and always loses their keys, then the risk of non-forced entry increases. This is simply a physical example of what you are doing with your data when you make more copies of it available on multiple platforms. It is not a matter of if, but when it is breached.
LOL. Multiple long paragraphs of “hand waving” without answering the questions or actually supporting your original assertions. You avoid the direct answers and try to distract with unconnected unspecific risks.

Sorry, but you remind me of some of the top academics (physicists) I worked with for years at a top university.

Brilliant men and women, but also often painfully ignorant of the real world outside their specialties. Like some, but not all, you seem so very self important and appear to believe anyone who disagrees with your point of view “just doesn’t understand.” That is a very small word and I recommend you expand your horizons.
 
  • Like
Reactions: LlamaLarry
LOL. Multiple long paragraphs of “hand waving” without answering the questions or actually supporting your original assertions. You avoid the direct answers and try to distract with unconnected unspecific risks.

Sorry, but you remind me of some of the top academics (physicists) I worked with for years at a top university.

Brilliant men and women, but also often painfully ignorant of the real world outside their specialties. Like some, but not all, you seem so very self important and appear to believe anyone who disagrees with your point of view “just doesn’t understand.” That is a very small word and I recommend you expand your horizons.
Your opinion of me has no weight. You do whatever it is you want to do, consequences be damned. I'm through with this silliness, good day.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.