The reverse engineering is certainly interesting, but the article headline seems like a bit of a beat-up since the app has a built in checker where you can scan the QR code shown and validate the details independently (the article does say this, at the end). It seems if you actually want to check a license this is better than having to identify if a physical card is a forgery.
How many people are actually going to properly verify the electronic IDs? We already have seen with the covid vaccination passports that most don't really care.
Yep exactly. I've ordered alcohol to be delivered, and they insist on validating. Imagine the lawsuits if a minor was able to order alcohol. But this is literally the only case I can remember in recent memory. (I don't often even get carded at the actual liquor store!)
Furthermore, when I went to vote recently, it was certainly not "validated". And this was the AEC.
May I ask how you voted? This seems to be an irregularity. When voting in federal elections in Australia you should only be asked for your name, address, and whether you have voted before in the particular election.
There was a bill before the federal Parliament to introduce voter ID, being the Electoral Legislation Amendment (Voter Integrity) Bill 2021 (Cth). This bill will lapse given the change of government and is unlikely to be reintroduced by Labor.
And what you're saying makes total sense, why would they validate if it's not required.
As someone with a non-Anglo name of greater 16 characters in total, my instinct when asked for my name and address in an official context is to just hand over an ID. It saves time and avoids ambiguity.
I suppose it's an invalid assumption in my head that an ID is required. It's just what I've always done.
> Furthermore, when I went to vote recently, it was certainly not "validated". And this was the AEC.
Note I'm German and can only speak for the German election process here, having served in half a dozen election boards. Usually here it is enough if you bring your election notification ("Wahlbenachrichtigung"), so that we can cross-check your name and voter roll number on the notification against our records, and reject you if the name has been already registered for in-presence voting or if there have been issued by-mail voting documents. We usually only demand ID cards if there are inconsistencies (e.g. someone looking like age 20 shows up with a DOB that suggests age 40 or someone presenting as female shows up with a male name), but these cases are extremely rare, and the inter/trans folks with deadname ID cards usually show both their ID card and the unofficial Ergänzungsausweis [1] so that we know there is nothing sketchy going on.
I think they're likely looking to do the minimum to make the uppity bureaucrat at an enforcement agency go bother a softer target. Monetizing the PII is probably just a side benefit that helps offset some of the cost.
I suppose if they'd made it the size of an A4 folded along its major axis it would have been easier to hold, though reading text would have been annoying.
I suppose I've just gotten into the habit of showing my ID. It's not required.
As someone with a non-Anglo name, at security/role/other checks etc where my exact name is required, it saves a lot of time versus spelling my name out vocally.
For early voting they did require ID. I presume for making sure I was in the correct electorate since the venue I went to was doing multiple electorates at the same time.
However previously, when voting on the election day my name has been crossed off a physical list.
The logical thing to do would be to use public-key cryptography to create unforgeable but securely verifiable QR codes.
This would prevent certain people from getting bribes to create fake IDs, so... I'm sure it was rejected in the meeting in a strangely insistent manner.
That, or all the "crypto" buzzwords confused the non-technical managers involved, and they told the programmers to stop talking about Bitcoin.
