
NSW Digital Driver Licence - stockkid
https://www.service.nsw.gov.au/campaign/nsw-digital-driver-licence
======
afandian
Can I use this without having a Google or Apple account? I guess the answer is
no. It's crazy that we are allowing these duopolies to be the arbiters of so
many critical functions.

Arguments like this are the strongest for forced regulation and split up IMHO.

~~~
roenxi
And - just to underline this point - drivers license is the de-facto
Australian ID card.

I can't think of an actual complaint against embedding US companies into what
is in practice an important part of NSWs local governance; we might already do
that credit and finance to some degree. But it just looks like another little
step at creating a delicate system with single points of failure and
unreasonably influential power-brokers.

~~~
aussieguy1234
As of the moment, the digital version can't be used as ID

~~~
a10c
"The NSW Digital Driver Licence is accepted by most pubs and clubs, and NSW
Police."

Literally paragraph 3 of the article.

~~~
munk-a
These are pretty informal usages, I'd be more curious if you could renew your
passport using the digital driver's license.

~~~
tjmc
Or open a bank account.

~~~
harry8
You can

------
Benjamin_Dobell
Just happened to randomly stumble across a reverse engineering talk about this
very app a couple of hours ago:

[https://www.youtube.com/watch?v=oux3tI2V0sY](https://www.youtube.com/watch?v=oux3tI2V0sY)

~~~
oxplot
The crux of the issue is that the verification only tells you if the barcode
is valid. However, there are no strong relationships between the barcode and
the rest of the visual content (photo, numbers, dates, etc). Therefore, one
can overlay malicious data around the barcode.

The fix would be to allow the verifier to independently retrieve the license
details after scanning the barcode, instead of just seeing a valid/invalid
message.

~~~
movedx
In Queensland, our Police carry iPad. They can basically look you up and get
your details on that iPad. I would imagine NSW Police would have something
similar: scan the barcode, it verifies it's correct, and then they compare the
face on the phone to the one they get on their iPad.

~~~
dhx
What is the point of each person holding a driver license at all (digital or
otherwise) if the only thing that is trusted is the device of a police officer
looking up an individual in a database and confirming a face match and/or
passcode match?

Could a police officer just ask "I need to look up your license in the
database. What is your name, date of birth and passcode so I can find your
face in the database and confirm you gave me the correct passcode?"

~~~
9nGQluzmnq3M
I take it you're one of those lucky people who don't need to have the NATO
phonetic alphabet rendering of their first, middle and last names memorized,
because otherwise _nobody_ will get them right.

~~~
movedx
To be fair though, how do you even pronounce the name, "9nGQluzmnq3M"? ;-)

~~~
simonh
The numbers are silent.

------
shirro
I have had one of these for years in South Australia (app store release data
may 2017). Our car rego is all digital as well which used to cause confusion
interstate as we don't have rego stickers. I don't adopt a lot of digital
technology like social media because I think it is of dubious value with
potential risks but nfc payments and a digital licence lets me travel with
just my phone which suits me really well. I hate carrying a wallet.

One potential issue with having this on your phone is that you are unlocking
your phone and handing it to the police which could be a problem for some
people. Though people can still carry a card.

~~~
bamboozled
The worst thing about this system is that if your battery dies, well you can’t
prove your identity.

I guess cops carry chargers now ?

~~~
isostatic
Do you have to show your license in NSW?

In the UK we have to give our name and address, then turn up to a police
station within 7 days with our license.

------
jwilliams
There was talk the permissions used were a bit worrying:
[https://www.lifehacker.com.au/2019/10/nsws-digital-driver-
li...](https://www.lifehacker.com.au/2019/10/nsws-digital-driver-licence-has-
some-worrying-permissions/)

On Google Play it included access to Calendar, Camera, Photos, Location,
Storage...

~~~
shakna
And for some strange reason, the ability to pair with Bluetooth devices. Which
I have no idea why it exists, I can't find a single service that the app has
access to which would require that feature.

~~~
willsr
This probably has something to do with the ISO 18013-5 standard.

[https://medium.com/@dkelts.id/mobile-driver-licenses-mdl-
how...](https://medium.com/@dkelts.id/mobile-driver-licenses-mdl-how-to-use-
iso-18013-5-5a1bbc1a37a3)

------
kube-system
Sounds like a creative way for law enforcement to get people to hand them
their unlocked devices during a search.

~~~
imglorp
There's an opportunity for mobile OSs to support this usecase with a "guest"
account: lock the phone to a single app so you can hand it to a less trusted
person. Also useful for toddlers gaming.

The last Android version had a weak guest mode; the current one does not seem
to.

~~~
Razengan
iOS has had "Guided Access" since almost forever.

Not quite a guest account, but you can use the Accessibility shortcut (from
the Control Center or triple-clicking the sleep button) to quickly prevent app
switching before handing a device to someone.

You can even use it to disable interaction with parts of the screen by drawing
regions, or disable the hardware buttons, and set an autosleep timer.

What operating systems really need though, is a "fake OS" mode. It should
display an alternative launchpad with some random apps with random photos,
notes, messages etc. When someone tries to do something it should stall with
poor network connectivity dialogs or other fake issues.

Maybe someone can make an app like that? :)

~~~
nathancahill
There's various tweaks that enable this if you're jailbroken.

~~~
Razengan
Wouldn't that just shift the burden of trust upon the jailbroken apps?

------
vajrapani666
Some say that New Orleans is so far behind, that it's ahead. Definitely true.
The information systems in SF all feel like they were built in 2010. I've had
a digital ID ([https://apps.apple.com/us/app/la-
wallet/id1386930269](https://apps.apple.com/us/app/la-wallet/id1386930269))
for over a year now and it's so much more convenient when I lose my actual ID
-- about 4x/year. The LA wallet has a verification system that anyone can use
to verify anyone else's ID. I was in SF for blockchain week last week and I
misplaced by physical ID on the way to the airport. I wanted to see a friend
of mine perform at a bar in Berkeley and they wanted a physical ID. I ended up
eating tasty Nepalese food next door and met up with my friends after the show
because there's no digital ID in California. Once I got back to New Orleans,
no-one ever batted an eye when I showed them my digital ID. I'm hoping the
next step is issuing a public/private key along with the ID. It would come in
handy for so many blockchainy/dapp possibilities.

I might be less ecstatic if I had a car and got pulled over and asked to show
my ID. I wouldn't be comfortable handing my unlocked phone over to the state.
I trust the internal walls of the mobile walled gardens more than I trust a
cop.

~~~
smcl
You lose your ID 4x per year?! I lost my (British) passport once and later
that same year it was in a bag that was stolen - I was warned that I wouldn't
be issued with another one if it happened again. I am now super paranoid when
I have to carry it, in fact now that I type this I realise I'm extra edgy
because I'm about to leave for a trip in a few minutes with my passport :-O

~~~
jdsully
Most countries will forgive two lost passports within a 10 year period. After
that they may refuse or give you limited duration documents. This is of course
at the discretion of the country issuing the documents - but if they are
overly generous it will cause problems with other countries expected to accept
the documents.

The main concern is they don't want a bunch of unaccounted for passports lying
around. It dramatically increases the risk of fraud.

------
lukeqsee
> It’s illegal to access your Digital Driver Licence when driving, including
> when stationary, unless you’re asked to do so by a police officer. Penalties
> apply.

"We made this thing you only need while driving, especially when stationary
and stopped by the police, but it's illegal to do so _unless specifically
requested_."

I wonder how this will be applied in reality. Will individuals stopped have to
wait for the police to ask before readying their documentation without being
cited in addition to whatever they were stopped for?

~~~
AndrewDavis
>We made this thing you only need while driving

Drivers licences in Australia are the de-facto ID. Including proof of age to
purchase cigarettes/alcohol, many bars scan IDs as you enter in case you cause
damage or start a fight. To proving identity for a variety of things including
(but not limited to) new phone plans, bank accounts, etc.

Most Aussies carry their drivers licence with them everywhere.

Regarding the stationary part. Though it varies state by state, my state
(Victoria) considers it an offence to use your phone while stationary. If the
vehicle is legally parked and engine off you're fine. This is to cover those
using their phone while stuck in traffic.

~~~
jor-el
I am curious to know how the Uber/Lyft drivers operate with such laws. Often
they need to access maps, how does the law apply to such drivers?

~~~
hnick
Concessions exist for operating a mounted GPS device or phone.

[https://www.vicroads.vic.gov.au/safety-and-road-
rules/driver...](https://www.vicroads.vic.gov.au/safety-and-road-rules/driver-
safety/mobile-phones-and-driving)

That's Victoria, similar laws in NSW. Technically though, using NFC to buy
Mcdonalds in the drive through is illegal.

------
stien
Cool! Norway recently launched this as well
[https://www.vegvesen.no/en/driving-licences/driving-
licence-...](https://www.vegvesen.no/en/driving-licences/driving-licence-
holders/digital-driving-licence)

------
hndamien
Is this a step towards more surveillance? I get that it doesn’t have to be,
but surely it brings it closer, and easier to get there.

~~~
_kbh_
I feel like I am pretty security conscious and thought the same thing at
first. but realistically isn't all this just data the government already has
on us?.

~~~
hndamien
Sort of, it depends if they ask for extra permissions at some point in the
future and there is not alternative option. I saw an Android screenshot
showing requests for an insane amount of access - it may have been faked
though.

------
theqult
For a moment a read NSFW Driver Licence, it would be beautiful <3

~~~
anticensor
NSW stands for the New South Wales, an autonomous state in Australia.

------
bloak
Non-rhetorical question: What's the point of this?

For many years it has been possible in many countries for a police officer to
enter a vehicle's number plate and get details of the registered owner,
including a photo, on the screen of their own device, one which they trust. If
I'm driving a friend's car I could tell the police officer my name, the number
plate of a vehicle that I am linked to or some other identifier and the
officer could then look me up. Why should a driver need anything beyond a good
enough memory to recite some kind of identifier?

Someone who can't remember their own name arguably shouldn't be driving.

I'm looking forward to the day when we won't need passports either. (I'm sure
my great-grandchildren will find it much more convenient.)

Perhaps the point of this is that it lets you give someone else, not a police
officer, temporary read-access to a subset of the data on the server. Is that
it perhaps? That could be useful. For example, to a club bouncer I might
choose to reveal my photo and the fact that I'm over 18 without giving away my
date of birth and my address, which would be shown on my physical driving
licence.

Potentially some interesting technical questions about how to stop people from
using someone else's licence with the other person's collaboration: an older
sibling's licence, for example.

~~~
thelittleone
One benefit is ultimately there would be a few million less plastic cards
produced. If it successful, perhaps others states / countries rollout
something similar. That could be hundreds of millions fewer plastic cards
produced.

Admittedly this is unlikely a significant factor in the state governments
decision making. Yet it’s a benefit all the same.

~~~
vokep
That sounds nice but is it really meaningful to cut such a small amount of
waste?

Consider all the other various cards which also might be digitized. Gov ID
doesn't seem like the place to start, seems like maybe the one that should
always have a physical form even if everything else has become digital.

------
technion
I've tried this out so I can report the experience. First, I can confirm the
only permission requested is camera, and that's only when I first try to use
the "scan a license" function. It seems like a Google Play bug that the play
store allegedly shows legacy information if you click "permissions"[0] on the
website, as these aren't reflected in the actual store.

Secondly, being able to press a button and get shown my current demerits is
extremely useful. Last time I wanted to check this I spent a good two hours on
hold on the phone.

My license expires in two weeks and this is the first I found out about it.
Undoubtedly due to some bungle in the traditional system.

I can see why people are concerned, and it's not going to be accepted in clubs
for a while as the scanners physically won't fit a phone.

(Having deployed those scanners a few years back, I'm frankly more concerned
about their privacy situation than this app).

[0]
[https://play.google.com/store/apps/details?id=au.gov.nsw.ser...](https://play.google.com/store/apps/details?id=au.gov.nsw.service&hl=en_AU)

~~~
shirro
Yes, I like being able to see my licence expiry, demerit and rego expiry all
on one place.

Our rego is all digital in SA and we don't have rego stickers. I have been
getting text reminders for years but sometimes you just want to check when
things expire without logging into a website and navigating through lots of
layers.

I expect NSW is the same but our app also takes boat licences, heavy vehicle
licences, occupational licences as well as vehicle reg. I get that it isn't
for everyone but it is a convenience.

For comparison:
[https://play.google.com/store/apps/details?id=au.gov.sa.my](https://play.google.com/store/apps/details?id=au.gov.sa.my)

------
hyperrail
Here in the States, Delaware and other states have also been trying mobile
driver's licenses. Alarmingly to me, it seems police officers might eventually
be able to remotely access the driver's license information of a person with a
mobile license when the officer is physically nearby the phone, though perhaps
that is less bad than having to hand over and unlock the phone outright.

You can learn more about the Delaware experiment from the same places I did:

\-
[https://www.youtube.com/watch?v=4FYUU4wP9s8](https://www.youtube.com/watch?v=4FYUU4wP9s8)

\- [https://www.usatoday.com/story/news/nation-
now/2018/03/14/mo...](https://www.usatoday.com/story/news/nation-
now/2018/03/14/mobile-drivers-license-allow-police-ping-cellphones-delaware-
pilot-study/423336002/)

------
dualboot
Why on earth would you install an app provided by a nation/state?!

~~~
undersuit
Because it's obviously more secure than letting someone access a webpage with
the same functionality. /s

------
angry_octet
I can see digital imitations coming in 3,2,1... Starting by reversing and
modifying the official app. The QR might not verify (assuming network
connectivity), or it might be someone else, but will it be checked? Doubtful,
because it only returns a name, not a photo.

It is disappointing this is an online-only system. There is a continuation of
a number of privacy violating practices, such as giving your DOB and driver's
licence number to bars/clubs/venue security (often run by criminals, esp
OLMCs). It should only show 18+ and a photo.

NSW Govt will now know exactly who goes to which venue, in real time. Insane
surveillance of the citizenry.

Can't wait to see what data is in the real QR codes. Almost sounds like a TOTP
code and a user/device serial number. Malware that rips these TOTP codes will
be made and available to criminals in short order.

~~~
hnick
I'm not sure it is online-only? They do say to carry your card as a backup but
also say it works offline after initial setup:

"The NSW Digital Driver Licence is available offline as long as you are logged
into the Service NSW app"

[https://www.service.nsw.gov.au/campaign/nsw-digital-
driver-l...](https://www.service.nsw.gov.au/campaign/nsw-digital-driver-
licence/licence-holders-and-nsw-digital-driver-licence#conditions)

~~~
angry_octet
I took that to mean that your licence app will work offline, but not that it
will validate offline.

~~~
hnick
I've set it up now just to check.

The initial setup is online. All you need to do is make an account (verified
via an emailed code), log in, and enter your surname and 2 numbers on the
physical license and it will download the information.

You can then go offline and still view it. There's a QR code which doesn't
directly contain a URL or anything, so I'm not sure if the police need to be
online to validate using it, I didn't look into it much.

It also says the last refresh time and pulling down will refresh the
information however this fails when offline (the app doesn't seem to check
network availability, it just tries to load forever). So I'm not sure if this
is a problem.

It also seems to be really poorly optimised on Android, the UI is basically
unresponsive on my phone and slows the whole system down.

Regardless needing to carry the real license as a backup is a problem, since
it sounds like they'll make no concessions if you left it at home for a short
drive and your phone dies.

~~~
angry_octet
Depressingly poor engineering.

------
excalibur
From the rules linked here:

[https://roadsafety.transport.nsw.gov.au/stayingsafe/mobileph...](https://roadsafety.transport.nsw.gov.au/stayingsafe/mobilephones/know-
the-rules.html)

> Restricted licences holders including learner, P1 and P2 drivers and riders
> are not permitted to use their phone at all while driving or riding. This
> includes use of hands-free and Bluetooth functions.

Am I misunderstanding this? Are they saying that teenagers with a learner's
permit are prohibited from using their phones while riding in the passenger
seat?

~~~
ska
I think that refers to bicycle (and/or motorcycle?) riding - not being a
passenger.

------
raver1975
I imagine it's really trivial to download the Android APK, decompile it into
it's source code, modify the code, and then push the modified app back on to
the phone. You can be anyone you want to be. This idea does fall apart after
the officer looks up the license number on his device. Do you think this would
work at taverns?

~~~
bobthepanda
In the US I’ve been to plenty of bars and grocery stores with ID scanners. I’d
imagine this would be no different.

------
sk0g
Wonder if this can be used as ID to get into clubs, etc? The page doesn't seem
to mention it, but I doubt it would be.

~~~
evolve2k
YES it can be. It’s there in the 3rd paragraph.

“The NSW Digital Driver Licence is accepted by most pubs and clubs, and NSW
Police.”

~~~
sk0g
Missed that completely, thank you! Now for a certain backwards northern state
to implement this so I don't have to take my wallet into gigs and nights out
at all...

------
spelunker
Colorado launched one recently as well, apparently the first US state to do
it: [https://mycolorado.state.co.us/](https://mycolorado.state.co.us/)

As a CO resident I haven't really found a use for it yet. There's even a
disclaimer to take your physical ID with you wherever you go.

~~~
reaperducer
My state has digital insurance and registration cards. I guess this is the
next logical step.

But I do worry about when people get used to using these digital
identification and then get pulled over after their phone battery dies or when
their phone breaks on vacation or something.

A simple traffic stop with a warning suddenly becomes a day in jail while the
police "verify"a person's identity.

~~~
walshemj
There was a case in the UK recently where some one got a £500 fine on the
train because their phone died and they could not show their electronic
ticket.

I was only after the press got involved that it was over turned.

------
jmull3n
One problem I have personally encountered is I am unable to obtain a digital
form of identification while my license is suspended for a speeding offence.
This is more annoying than not being able to drive as I still have to carry a
wallet for the 1 remaining card I can't get on my iPhone.

~~~
megablast
I have no problem with someone suspended for speeding having an extra piece of
annoyance.

~~~
willbw
Really? I mean they already are suspended for driving, that is the punishment.
This feels petty to me.

------
gwbas1c
I originally read this as "NSFW Drivers License" and thought it was going to
be a funny link.

------
taksintikk
> The NSW Digital Driver Licence is accepted by most pubs and clubs

How to get user acceptance 101

------
rogerthat_au
Drivers License as ID is used at a number of places in Australia including as
age proof for venues serving alcohol, for phone connections and widely as a
key KYC document. Carrying one less card is certainly welcome to remove the
need for a wallet.

~~~
toomanybeersies
That's great until your phone gets broken or runs out of battery. Personally,
I like to keep my phone, wallet, and keys as three separate things.

------
karthickgururaj
India has something similar for driving licenses and many other documents:
[https://digilocker.gov.in/](https://digilocker.gov.in/)

------
dgellow
Looking at the conditions, this one is a bit odd:

> It’s illegal to access your digital driver licence when driving, including
> when stationary, unless you’re asked to do so by a police officer. Penalties
> apply.

So, does that mean that an officer can ask to see the license _while driving_?
That's such a weird scenario!

And the part "including when stationary", does that mean that you're allow to
check your digital license if you're in your care, alone, parked somewhere,
without any police officer around?

Source: [https://www.service.nsw.gov.au/campaign/nsw-digital-
driver-l...](https://www.service.nsw.gov.au/campaign/nsw-digital-driver-
licence/licence-holders-and-nsw-digital-driver-licence#conditions)

~~~
megablast
Are you confused by phone use when driving?

~~~
dgellow
What part of my comment are you answering to? I didn’t express confusion.

------
ape4
Seems pretty easy to fake. Make an app that shows a photo and QA code.

~~~
optevo
The code changes continually. Also the background moves when you tilt the
phone.

~~~
shakna
In this [0] PyCon talk the app is reverse-engineered, and a version that
produces a fake QR code that gets verified successfully is created.

It would seem the current approach is fundamentally broken.

[0]
[https://www.youtube.com/watch?v=oux3tI2V0sY](https://www.youtube.com/watch?v=oux3tI2V0sY)

------
throwaway3714
Accepting digital licences as identification in nightclubs in QLD is entirely
optional. Seems counterproductive to have a half valid form of ID.

~~~
chrisseaton
Isn’t accepting any ID in a nightclub already optional and at the discretion
of the licensee? They can always turn people away as long as it’s not based on
a protected category can’t they? How’s it any different to before?

~~~
throwaway3714
I get that, I was sober on a Wednesday at 4pm and the casino wouldn’t let me
in.

------
subsaharancoder
Am I the only one who read the title in HN and saw "NSFW Digital Driver
Licence"?

------
mkj
The QR code updates - is that online or using a "secret" stored on the phone?

Sounds fun for the <18 kids.

~~~
Qqqwxs
May I ask what this would make easier for <kids?

I can think of clubs scannings IDs, but scanners only store identification
details for some period of time, until they're deleted, and not compared
against a database. [0] A spoofable/transferable QR code could contain all the
information normally scanned on a license plus information unique to each code
refresh.

I'd love to hear what the other implications of this could be if I'm missing
something.

[0] [https://www.liquorandgaming.nsw.gov.au/operating-a-
business/...](https://www.liquorandgaming.nsw.gov.au/operating-a-
business/liquor-licences/liquor-licence-conditions-and-precincts/id-scanners)

~~~
mkj
I was thinking if they're used offline at a bottle shop, it's a lot easier to
seamlessly alter a date of birth or photo on a phone app than a physical
license.

Also makes it easier to share an older sibling's ID.

~~~
Nextgrid
Not really. If the offline license is in a digital format (QR code, etc) it
can still be checked whether it’s been signed by a trusted authority (the
state’s digital certificate, etc).

So you can very well have an offline system where the documents are signed
during enrolment but then stored offline.

~~~
angry_octet
Unfortunately that does not seem to be what they have done, i.e. no signatures
involved.

~~~
Nextgrid
In this case it’s a problem with the current implementation, but does not
prevent a proper implementation from existing in the future.

------
contingencies
[https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia](https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia)

