Australian digital driving licenses can be defaced in minutes An Australian digital driver's license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure. New South Wales, Australia's most populous state, launched its DDL program in 2019, and as of 2021 officials there …
An authorisation of easily damaged, lost and mostly insecure devices which are difficult to migrate data to and from without using a data snoop service. Whats not to dislike ? Yes ElReg readers will use adb etc to backup but thats not Joe and Joelene User And yes, I use multiple phones for activity reasons. Fifteen year old ZTEs tradies phones were the only ones I could move details off and on freely. with a PC.for backups and contract transfers.
The supplier is clearly in damage limitation mode. Whether the NSW government does the right thing is probably a function of how politically invested its current masters are in this system. If they were the ones who introduced it, then they will stick to it - but if there's been a change in government since then, they might do something more positive.
What does "agile" have to do with it? Do you have any actual knowledge of the company and its practice, or are you simply assuming that any half-baked system is "agile"? If the latter, I've got several Internets to sell you.
When stopped for a traffic violation or ID check - or random, heavily-armed citizenship test for you Americans - does "I'm sorry Constable, my phone battery is dead" get you through or get you jailed?
Same for airports? Alcohol? Cigarettes?
Can I use a screenshot of yours?
But I saw a person run a red light with a police car beside or behind them.
Not sure which because I was about to turn left when the left turn arrow turned green. I was glad that I saw them in time to stop. And I was unhappy at first that two cars went through the red light. Until I saw the second car was a police car with it's light on. ;-)
I have seen it one other time. But then I'm a bit paranoid at left turns now.
Same with the "more secure" claim. An altered or counterfeit physical DL would show up as such the moment the police ran the card, so how does that back up the claim of more secure? If it was more secure, it would be harder to fake or change. This is actually easier as more people have access to the equipment needed to change it and learning how is presumably a couple clicks of the mouse away.
"Importantly, if the tampered license was scanned by police, the real time check used by NSW Police would show the correct personal information,"
So why do we need to carry a licence at all? If the police need to identify you then obviously they can pull up your details given your name and address. Commercial entities can't do that but, right now, nobody can trust the electronic licence without access to the government database.
Which brings to mind another limitation of electronic licences: physical licences are useful for identifying dead and unconscious people.
Nah, the biometrics will still work. Just dip their finger in warm water to heat it up and make it look "alive" and unlock their phone that way. Assuming of course that the appropriate digit is still proximate to the rest of the person and their phone...
Just dip their finger in warm water to heat it up and make it look "alive" and unlock their phone that way.
The problem with using your fingerprint to unlock your phone is that the police can make you do it; if you use a password then they can't. I know that in some countries, refusing to enter a password can be illegal ... but it's still possible.
If I had sensitive information on my phone, I'd have an app that unlocks the phone while at the same time obscuring or deleting information that could be rather embarrassing and another unlock code that doesn't. The same could be done for fingerprints. I'd use something other than my right index finger for normal access and my right index finger (most commonly used) when I want the wipe option. Sure, if caught they might call it tampering with evidence, but they have to have good forensics and might not be that diligent in looking for signs of wipes if they think they're fully in.
I don't have a need to keep anything all that valuable on my phone. My contact list is a even a subset of my full phone list so the loss of my phone doesn't expose numbers other people I know want kept private.
I wonder why they didn't use blockchain.
(see icon and click the link for obligatorxy XKCD)
"The DDL is hosted securely on the new Service NSW app, locks with a PIN and can be accessed offline"
So you can access it offline but verifying it requires online access to some database that police and probably some other government offices have but anyone else probably is denied access for "security".
As a driving license is a certificate stating you're allowed to drive it is hard to believe nobody thought of checking how certificates usually work in the digital world.
Creating a key signing certificate for the NSW authority issuing digital driver licenses and digitally signing the license should be pretty straight forward.
Obviously they can't be bothered with that deep magic as a 4 digit pin protection is already soo much better than traditional plastic cards.
Well.... my drivers license is still the paper kind. Yeah, we'll have to exchange that for a plastic card one soon-ish (I think). The print on the license is hardly recognisable, and the picture, while still sort of clear-ish, depicts a very much younger person than Current Me. Getting a newer license would be spiffy. However, that also puts a temporal limit the validity of some parts... laws have been changed a few years back on what you are allowed with an ordinary car drivers livense.
The plastic card, while not impossible to forge, is an improvement over my current state. A phone app? I f'ing hate having my phone for everything, there are enough occasions when I do not carry it, nor wish to, now that we are allowed to go places again.
The age and thus the wear and tear of the paper alone would make it hard to forge. Like my non-photo paper licence, a forged copy could never look old enough to be believable without the skills of a proper (and expensive) forger :-)
And as you say, the older ones tend to be less temporally limited. Mine is valid until I'm 70. Why would I change it to one I have to have replaced every so many years? On the other hand, I'm almost 60, so a more fungible 10 year renewal process is not really an issue after my next birthday.
I was forced to apply for a new three year plastic licence when my paper licence expired when I turned 70. The old licence allowed me to drive both automatic and manual cars and HGVs up to 7.5 tons, and also acted as a provisional licence for motorcycles. The new one does not differentiate between auto and manual (yay!), but limits me to 3.5 tons MGW, and does not allow me to ride motorcycles unless I have taken the (useless) CBT exam. Apart from the fact that the CBT is taken on private ground, with no traffic, and is therefor no substitute for experience gained over time, why should I be forced to pay £100 for two years' validity for doing something that I have done for free for over 50 years?
Boo-fucking-hoo.
It's always been a travesty that you oldies had categories grandfathered onto your licenses that those of us younger than 40 never had: it was suddenly deemed unsafe for Joe Random with a car license to jump in a 7.5 tonne truck or on a motorbike with no training - yet magically it wasn't unsafe for anyone that passed their car test before 1997.
Bollocks, give me a break.
I'm happy that DVLA are revoking those categories from your license once you turn 70; as your faculties and reactions start to slide there's absolutely no justification that you should have automatic access to vehicles that are more dangerous to yourself and others.
If you want to drive 7.5t trucks, or ride a motorbike, jump through the same hoops the rest of us have had to for the last 25 years, and stop whining like an entitled boomer.
"Young car drivers made up 18 per cent of all car drivers involved in reported road accidents in 2013. However, this is considerably higher than the 5 per cent of miles they account for."
See here
"The Department for Transport (DfT) says there is no evidence older drivers are more likely to cause an accident, and it has no plans to restrict licensing or mandate extra training on the basis of age."
See here
"As can be seen in the above chart, drivers aged 16–19 were 38% more likely to be killed or seriously injured than drivers aged 40–49, and drivers aged 20–29 were 65% more likely to be killed or seriously injured than drivers aged 40–49."
See here
It appears multiple sources of real world statistics show your personal observations to be incorrect.
OK, boomer. Your made-up statistics created to 'prove' what Tory voters think are just _so_ persuasive.
The simple reality is that younger drivers have actually passed a proper test, and older drivers haven't. There's no doubt experience _can_ count for something, but it usually doesn't. What actually contributes to crash rates among the young is not inexperience, but the bit where they're overwhelmingly more likely to carry passengers. Adjusted for that, the rates are very similar, bit higher for older drivers.
"OK, boomer. Your made-up statistics created to 'prove' what Tory voters think are just _so_ persuasive.
I assume from that comment that you didn't go look at the Department for Transport I linked which has figures even as afar back as when Labour were last in power. Likewise, I linked to the Lefty-biased BBC, which should be right up your street.
"The simple reality is that younger drivers have actually passed a proper test, and older drivers haven't.
I'm not sure what you mean by "older drivers" not doing a "proper test". IIRC, my grandads driving test back in about 1933 was little more than putting it in gear and driving a little. In fact, it wasn't even compulsory until 1935, so maybe you're only talking about licenced drivers older than 86 who may have opted to not take a test?
As for the current test, it's not all that different to what I passed back in 1979/80. A few extras added in, some stuff removed (eg 3 pt turns and reversing around a corner). The "theory test" was shorter and carried out by the examiner in the car after the driving part. Oh, I should add that the show me part of the new test regarding using the controls and especially checking fluid levels was something that was assumed back then. The vast majority of people with a car back then would know the basics of maintenance and it wasn't expected they'd need to be "tested" on such basic and simple knowledge.
I'd certainly not argue that the new test is a little more comprehensive, but knowing both what my test involved and how the test has changed a little over the years, I'd certainly never claim from lack of knowledge that one of them is not a "proper" test.
"my drivers license is still the paper kind. Yeah, we'll have to exchange that for a plastic card one soon-ish (I think)"
If you're in the UK, you're way past that - you don't have a valid proof-of-license at all. The paper thing hasn't been valid in years.
If you get stopped by the police and asked to produce your license, you'll get a fine. Don't think there's points for it, though. And they clearly have no intention of enforcing compliance any other way, given how long it's been.
FWIW, it's almost unimaginable that you are actually complying with the regulations regarding needing to update your details/photo at a reasonable interval, although I guess it's theoretically possible your appearance hasn't changed significantly in decades, and you haven't changed addresses in that time either.
@Dave314159ggggdffsdds “The paper thing hasn't been valid in years”
Wrong a paper license is still valid. If your details have not changed you do not have to apply for the photo ID card license.
From https://www.gov.uk/exchange-paper-driving-licence web site.
“You must get a new licence if:
you change your address
your licence has been defaced, lost, stolen or destroyed
you change your name - you must apply by post using paper form D1 or D2, you can get them from most Post Offices
you’re getting a Driver Certificate of Professional Competence (CPC) driver qualification card (DQC)
If none of these apply and your paper licence is still valid, you do not need to exchange it for a photocard version.”
"The paper thing hasn't been valid in years."
Yes, I've met a few young and inexperienced people like you when getting a courtesy or hire car. They get confused by my driving licence and make the same claim you do. They usually get put right by a more experienced manager or a search on the .gov.uk website.
Just remember, growing older is not optional and while some things change, others rename the same. Now got orf ma lawn. Park on the driveway next time. :-)
"Getting a newer license would be spiffy. However, that also puts a temporal limit the validity of some parts"
Er, no. You have lost those entitlements anyway - or will at whatever age it kicks in. You simply have an inaccurate, outdated piece of plastic that does not confer any benefits*.
*Well, you might find you can use it to fraudulently hire vehicles you aren't actually entitled to drive, etc. But no non-criminal uses I can think of.
That has banned the game RimWorld & wouldn't even save its own show Neighbours.
And to the UK government. Not everyone has a fucking smart phone or wants one. Our 70+ friend has no interest in the Internet or smartphone so you'll force a new digital license on him and he'll have no way of accessing it.
Whether we like it or not.
Governments love it because control.
We'll just have to put up with it because sheeple. I'm just wondering if we won't end up with some other thing than a smartphone to prove our identity.
But of course, that's a ridiculous idea. After all, everyone has a smartphone or three, right ?
Given that the drivers licecnse and the constant number is a defacto ID card (atfer hawkeys australia card was given the boot), is it just me or can anyone else see someone going to a phone shop/post office and/or bank and saying look at my picture on this app that cannot be defeated - therefore I am without a doubt this individual and seeing this person taking over your accounts? I mean the police use the backend system in the card. How easy is it to overlay an image in the frame buffer on a rooted phone? Why are they doing this is beyond comprehension when in an always online world the data can easily be verified online.
Its child’s play to take a screenshot, edit that with a paint program, and show that as “ID”.
All sorts of private institutions only require the screen to be shown for a split second and they do not check the details - they can’t, for privacy reasons - starting with banks and superannuation companies. What you show is taken at face value.
Well my one bank made copies of our drivers licenses a few years back. That would make it easy for them to notice if we changed too much. But that assumes they check it often.
But it's also a small town US bank and most of the workers know me as I use my safe deposit box for my offsite data storage once a week.
"All sorts of private institutions only require the screen to be shown for a split second and they do not check the details "
The tangible ID's, at least the modern ones, have holograms, color shifting ink and other tricks that aren't as trivial to counterfeit as something displayed on a phone. This makes them better for non-governmental checks where there isn't access to a server that can verify the data presented. Would you really want to slide your phone under the glass at the bank so a teller can monkey with it or would you rather slide them your driving license?
If you came to me and said, "We want to secure data entirely on the client device with access granted by a four digit pin" I'd laugh. It's game over right there. It wouldn't matter if you stored the data in the phone's secure enclave - if the client can access that with four digits then all we can do is slow them down.
The iOS wallet works on the lock screen and I assume Google wallet will too.
If a plastic card option is still an option and this allows people to get an instant id I can see it being useful. I think a physical doc as a backup like chip and pin cards now would be helpful they could even print the qr code on the physical doc too so you can scan it at car rental places the way you do passports and e-tickets at the airport.
So I can see there are ways with public keys to allow verified entitres to confirm a license is genuine based on a decent PKI, trusted entities to verify the holder meets age requirements and the driver number and the government and police to do what they want as well as allow users to share what they consent to with verified third parties. But that all assumes that the app enforces an alphanumeric passcode at the os level like every decent BYOD registration that provides mobile tokens and productivity apps and the org in question has or can build and maintain a decent PKI and when vulnerabilities are responsibly reported software is patched. As the author said government systems of old do not inspire confidence these conditions will be met and without them paper and plastic are far superior.
Most people have faceID enabled (please don't do that!) so as soon as you hand over your device the office can claim he had to check some details, seeing camera towards you and it is unlocked. Even without this they can take it to their car and plug it in to make a backup and hack it at their convenience later.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
