this post was submitted on 08 Dec 2024
398 points (92.9% liked)

Privacy

32442 readers
931 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it's valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought "wow this is so convenient I won't need to take the wallet with me anymore". I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn't want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say "wait I pin the app with a lock so you can't see the content?"

"I have nothing to hide" but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 72 points 2 weeks ago (3 children)

In Brazil, the officer just uses their own phone to scan a validation QR on the ID app, at no point your phone leaves your hand and in a few seconds the officer has what they need. Shouldn't this be the case in the EU? AFAIK the officers only take your physical ID to check the number, so if you're using the app they shouldn't need to confirm that as the info is already validated

[–] [email protected] 31 points 2 weeks ago (2 children)

Isn't it impressive that we in Brazil sometimes create the best and most simple solutions to problems, but no one will imitate us and will keep insisting in their problematic systems, because we are the third world and supposedly can't get anything right? It's sad when we end up replacing our own good things, because even we think we're inferior in everything and can't come up with a good solution for anything.

[–] [email protected] 10 points 2 weeks ago (2 children)

Say what you will about the country, but gov.br and PIX put everything else to shame and no one even came close to something like that

[–] [email protected] 1 points 1 week ago (1 children)
[–] [email protected] 1 points 1 week ago

I'm sure it doesn't come across the same in Portuguese, but I think naming a government service SUS is pretty funny.

[–] [email protected] 2 points 1 week ago

For all that Russia is an imperialist police state, our e-government services are pretty slick too

[–] [email protected] 1 points 2 weeks ago (1 children)

As op said, the whole point is to get you to hand your phone over unlocked. Thats the point.

[–] [email protected] 0 points 2 weeks ago (1 children)

But you're not handing your phone over, it stays in your hand and if there's a QR code to scan they'll scan it with the phone in your hand

[–] [email protected] 1 points 2 weeks ago

That's not why the system was created

[–] [email protected] 0 points 2 weeks ago (1 children)

I believe EU also requires that you give up login credentials if they are biometric in nature. Meaning if you use a fingerprint reader or face unlock you are required to provide that to law enforcement when asked. So either way if they want your phone's contents they can get it.

[–] [email protected] 5 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

They need a warrant or probable cause for that, but yes they can compel it unlike a password. It's still a search and needs to be lawfully done in the first place.

[–] [email protected] 2 points 1 week ago* (last edited 1 week ago)

Yea but that wasn't the point of me pointing it out. The point was that they don't need to resort to such measures in order to clandestinely acquire your unlocked phone.

[–] [email protected] 1 points 1 week ago (1 children)

I wonder if they are referring to this, or to an EU equivalent of it:

The U.S. Court of Appeals for the 9th Circuit has ruled that police officers can compel a suspect to unlock their phone using a fingerprint without violating the Fifth Amendment's protection against self-incrimination.

https://idtechwire.com/fifth-amendment-does-not-protect-against-biometric-phone-unlock-says-9th-circuit-appeals-court/

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

Right, but they can't just do it without reason which he was implying, and he replied to me with

"Yea but that wasn’t the point of me pointing it out. The point was that they don’t need to resort to such measures in order to clandestinely acquire your unlocked phone."

In this case he was on parole where they have the right to search him. That mention of blood draw etc, you're already under arrest and they can search your person anyway.

I'm not aware of any law where a cop can walk up to you on the street and demand they unlock your phone with biometrics and search it without cause.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

On re-reading that other guys comments, they just make no sense. You are right to draw your distinction, because this thread is being strangely vague on details and trying to encourage conspiratorial thinking without specifics.

That said, I think the core concern can be rephrased in a way that gets at the essence, and to me there's still a live issue that's not relieved simply by noting that this requires probable cause.

What's necessary to establish probable cause in the United States has been dramatically watered down to the point that it's a real time, discretionary judgment of a police officer, so in that respect it is not particularly reassuring. It can be challenged after the fact in court, but it's nevertheless dramatically watered down as a protection. And secondly, I don't think any of this hinges on probable cause to begin with, because this is about the slow creep normalization of surveillance which involves changes to what's encompassed within probable cause itself. The fact that probable cause now encompasses this new capability to compel biometric login is chilling even when you account for probable cause.

And moreover, I think there's a bigger thematic point here about a slow encroach of surveillance in special cases that eventually become ubiquitous (the manhunt for the midtown shooter revealed that practically anyone in NYC is likely to have their face scanned, and it was a slow-creep process that got to that point), or allow the mixing and matching of capabilities in ways that clearly seem to violate privacy.

Another related point, or perhaps different way of saying the same thing above, is that this should be understood as an escalation due to the precedent setting nature of it, which sets the stage for considering new contexts where, by analogy to this one, compelled biometric login can be regarded as precedented and extensions of the power are considered acceptable. Whatever the next context is where compelled biometric login is considered, it will at that point no longer be a new idea without precedent.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago)

That said, I think the core concern can be rephrased in a way that gets at the essence, and to me there’s still a live issue that’s not relieved simply by noting that this requires probable cause.

Well ya. The whole thing is really fucked in the first place. It's very disturbing that it was ruled they can compel biometics in any circumstance.

In a far off future, this ruling would probably even allow a mind reading device to figure out a PIN, which would be protected, because they didn't force you to say it, and reading electrical signals isn't really any different than reading ridges on a finger.