This is a terrible idea. The last thing I want is for an advertising company that makes its living off personal data that they gather about me to be able to reliably link that data to my real identity.
I think that in general embedding legally-empowered digital IDs (in the form of certificates, not pictures of physical ID cards, mind you) in mobile phones is a good idea, but it ceases to be a good idea when your phone and your OS are made by an advertising company with clear incentives to gather data about you, and a solid history of doing so.
I would say, let Google develops the tech and figures out where are the blocking points, and then it could eventually become a standard and be implemented by other actors.
About making the technology reliable and secure, I do trust Google more than my bank.
Banks are the worst but they are in the game for centuries and there are thousands of laws and jurisprudence for banks. And mark my words, laws will be too little, too late. We need to stop the "move fast and break things" now, we should put ethics side by side with "because we can" otherwise people will suffer the.consequences
> We need to stop the "move fast and break things" now,
I understand your concerns, but I believe we should upgrade the Democratic system to give people more direct and more often opportunities to change the law rather than slow down technology progression
It's weird to see all these crutches and half-assed fixes instead of lobbying and other work done to fix the ID situation in the US. It's really unfathomable to me how big of a problem identity theft and unauthorized access to digital systems for a regular citizen is. Especially compared to what for example Estonia has built, where I really do not have to worry about that issue - I have to have my ID card (or my mobile-ID) or I don't have access. Basically mandatory 2FA everywhere important, since about 2002, in my humble opinion it should be about time the US properly fixed the issue.
There's a very vocal minority that views any attempt by the government to make any ID proof that the New World Order exists. There's also a pretty decent sized part of the Evangelical movement that sees those IDs as potentially the literal "mark of the beast" from revelations.
Additionally a part of the Republican strategy is to disenfranchise via selectively reducing access to valid existing IDs while cranking up voting requirements of those IDs.
This combo basically means that both Republicans as a whole and the Blue Dogs see it as politically nonviable, which is more than a majority at the federal level.
> Additionally a part of the Republican strategy is to disenfranchise via selectively reducing access to valid existing IDs while cranking up voting requirements of those IDs.
Can't the goverment provide the IDs to those who are less well off for free-of-charge?
Actual recorded voter fraud of the kind that would be prevented by voter ID laws is a fraction of a fraction of a fraction of a percent [1], while we have direct quotes from Republican legislators and legislative aides about the intent to suppress minority votes with voter ID laws [2].
Ironic. The "Democrats are trying to allow voter fraud" is itself a talking point from your favorite source of disinformation.
And calling the Republicans of the 19th century the party of "Northeast elites" is exceedingly historically inaccurate. The Democrats were as well, and the only reason why Lincoln won originally was that there was a party split in the Democratic party that year. The Democrats nominated two candidates (one northern and one southern) and split their vote. Not to mention that the initial push for a national ID card was during FDRs presidency, who was probably the strongest centralized government technocrat president we've ever had, _and_ a Democrat. And all of that is ignoring the southern strategy, and who's fighting which sides of these issues today.
At least in the conservative community where I grew up, the religious "mark-of-the-beast/new world order" narrative was the main anti-national ID narrative. I'd never heard the illegal immigrant angle before.
I think there probably are people that want to enfranchise mere residents.
It doesn't seem to be catastrophic for New Zealand, for instance.
There's a strong argument to be made that people participating in the economy and other parts of civic life deserve to have a voice in politics. It's convenient and popular to exclude them, that doesn't make it just.
(I phrase my first paragraph the way I do because I haven't thought about it much and don't have a real clear opinion 'bout it)
I'm sure there are some, perhaps I was too colloquial when I said nobody, but there is no widespread movement to give non-citizens the ability to vote in US elections. My main point is that opposition to voter ID wouldn't have much to do with that because that's not how voter registration works in the US. The post I had responded to was a mischaracterization of the reasons people are opposed to voter IDs.
On the topic of residents voting, a city near me had a policy+budget allocation vote that allowed anyone who lived there and was over 13. My opinion on that is that I think that's pretty neat at a city level, but I don't think it makes sense to allow non citizens to vote in a federal election.
Your talking about "identity theft" as if it's an unquestionable concept demonstrates precisely why there is opposition to strengthening the technicals of identification. Every bit that makes identification stronger is yet another excuse for businesses to assert that it is infallible. Even currently, rather than banks simply admitting they were defrauded and thanking/compensating the innocent bystanders for helping them set things right, they keep pushing this "identity theft" narrative to make it seem like the unlucky victims of bank's incompetence have some sort of intrinsic involvement!
It's understandable how it got this way, as from inside the system's paradigm it does look like an "identity was stolen". But the map is not the territory - despite businesses wishing that it were because they can only operate in terms of the map. We are not subjects of the government nor of corporations - free people must resist being cataloged and controlled by database rows that seek to override our actual existence.
Furthermore in regards to the US, it's basically a foregone conclusion that any government-mandated ID system will not include effective restrictions that keep corporations from hooking on to build invasive tracking. Let's hold them to reigning in the ongoing widespread abuse of license plates, driver's license numbers, etc before we go advocating for even more identifying requirements on individuals in this age of surveillance.
> they keep pushing this "identity theft" narrative to make it seem like the unlucky victims of bank's incompetence have some sort of intrinsic involvement!
But how is it that it's not really a problem in Estonia, where we have strongly e-identity attached to a citizen. Or are you saying our banks, institutions, telecom and other companies are somehow more competent?
You also have SSNs which is a government-mandated ID system that keeps you as rows in a database. Stop the holier-than-thou please.
> But how is it that it's not really a problem in Estonia, where we have strongly e-identity attached to a citizen
I have no idea how your dispute process looks in Estonia. What happens if you lose your national ID card, don't realize it for a week, and someone has used it to do a bunch of things in your name? The sensible answer is that anything unauthorized should be rolled back or otherwise not attributed to you. This need is obvious when an "ID" is a plain 10 digit number. But when the average person can't imagine an ID being cloned because it's stored on a "smartcard", then it's a lot easier to sell responsibility as being on the person that lost their card.
> You also have SSNs which is a government-mandated ID system that keeps you as rows in a database. Stop the holier-than-thou please.
I only left off SSN next to license plate and driver's license number for brevity's sake. I was directly referencing ongoing problems here, so I certainly wasn't trying to be "holier-than-thou" in some kind of nationalist cheerleading. My point is that the existing ID systems that exist are being straight up abused (license plates -> ANPR, driver's license -> Retail Equation, SSN -> LexisNexis, for some of the most blatant abuses). The USian political philosophy discourages any sensible regulations that would reign this in, and that needs to be fixed before providing even more raw data for surveillance companies to build on.
In Estonia, how would you deal with a supermarket deciding to make it so that customers wanting a sale discount card have to link their national ID?
> What happens if you lose your national ID card, don't realize it for a week, and someone has used it to do a bunch of things in your name?
If you were stupid enough to attach the PIN codes to the card then you're liable for anything done with it by law. Dispute process is trough the court system.
> so I certainly wasn't trying to be "holier-than-thou" in some kind of nationalist cheerleading.
Then I take back my passive aggressiveness.
> The USian political philosophy discourages any sensible regulations that would reign this in
Right now maybe, but who knows what'll happen in ten years.
> In Estonia, how would you deal with a supermarket deciding to make it so that customers wanting a sale discount card have to link their national ID?
It is already being done - national ID as loyalty program. Though it is not considered an issue because both card payments and loyalty programs already have all the same information - except the unique personal identification number which isn't considered a secret (composed of public data). There's also the national and EU privacy laws that give one the right to be forgotten.
> If you were stupid enough to attach the PIN codes to the card then you're liable for anything done with it by law. Dispute process is trough the court system.
Regardless of the stupidity, that's still a pretty poor outcome. I assume the same applies if you were shoulder surfed, or you're an early victim of a newly discovered security bug? Or if you're kidnapped and forced to perform a transaction? It's kind of ridiculous to be made to have an item that creates essentially unbounded liability for you. This is exactly what I mean about "identity theft" morphing to be considered a real thing. This is commercially expedient, but utterly unjustifiable to those caught on the other side of it.
> It is already being done - national ID as loyalty program. Though it is not considered an issue because both card payments and loyalty programs already have all the same information
So you're saying there's no technical aspect that prevents stores from obtaining your identity? That's an outright failure. I've personally moved back to strictly paying cash for groceries [0], so this would certainly not be a welcome development for me.
> There's also the national and EU privacy laws that give one the right to be forgotten.
This is kind of the crux in that you're essentially trusting national laws to police the companies' use of the identifiers, and reign in their worst abuses. This is basically a non-starter in the US - industries basically buy the laws they want, and do whatever they like behind closed doors.
And sure, maybe we'll get to a future where GDPR-style anti-surveillance rights come to the US, are found to be workable, are enforced, actually enter into our culture, and further augmented with laws making it illegal to collect national identifiers in the first place (for anything but a narrow list of purposes) - only then would it make sense to discuss strengthening identifiers. Until then, it carries heavy downsides to the individual person.
[0] For the sale prices, ask the cashier to swipe the store card, enter a random phone number, or periodically sign up for new discount nyms with junk information. Which is all only possible because stores don't clamp down too hard, because requesting eg SSN would scare people away.
> Regardless of the stupidity, that's still a pretty poor outcome. I assume the same applies if you were shoulder surfed, or you're an early victim of a newly discovered security bug? Or if you're kidnapped and forced to perform a transaction?
All of those are possibly overturned if you can prove it wasn't really you or you were kidnapped. Things like signing away your company or emptying your bank account has the usual countermeasures. The physical aspect of your online identity does mean that you can take clear and simple precautions of it leaving your possession, someone just shoulder-surfing can't do much. It can't just be your SSN (our ID code) leaving your knowledge, it has to be someone near to you in which case no other system protects you either. So it really isn't a downgrade at least in my opinion.
> So you're saying there's no technical aspect that prevents stores from obtaining your identity? That's an outright failure. I've personally moved back to strictly paying cash for groceries [0], so this would certainly not be a welcome development for me.
If you choose to, yes, there's nothing that stops them. If you don't then they can't remotely collect that information. Unlike the CIA or NSA has, there isn't a private-company accessible facial recognition API :P
There are a ton of individuals and big companies in tech working through standardization bodies to create an identity layer for the internet, that no single organization is in control over. Google is not among them.
There's no way to do one-to-one identity verification and authentication without centralized coordination and control. Just as an example, even if we really wanted to there'd be now way to let only one CA issue a certificate for a domain if any of the CAs is rogue.
What is an important distinction, since there exist situations when even hard to follow procedures are better than a centralized option. Those are just not your daily "how do I know if I can show you my credit card" situations.
You do get in front of the other person and exchange public keys. Or you ask for help from a set of trusted middle-man. Those are perfectly fine ways to run a PKI, they are just not fit for the "entire web" PKI.
Those methods really don't scale by the fact that we haven't had a single system like that catch any popularity. It's usually just too cumbersome and not more trustworthy.
Its easier to gripe about "evil $otherparty" and vent righteous anger at the corporate written and backed ideas that get submitted, than it would be to draft legislation implementing a sensible and sound open public ID system and get some Congresscritter to actually get it to the floor.
There might have been some efforts that I'm unaware of but that I haven't heard of them suggests they didn't get far. It doesn't help that there's not yet an elegant, eloquently defined notion of what such a system should be that an advocate could point to and say "see? this will solve all your problems". We got hucksters yelling blockchain but that's a different thing.
Trying to claim bothsides here is casually glossing over the very real history of the Republican party hijacking ID laws to suppress the rights of the poor and minorities.
I wonder about the due process implications for this at, say, a traffic stop. If you hand a police officer your phone to show them your driver's license, is that implicit consent to search your phone? Will the ID-showing mode be special in that it will allow the holder to see the ID, but the rest of the phone will remain locked?
I like that they're looking for ways to make it so you still have access to ID documents even when the battery is drained to the point that the phone cannot boot, but overall I'd still want to carry a physical card as a backup. And if I'm doing that, I'm just going to use the physical card in most situations where I need it.
They mentioned there are ways to access the ID in different ways if needed, i.e. you could allow NFC'ing the ID even if the phone battery is dead, so they will probably have a way to access the ID without unlocking your phone entirely.
Kind of like how you double-tap the power button to turn on the phone camera, but you can't access the phone's photos without unlocking.
Completely off-topic: If you scroll down past the linked article and onto the next article, the URL automatically changes (from /google-is-bringing-electronic-ids-to-android to /cisco-open-sources-mindmeld-conversational-ai-platform).
I've never seen this type of behavior from a web page before.
Several sites do that now, it's annoying and you sometimes cannot even get back to the previous article. I like to read the text on my screen near the top of my browser, so I scroll constantly as I read, and for these sites I continually scroll off the end of the article into the next one before I have finished the last vertical page of text due to the way I read. I'm not changing the way I read content due to these shitty sites, so I guess I will never finish one of their articles.
Interesting. I'm wondering what the benefit of infinite scrolling would be for the site owner. Wouldn't an article site like this want the user to click as many links within the site as possible to re-generate ads?
I don't think ALL of the ads are generated when you load the original page. The ads corresponding to the second article are loaded when the second article loads.
in Chrome. Just tried Firefox and didn't see the same.
It's a little strange, a new paradigm-shift for the reader. If I bookmark the URL further down thinking I'm bookmarking the whole scrolled view, it reloads the bookmark to a different view - only the article I was currently scrolled to.
> Google would likely launch this functionality with Pixel devices first and then convince other Android makers to play ball. We’re easily a few years away from people using their Android devices as IDs.
Any Android announcement that seems useful or valuable is always several years away for most of the Android devices in use.
I read another article about “Project Mainline”, which is about getting security fixes quicker to devices directly from Google. That one also had a similar statement.
If Google spent a little less effort on tracking and advertising, and more on making the platform secure and consistent across more devices, that’d be good for everybody (since low priced phones are mostly Android, and are used by people who cannot or do not want to spend a lot of money).
This [1] is an old talk by Christopher Soghoian that still rings true today (with added privacy goofs by Google revealed in the meantime).
I get that Google is very powerful and it lives off of our data and I get how this may be construed as an attack on our privacy but the amount of misinformation and conspiracy theories I am seeing on this thread is appalling. First, Google is just implementing an electronic ID standard that will work as a replacement for traditional paper ID cards. They are also working on a mechanism to display the ID card even when the phone doesn't have enough power to boot.
I don't get the concerns about it being mandatory because you can't expect everyone to have the same set of IDs and besides it's just a convenience feature like storing our membership cards or our emergency contact information in a wallet.
There is justifiable concern over the privacy aspect as we don't know if the IDs are stored locally on the device or if it's synced to the cloud. It will be troubling if it's the latter but criticising Google about this even before the feature has been finalized and released seems perplexing to me.
This sounds great at first. But I am really concerned about its impact on subscription services and blocking. If economics of it plays right, the apps would now have access to a confirmed unique ID for a device that would allow them to lock support of the service to not only just the number of devices(which is fine) but also the device itself.
I am aware that apps can currently use multiple sources to get unique IDs like MAC and others. But they can be spoofed, this if it works would be secured from those concerns.
Maybe(most probably) I am completely wrong in this line of thought. But would love to hear the thoughts of HN folks on this.
> the apps would now have access to a confirmed unique ID for a device that would allow them to lock support of the service to not only just the number of devices(which is fine) but also the device itself.
I'm not sure I understand the concern. Could you give an example?
With features like these, I imagine secure Android devices with prompt software patches will become even more important in the future (whether or not the people using them realize).
would be interesting to see what the counterfit measures are. could a kid with photoshop buy beer with their phone? or would there have to be some kind of corresponding tech on the POS to verify the ID? that sounds peachy.
Most likely, it will be added as a per-app permission like everything else. Like location and contact information, there will be apps that use dark patterns which ask for this by default and just bank on enough people being lazy enough to just click through when they install FlappyBirdsGo2020.
Google will shrug its shoulders and blame its users for not being responsible and for 'bad actors' who were in no way enabled by the Goog's primary objective of maximizing its stock price.
Cool. How long until they shut it down with one-month notice? If it was Apple I'd feel reasonably confident that it would be around for at least a couple of years, but even in the ID/payment space alone Google has kept rotating through different "wallet" solutions multiple times.
I think that in general embedding legally-empowered digital IDs (in the form of certificates, not pictures of physical ID cards, mind you) in mobile phones is a good idea, but it ceases to be a good idea when your phone and your OS are made by an advertising company with clear incentives to gather data about you, and a solid history of doing so.