Arguments like this are the strongest for forced regulation and split up IMHO.
I can't think of an actual complaint against embedding US companies into what is in practice an important part of NSWs local governance; we might already do that credit and finance to some degree. But it just looks like another little step at creating a delicate system with single points of failure and unreasonably influential power-brokers.
It comes down to alignment of incentives. Google (for the sake of argument) has got into so many facets of peoples' lives that it's hard to tell what's what. If you're percieved to have contravened one of the TOCs, or your credit card fails or something, you could have your account suspended with no recourse. And Google have shown time and again that they have zero interest in universal due process, fairness or customer service. That's fine - it's their business model and their call to make.
But it is fundamentally out of step with the provision of essential services which should be afforded to all.
And then add to that the fact that when it goes wrong it disproportionally affects those more vulnerable. It starts to look a lot like disenfranchisement of minorities. What if you suddenly have no phone or email, and that's your only way of communicating with your support network? What if Google decides to pull the plug on your phone and you don't have money to buy a new one?
On the flip side, the government has a monopoly on welfare, violence, justice, etc. That's a good thing, and it's negotiated by democracy. However, using that monoploy to coerce people into using commercial duopolies is fundamentally anti-democratic.
Literally paragraph 3 of the article.
Anyone who thinks you don't need a driver's licence or equivalent proof of age card is 100% having themselves on, there is no meaningful opt out.
"It’s optional and doesn’t replace the plastic card"
My point is the government can and will make your life a pain.
The fix would be to allow the verifier to independently retrieve the license details after scanning the barcode, instead of just seeing a valid/invalid message.
Could a police officer just ask "I need to look up your license in the database. What is your name, date of birth and passcode so I can find your face in the database and confirm you gave me the correct passcode?"
One potential issue with having this on your phone is that you are unlocking your phone and handing it to the police which could be a problem for some people. Though people can still carry a card.
FWIW Android has a (somewhat hidden) "pin app" function that prevents users from switching to a different app without entering the lock code.
That being said... while testing it I was able to escape to the Messages app by clicking a share btn in an app, or long pressing a link in a webkit ui object to share the link.
From the Messages i was able to get to contacts and see contact info. If you create a 'new message' with an existing contact it will actually load all the previous messages for that contact. I assume it would also load group messages for a group as this behavior is present in normal messages mode.
At first i didn't think images where loading, but if I scrolled up till it had to load in older messages it shows images
Same for other apps that register in the share functionality. I was also able to go to the 'more' and enable other apps like Slack and One Note and was able to gather a lot of details from the dialogs they provide.
Messages seams to have the most 'out of bounds' gonna play with this some more.
I wanna also say I have a kinda older iPhone, running 12.1.4 in case some of this has been improved.
NSW resident. If I was driving I'd carry my physical license which I'd hand to police. If I was heading out by foot to a pub, bar, bottle shop or tobacconist I'd use my phone because that's how I pay for things. I'm not young looking but if I were, at least the phone would save me carrying a wallet.
Opal, NSW's public transport payment system, works directly with contactless payment i.e. credit cards, debit cards, phones (all phones - hi Myki!), smart watches and, unsurprisingly, dedicated Opal cards. Making licenses app-based opens up the option to leave home without anything but your phone.
From the site:
"You don’t need to hand over your device to the licence checker. If a licence checker is struggling to view your digital driver licence, adjust the tilt of your device or turn up your brightness settings. "
It was news to me that you can lock android and iOS to a certain app so that would be a good thing to do if your license is requested.
I guess cops carry chargers now ?
In the UK we have to give our name and address, then turn up to a police station within 7 days with our license.
Although I was a first day adopter of the new NSW digital license, I'm only going to use it as a backup for my physical license. I really don't trust the NSW government, and I've come across enough dodgy cops in this state to know better.
Most cops are fine, but the ones that aren't can destroy you for the rest of your life.
"Despite any other provision of this section, a person who displays or purports to display a digital driver licence is not required to give or hand over, to the person who is requiring the driver licence to be produced or handed over, the mobile phone or other electronic device on which the digital driver licence is displayed or purported to be displayed."
On Google Play it included access to Calendar, Camera, Photos, Location, Storage...
IIRC a former developer explained (on reddit?) they explored other functionality like bluetooth LE verification rather than QR code
The last Android version had a weak guest mode; the current one does not seem to.
Not quite a guest account, but you can use the Accessibility shortcut (from the Control Center or triple-clicking the sleep button) to quickly prevent app switching before handing a device to someone.
You can even use it to disable interaction with parts of the screen by drawing regions, or disable the hardware buttons, and set an autosleep timer.
What operating systems really need though, is a "fake OS" mode. It should display an alternative launchpad with some random apps with random photos, notes, messages etc. When someone tries to do something it should stall with poor network connectivity dialogs or other fake issues.
Maybe someone can make an app like that? :)
(On an iPhone, anyway. I haven't tried To set this up on my Android.)
I mean you should argue, but I'd also consider if I want to miss my flight because of additional screening.
I might be less ecstatic if I had a car and got pulled over and asked to show my ID. I wouldn't be comfortable handing my unlocked phone over to the state. I trust the internal walls of the mobile walled gardens more than I trust a cop.
The main concern is they don't want a bunch of unaccounted for passports lying around. It dramatically increases the risk of fraud.
It's cool to see my hometown progressing on at least one front.
If I need a key pair, I'd prefer to generate it myself. Otherwise, the private key isn't really private.
"We made this thing you only need while driving, especially when stationary and stopped by the police, but it's illegal to do so unless specifically requested."
I wonder how this will be applied in reality. Will individuals stopped have to wait for the police to ask before readying their documentation without being cited in addition to whatever they were stopped for?
Drivers licences in Australia are the de-facto ID. Including proof of age to purchase cigarettes/alcohol, many bars scan IDs as you enter in case you cause damage or start a fight. To proving identity for a variety of things including (but not limited to) new phone plans, bank accounts, etc.
Most Aussies carry their drivers licence with them everywhere.
Regarding the stationary part. Though it varies state by state, my state (Victoria) considers it an offence to use your phone while stationary. If the vehicle is legally parked and engine off you're fine. This is to cover those using their phone while stuck in traffic.
That's Victoria, similar laws in NSW. Technically though, using NFC to buy Mcdonalds in the drive through is illegal.
> (1) The driver of a vehicle must not use a mobile phone while the vehicle is moving, or is stationary but not parked [...]
Same as in the USA.
I can already leave all of my cards at home when I go to work, save that license, because the gas station that cards me when they sell me tobacco also takes NFC payments. Digitize that license, and I can just carry my phone even when I drive to work.
At least it was the last time I looked at the ACLU web site.
Not that it would be a massive change in my behavior. With NFC payments and wearable communications devices, a lot of times I leave the house with nothing but an Apple Watch on my wrist (and at a minimum, running shorts; you're welcome). Dog walk? What am I going to buy in our suburban neighborhood? Go for a run? Same difference, though if I run by a 7-11 I can buy a Gatorade with my watch. I ass-u-me the EMTs know how to get my medical ID on an Apple device. Soooo, I kinda don't need a wallet a lot of times. Is it legal in the state of WA? I have no reason to believe that it isn't, but OTOH I don't really care. You want to know who I am? We have a legal process for that, at which time I will have my ID fetched.
> If you’re stationary in your car in a parking lot, and you turn the engine on to use the heater are you “attempt[ing] to put the motor vehicle in motion”?
Their answer was yes, for this you can risk prosecution if you do this while intoxicated.
The second example asks:
> If you pull into a parking spot, and park your car, but do not turn off the engine, are you “parked”?
Their answer was no you’re not parked and are risking prosecution if you use a phone under these circumstances.
I don’t think there’s any legal nuance to those answers. I think most people would come to the exact opposite conclusions on those two examples, and the advice in that article simply states that the police may attempt to interpret the law in whatever way allows them to prosecute you. I don’t know if there’s any solid case law to answer those ambiguities, but if there is it’s not referenced in that source. I know from experience that in many situations like this case law tends not to help in any case, and the outcome will be decided by how well you can explain yourself to a judge, which kinda just emboldens the police to pursue even the most ridiculous cases.
That's what they've been telling people, yes. Honestly, it seems rather over the top legalism.
I understand the point about the danger of using mobile devices while driving a moving vehicle. But, what exactly is the danger of using one when you are stationary, especially if you have been pulled over by a police officer? It is a law without a rational justification, and laws lacking rational justification are harmful.
This is the core of the issue, in my opinion.
Eventually these services can be integrated, or they might already be trialing integration silently.
> The Document Verification Service checks whether the personal information on an identity document matches the original
record. Importantly this includes verification of the date of birth on Australian passports, driver licences and birth certificates.
> The Face Verification Service complements the Document Verification Service by preventing the use of stolen as well as fake identity information.
 [PDF] https://www.aph.gov.au/DocumentStore.ashx?id=903112ab-f5e9-4...
For many years it has been possible in many countries for a police officer to enter a vehicle's number plate and get details of the registered owner, including a photo, on the screen of their own device, one which they trust. If I'm driving a friend's car I could tell the police officer my name, the number plate of a vehicle that I am linked to or some other identifier and the officer could then look me up. Why should a driver need anything beyond a good enough memory to recite some kind of identifier?
Someone who can't remember their own name arguably shouldn't be driving.
I'm looking forward to the day when we won't need passports either. (I'm sure my great-grandchildren will find it much more convenient.)
Perhaps the point of this is that it lets you give someone else, not a police officer, temporary read-access to a subset of the data on the server. Is that it perhaps? That could be useful. For example, to a club bouncer I might choose to reveal my photo and the fact that I'm over 18 without giving away my date of birth and my address, which would be shown on my physical driving licence.
Potentially some interesting technical questions about how to stop people from using someone else's licence with the other person's collaboration: an older sibling's licence, for example.
Admittedly this is unlikely a significant factor in the state governments decision making. Yet it’s a benefit all the same.
Consider all the other various cards which also might be digitized. Gov ID doesn't seem like the place to start, seems like maybe the one that should always have a physical form even if everything else has become digital.
Secondly, being able to press a button and get shown my current demerits is extremely useful. Last time I wanted to check this I spent a good two hours on hold on the phone.
My license expires in two weeks and this is the first I found out about it. Undoubtedly due to some bungle in the traditional system.
I can see why people are concerned, and it's not going to be accepted in clubs for a while as the scanners physically won't fit a phone.
(Having deployed those scanners a few years back, I'm frankly more concerned about their privacy situation than this app).
Our rego is all digital in SA and we don't have rego stickers. I have been getting text reminders for years but sometimes you just want to check when things expire without logging into a website and navigating through lots of layers.
I expect NSW is the same but our app also takes boat licences, heavy vehicle licences, occupational licences as well as vehicle reg. I get that it isn't for everyone but it is a convenience.
You can learn more about the Delaware experiment from the same places I did:
It is disappointing this is an online-only system. There is a continuation of a number of privacy violating practices, such as giving your DOB and driver's licence number to bars/clubs/venue security (often run by criminals, esp OLMCs). It should only show 18+ and a photo.
NSW Govt will now know exactly who goes to which venue, in real time. Insane surveillance of the citizenry.
Can't wait to see what data is in the real QR codes. Almost sounds like a TOTP code and a user/device serial number. Malware that rips these TOTP codes will be made and available to criminals in short order.
"The NSW Digital Driver Licence is available offline as long as you are logged into the Service NSW app"
The initial setup is online. All you need to do is make an account (verified via an emailed code), log in, and enter your surname and 2 numbers on the physical license and it will download the information.
You can then go offline and still view it. There's a QR code which doesn't directly contain a URL or anything, so I'm not sure if the police need to be online to validate using it, I didn't look into it much.
It also says the last refresh time and pulling down will refresh the information however this fails when offline (the app doesn't seem to check network availability, it just tries to load forever). So I'm not sure if this is a problem.
It also seems to be really poorly optimised on Android, the UI is basically unresponsive on my phone and slows the whole system down.
Regardless needing to carry the real license as a backup is a problem, since it sounds like they'll make no concessions if you left it at home for a short drive and your phone dies.
Done, in August.  And the QR Code validates.
> Can't wait to see what data is in the real QR codes.
According to the talk, it's a timestamp, and id and what seems like a session-cookie-ish encrypted blob.
Wonder if they can fall victim to validate after decrypt attacks.
> Restricted licences holders including learner, P1 and P2 drivers and riders are not permitted to use their phone at all while driving or riding. This includes use of hands-free and Bluetooth functions.
Am I misunderstanding this? Are they saying that teenagers with a learner's permit are prohibited from using their phones while riding in the passenger seat?
“The NSW Digital Driver Licence is accepted by most pubs and clubs, and NSW Police.”
As a CO resident I haven't really found a use for it yet. There's even a disclaimer to take your physical ID with you wherever you go.
But I do worry about when people get used to using these digital identification and then get pulled over after their phone battery dies or when their phone breaks on vacation or something.
A simple traffic stop with a warning suddenly becomes a day in jail while the police "verify"a person's identity.
I was only after the press got involved that it was over turned.
How to get user acceptance 101
> It’s illegal to access your digital driver licence when driving, including when stationary, unless you’re asked to do so by a police officer. Penalties apply.
So, does that mean that an officer can ask to see the license _while driving_? That's such a weird scenario!
And the part "including when stationary", does that mean that you're allow to check your digital license if you're in your care, alone, parked somewhere, without any police officer around?
An officer can ask for your license if they flag you over and you haven't totally stopped the car (thus you are legally "driving"), as long as you're being safe they just want to check for drunk drivers as quickly as possible. "License, how many drinks have you had tonight, count to 5, have a good night". Unlike America they don't need suspicion, they just flag over everyone they can on a Friday night. On the other hand an officer can fine you if you start playing on Facebook while the car is stopped but you're still legally "driving".
All QR codes or whatever the phone is displaying or transmitting should be signed by a trusted authority. The checking device can verify whether it’s been signed. You can’t generate a valid signature unless you have access to the private key that’s supposed to be signing them.
It would seem the current approach is fundamentally broken.
EDIT: Probably shouldn't single out Android. iOS apps can also be modified and resigned with a developer certificate.
Sounds fun for the <18 kids.
I can think of clubs scannings IDs, but scanners only store identification details for some period of time, until they're deleted, and not compared against a database.  A spoofable/transferable QR code could contain all the information normally scanned on a license plus information unique to each code refresh.
I'd love to hear what the other implications of this could be if I'm missing something.
Also makes it easier to share an older sibling's ID.
So you can very well have an offline system where the documents are signed during enrolment but then stored offline.
Otherwise the altered app can show a different photo to that which was enrolled, etc. The signature is on bytes, not the offline visual representation.