I'm really wary of these initiatives, because perfect law enforcement is how society ossifies. Imagine if we could prosecute all homosexual tendencies when they happened, or all interracial relationships, or any other antiquated law. Society would never progress.
What happens if the government can now perfectly enforce that people under 18 can't do X or Y?
While I totally get what you are saying, and feel the same way, I often remind myself that folks who take extreme views _also_ say they see the benefits but think the drawbacks are worse. Not the paragons of such views, naturally, but the majority of folks who follow them. Take single issue voters, for a mild but clear example.
This is extremely common. I think Alan Perlis captured this sentiment in his Epigrams in Programming when he said "lisp programmers see the value of everything and the cost of nothing."
Governments aren’t just rolling out Digital IDs. They’re rolling out the platform to enable them to require that you authenticate with a range of apps and websites, ostensibly to keep children safe, with the real purpose being to link your unique identifier to all your online activity. They can then easily build an overall picture of who you are from that ID. Potentially, all this data can be fed into a pre-crime AI.
> Governments aren’t just rolling out Digital IDs. They’re rolling out the platform to enable them to require that you authenticate with a range of apps and websites, ostensibly to keep children safe, with the real purpose being to link your unique identifier to all your online activity.
This is just straight up not true for the EUDI which is probably the most serious and advanced approach to digital ID. The wallets are decentralized and the government does not see the individual authentication transaction in any way.
Part of a Digital ID is an identity provider that implements protocols such as OAuth 2 and OIDC. Once this is in place, the government that owns the Digital ID system can mandate that platforms such as social networks, search engines, email providers, etc. link the users in its jurisdiction to its Digital ID via OAuth/OIDC. As this isn't as onerous as reviewing identity documents, governments can make this a requirement for a large range of platforms, even quite small ones.
Yes, I realise governments already have some powers to view private data, but they have to do a lot of legwork to link data to specific people. They'll always get false positives, false negatives, duplicates, etc. And they'll miss a number of platforms that have data on the person of interest. Digital ID combined with a mandatory identity platform and data retention requirements will make law enforcement far more efficient and give governments unprecedented power over what we see, hear and say online. The government will have a complete list of all the platforms on which you authenticated with their Digital ID.
We're already sleepwalking into this. In Australia, we have the under-16 social media ban taking effect next month. We're also in the process of rolling out our Digital ID, which has an OAuth/OIDC-based identity system. Numerous government departments have already integrated with it. It opens up to private sector integrations in December 2026, just in time for all involved in the under-16 social media ban to realise it's not working effectively and for Digital ID to save the day. The law states that Digital ID is a voluntary means of identification and other methods should always be offered, but the UX of OAuth 2 vs. uploading photos of your ID documents and a selfie, and waiting for it to be reviewed, will make Digital ID the de facto standard for Australians proving their age and, in the process, permanently linking their Digital ID Identifier to all their social media accounts. That includes "anonymous" ones like Reddit. And integrators can apply for an exemption to Digital ID being voluntary on their platform, making the case that the per-user cost of complying with the law without Digital ID is prohibitively expensive.
Once Australia rolls this out to social networks, it will keep expanding until virtually everything is captured.
> Once this is in place, the government that owns the Digital ID system can mandate that platforms such as social networks, search engines, email providers, etc. link the users in its jurisdiction to its Digital ID via OAuth/OIDC
Governments can do that today already. Digital IDs don't contribute anything to this. They just make our lives easier, not governments'.
> but they have to do a lot of legwork to link data to specific people. They'll always get false positives, false negatives, duplicates, etc.
Those false positives/negatives, duplicates affect real people too. That's just a case for digital IDs, not against.
> and, in the process, permanently linking their Digital ID Identifier to all their social media accounts
How do you reach to that conclusion? How are they permanently linked? It's perfectly possible to verify your age digitally without permanently linking your ID with your social accounts.
> Once Australia rolls this out to social networks, it will keep expanding until virtually everything is captured.
Again, that can be done without digital IDs. You're holding the wrong front here. Privacy invading laws should be fought, but the public shouldn't be kept away from the convenience and privacy gains of digital IDs. It makes no sense.
To set this up, you have to scan the chip on your passport. Its essentially the same data on both chips, one is just in my phone's enclave and the other is in an embedded NFC chip.
And, specifically, frictionless perfect enforcement. Kind of like CCTV you can pull on request after a crime, vs proactive permanent ubiquitous surveillance (looking at you, Flock Safety).
It feels healthier for the enforcement apparatus to have a budget, in terms of material personnel or time, that requires some degree of priority-setting. That priority-setting is by its nature a politically responsive process. And it’s compatible with the kind of situation that allows Really Quite Good enforcement, but not of absolutely everything absolutely all the time.
Otherwise ossification feels like exactly the word, as you said, stavros: if it costs nothing for the system to enforce stuff that was important in the hazy past but is no longer relevant, nobody wants to be the one blamed for formally easing restrictions just in case something new bad happens; 20 years later you’re still taking off your shoes at the airport. (I know, I know, they finally quit that. Still took decades. And the part that was cost-free—imaging your genitalia—continues unabated.)
Since most of that "digital ID" manifestations are just pixels on a screen, these are not a problem to fake pixel-perfect.
I did some limited travel during the COVID era, including areas that did not want to recognise my country's digital vaccination certificate. I presented them with a pixel-perfect picture of their own country's digital vaccination certificate. It's easy to copy from a screen of a friend, and it's not complicated to create your own Apple Wallet pass that looks like the one you want.
I was showing a real QR code -- that was issued to a person who wasn't me. As soon as that produced a big green checkmark on anyone's QR scanner, I was in.
If they need to match with the info on paper it's not clear what the case for "digital id" is? If one needs to present "digital id + paper id" one can simply present the paper id as they do today.
That's kinda theoretic discussion by now. As the whole COVID thing is behind us, we can probably look at all the money that were spent in the world to create vaccination certificates, sign them, create the distribution network, distribute the certificates, build the verifying scanners, purchase them en-masse and pay the thousands of people who were standing at the entrance of numerous shopping malls and using these scanners to check the QR codes, only to create a system that is trivially bypassed by using a jpeg file.
My argument is that “digital ids can’t be faked” is a bad argument, and if you rely on it to prove a point then it might be a weak proof.
(Digital IDs indeed can’t be faked but usually they are a part of a process that can be easily bypassed by using something that presents itself as a valid Digital ID even if it’s not.)
I don't think they will, as this will leave a significant amount of population without ids. The fallback will always be there.
Credit cards are a great example: they can't be faked, however while the cryptographers are sitting on their high hill and patting themselves on the back for doing great job, the credit card fraud rings billions of dollars every month. It doesn't happen because of fake cards -- it happens by exploiting the flaws in the whole process that a (non-fakeable) card is a part of.
I know a guy who went to jail for that. He was in the news and everything. Banned from this country for life. Warned him that what he was doing was a stupid idea, he was even doing it for others who also got arrested...
I don't know what "that" was, and again, I had both the vaccination and the digital certificate to prove it; the system in place would not accept the real documents, so I fed it with other documents that it did accept.
The people who check your QR code with scanners on the entrance to a shopping mall (and refuse to let you in unless the scanner shows a green mark) are not the police nor the prosecution, and I have a good case to present to a judge in any case.
"The guy who went to jail" could be unvaccinated (or even infected) and presenting other people's certificates to enter an area for vaccinated people only (e.g. hospitals) where he might have endangered other people's lives; that's something that might be deserving jail time. I was vaccinated however, and by all means had the right to enter that shopping mall; I just wasn't able to prove it to the imperfect system that was there to check.
Isn't this just seeing a slippery slope and deciding to build a terrace[1], in that the existence of a digital ID doesn't automatically lead to mandate to carry one—any more than the existence of a physical ID card does?
A physical ID can, depending on the validation process.
Digital ID doesn't have to report your location either, depending on the implementation. It's not like it's a given a digital ID system has to give your location.
An SSH key is a digital ID. Does it report your location when you use it? A GPG key can be a digital ID. Does it report your location when you sign something?
At best a digital ID has an additional attack surface and is just more accessible.
You normally aren't carrying your passport with you, right? So even if lower security, the chance of that information being swiped is generally lower.
Phones are pretty high profile targets, this makes them more so.
I do like the idea and the convenience, but I'm definitely wary of these things too. Especially in the modern tech world where security is often being treated as a second thought as it is less impactful for sales. I'm pretty sure it is always cheaper to implement the security, but right now we're not great at playing long games and we like to gamble. Humans have always been pretty bad at opportunity costs. We see the dollars spent now and that seems to have far more value than what you save later.
On the other hand, currently US citizens are not legally required to walk around with their IDs on them. That's not true for non-citizens btw. You should have to just give the officer your name, but they can detain you while they "verify your identity." With an ID becoming frictionless and more commonly held on person, will this law change? Can we trust that it'll stay the same given our current environment of more frequent ID requests (I'm trying to stay a bit apolitical. Let's not completely open up that issue here?). I'd say at best it is "of concern." But we do live in a world run by surveillance capitalism.
There's a really good example I like of opportunity cost that shows the perverse nature of how we treat them. Look at the Y2K bug. Here on HN most of us know this was a real thing that would have cost tons of money had we not fixed it. But we did. The success was bittersweet though, as the lack of repercussions (the whole point of fixing the problem!) resulted in people believing the issue was overblown. Most people laugh at Y2K as if it was a failed doomsday prediction rather than a success story of how we avoided a "doomsday" (to be overly dramatic) situation. So we create a situation where you're damned if you do and damned if you don't. If you do fix a problem, people treat you as if you were exaggerating the problem. If you don't fix the problem you get lambasted for not having foreseen the issue, but you do tend to be forgiven for fixing it.
Just remember, CloudStrike's stock is doing great[0] ($546). Had you bought the dip ($218) you'd have made a 150% ROI. They didn't even drop to where they were a year previously, so had you bought in July of 2023 ($144) and sold in the dip you'd have still made a 50% profit in that year... (and 280% if you sold today).
Convince me we're good at playing the long game... Convince me we're not acting incredibly myopic... Convince me CloudStrike learned their lesson and the same issue won't happen again...
You're ignoring the benefits though - it will help adapt more services to work online and reduce bureaucracy.
Look at Germany where they outright refuse to acknowledge emails as a legal notification / correspondence so everything still gets sent as letters and fax. It's extremely slow and cumbersome.
Also it will help for security as the central service can authenticate you, instead of every little hotel and bank branch, etc. keeping a copy of your passport.
It also normalizes in the public eye the notion that conventional ID's deserve suspicion, and pushes the Overton window, in the US context, further in the direction of accepting that LEO's can and should be jailing people solely on their personal suspicions about ID authenticity.
A person without an iPhone (or not utilizing it fully) does not deserve suspicion. It's not a crime to opt out of the mainstream iPhone sociology. It is not right to treat a person who is e.g. elderly, or for some other reason has "fallen" behind the digital divide, as an inferior person with fewer rights and privileges.
It's reliably in tech peoples' blind spot, when thinking about how to make things "efficient" for the common case, one that reflects their own experience, to not think or care about the less-common cases that don't affect them. See: digital-only payments[0]. But being banned from shopping in a few hipster stores is a small thing compared to being wrongly jailed!
> It is not right to treat a person who is e.g. elderly, or for some other reason has "fallen" behind the digital divide, as an inferior person with fewer rights and privileges.
While it may not be moral, our entire world and society are set up to treat folks with more resources as superior people with more rights and privileges. Poorer folks fall behind the digital curve just as readily as they fall behind the professional, educational, etc. ones. Who you are born as and where that takes place is still one of the driving factors of your rights and privileges. It's certainly noble to fight that (just to be clear that I'm not arguing for digital IDs as somehow valid because the rest of the system is already unjust).
> While it may not be moral, our entire world and society are set up to treat folks with more resources as superior people with more rights and privileges.
I don't know about that. Ability to buy more != superiority and rights and privileges.
I know a bunch of people who disdain the ultra rich and see them as the opposite of superior if anything. And rights are the same for everyone...
While morality is a different discussion for sure, I was only referring to how society as an organism views people. The wealthy undeniably have more rights and privilege than the poor.
An example from me wouldn’t disprove your claim that there are places with equal rights across the board. E.g. in the US it’s clear that the wealthy have rights granted via political donations. That doesn’t prove or disprove your claim. I hesitate to even mention such examples for fear of a response being more focused in it than the claim you made.
I am ok if you say "people with more money live better lives" but if you say "people with more money have more rights" is a bomb statement because "rights" means something specific and legally important.
I live in one of the countries where id is mandatory to have and to carry.
Not counting times when id was exchanged for another id, I believe I was asked to show the physical card maybe twice (in six years), one of those was for voting, the was in healthcare. Guess how white I am, lol.
Digital thingy zo, that needs button pressing every time I log into whatever government or goverment-related things.
While that problem certainly exists we also have countless crooks and con men getting away with it. The criminals are also using technology, all of it.
On one side you have people with multiple video feeds, trackers, wife-jammers, password/data leaks, backdoors, work/private schedules, purchase history, etc, etc for you, your family, friends, coworkers etc etc
On the other side you have law enforcement not knowing which person walked- or which car drove where, not for any location, not knowing which phones were at the crime scene. No access to any relevant camera (if they even exist) no access to chat logs, email, photos people made.
I'm not-at-all arguing they should have access to any of that but we shouldn't be ignorant of the balance between the two.
It seems to me a major pain in the ass if you cant bring your phone when stealing a car, doing a robbery, driving off without paying for gas or harassing people for not living up to your antiquated expectations.
What happens if the government can now perfectly enforce that people under 18 can't do X or Y?