I think even digital IDs will tend to exist as physical tokens? Also worth noting that you can have a digitized and cryptographically signed ID on "paper" which can serve much the same purpose (security, machine readability) as an electronic one. Where electronic tokens shine (for IDs or otherwise) is attesting to the physical possession of a single copy.

▲

grey-area 6 hours ago | parent | next [-]

I don’t see why they would bother with physical tokens nor would they be popular - things like passports are really quite expensive to manage and largely unecessary these days. An app or identity on people’s phone might be a good stopgap.

However I suspect biometric methods of id verification will render carrying anything redundant long term.

The databases for digital id already exist, they’re just not fully utilised yet and these databases will always be centralised.

▲

lodovic 6 hours ago | parent | next [-]

I doubt everyone will still be carrying phones as we know them in a decade, so we might indeed be headed for a future where governments keep giant databases of biometric information. Works OK if you trust your government to handle that properly and not abuse it in the future. The real headache is crossing borders, where your details end up in the hands of a foreign state.

	▲	consp 6 hours ago \| parent \| next [-]
		> so we might indeed be headed for a future where governments keep giant databases of biometric information Don't want to wake you from that nice dream but that ship has sailed quite a while back, at least here in the EU.
	▲	LunaSea 3 hours ago \| parent \| prev \| next [-]
		Biometrics are usernames at best not passwords.
	▲	grey-area 4 hours ago \| parent \| prev \| next [-]
		We are already in that future and have been for at least a decade. Passports contain biometrics which are in a central db too.
	▲	ACCount37 6 hours ago \| parent \| prev [-]
		What? What to replace the phones with? And why whatever replaces them wouldn't be able to do the same things?

▲

mongol 5 hours ago | parent | prev | next [-]

For one thing, it increases resilience in the event of outages. It is a tangible aspect - just like citizens are encouraged to keep cash at home at least in my country (Sweden)

	▲	grey-area 4 hours ago \| parent [-]
		Does it though? Our world is now so networked that borders shut down if the network is down - see other responses on this thread.

▲

b112 5 hours ago | parent | prev [-]

I don’t see why they would bother with physical tokens nor would they be popular - things like passports are really quite expensive to manage and largely unecessary these days.

OK. I'll bite. Why are they unnecessary?

Passports have two things. They have information on them, which can be read by looking at them. And they have information on them in chip form, which can be scanned, and is also cryptographically signed by the issuing authority (eg, a government).

To verify a passport you can look at it visually, but you can also scan and validate the info, including photo, in digital form. All you need is the CSCA, the 'country signing certificate' to do so, and there aren't may of those. Small readers exist which are updated with these certs, and so even in the middle of a war zone, with RF jamming, you can verify a country signed what you're looking at.

Relying upon the Internet being there for ID purposes is a massive fail. You'd don't need a networked reachable database to validate that your ID is valid, in a digital way, which can be really helpful with 1M refugees show up at your door during a war, or when the capital city of the issuing nation has been bombed.

You may think this unimportant, but the edge cases are what 99.999% uptime is all about. And the edge cases with ID really need 100% uptime. The last thing you need during a natural disaster is an inability to ... well, do anything.

So even if you have biometric methods to identify someone, you'll also want a local, on person method which has those on chip, and signed by a government saying who you are.

Having ID network connected is also a massive, huge, immense fail. There should be no network connected databases of anything about anyone, in any form. Why? It'll be hacked. This will never, ever, ever change. Never. Paper records can't be hacked en masse, and you can get the same protections by storing records on individual chips with other associated info in paper form.

Dismantling this infrastructure and replacing it with buggy, hackable, online databases just to get digital ID verification is a complete move in the wrong direction. Verifying digitally signed information is not.

And passports can be scanned by phones.

Which means that the info, cryptographically signed, can be verified by anyone in the world too.

Really, what we need is to have everyone chipped, like a pet. Because that's where this ends up, and that's also the only way to always have your ID with you.

As a snarky aside, I've spent my entire life interacting with society all the time, yet only in the last decade has it been necessary to be "carded" constantly to do so. We've literally taken a privacy conscious society, and turned it into a nightmare. I'm identified when I go buy a loaf of bread, the most dystopian, totalitarian government anyone could ever conceive of, is a joke compared to the amount of control and tracking now exercised over people's lives.

So I guess my point is...

If it's annoying and difficult to have to carry around a physical identifier of who you are? And use it regularly?

Why is the solution to make it easier to submit to slavery?

Think that's an over the top statement?

We all know how the US government has pivoted on many things during the current administration. We also know it has had, and continues to have (via private enterprise) a robust degree of information about every fiscal transaction made.

If you look at the McCarthy hearings, they literally went so far as to find documents from decades prior, paper records of course, of people joining socialist clubs in university. Eg, simply sign-in sheets, or their names listed in the minutes of such orgs.

Decades later, that information was used to blacklist careers, destroy lives, not for any proof of malfeasance by those accused, but simply because they were curious in college about socialism.

Those same accused were then used to "name names".

My point is, from the financial data currently being stored about people, anything that makes you stand out in any way could be turned into a problem 10 years down the road. Not to mention, how credit card usage, and digital tracking, and location tracking might hit some pattern.

No one who lived through the McCarthy hearings, just watching them, or lived through how Germany or Russia controlled the lives of their citizens, would ever think any of this increased fingerprint of people is a good idea.

It's all just very dumb. And it will not end well at all.

▲

klausa 5 hours ago | parent | next [-]

This is not how the world already works.

If CBP's systems go down, they will not process (foreign, they'll process US citizens still) arrivals [1], even with physical passports in front of them. I assume the EU ESS works the same.

"If the internet goes down, your border checkpoint is down" is not some terrifying future we need to protect against, it's the reality of the world as you live in right now.

[1]: I've had to wait for an hour, at SFO of all places, because of exactly that happening.

	▲	fc417fc802 3 hours ago \| parent [-]
		TBF given that a temporary outage is abnormal it makes a certain amount of sense to default to shutting down. Whereas during an extended outage you can pick back up as long as the key parts of your system are capable of operating without the network.

▲

petu 5 hours ago | parent | prev [-]

> Relying upon the Internet being there for ID purposes is a massive fail.

Why would you need internet? Document holder smartphone can cache the document for years and present it over NFC (including photo, signature, etc). Just like existing biometric passports work, but replace the physical passport with smartphone app.

▲

klausa 5 hours ago | parent [-]

To check against $your-local-law-enforcement-agency database, $your-local-immigration-agency for history of entry, etc.

The internet requirement is not there for the person presenting the document, it's for the person/system checking it.

▲

petu 5 hours ago | parent [-]

System checking it just verifies the signature is valid and thus all data presented is valid? Your browser doesn't need to query any Root CAs to trust SSL certificate, https works without internet.

History of entry and visas/etc could be stored on device as well

	▲	klausa 5 hours ago \| parent [-]
		If you want to argue for a theoretical system that is self-contained, only relies on the data that is present on either the physical (or the theoretical cryptographically signed digital) passport, you're free to do that. But in the real world, the systems that deal with processing people's entries already cross-reference multiple other existing databases, require internet connectivity to do so, and I think you'll have hard time convincing anyone to stop doing that.

▲

izacus 7 hours ago | parent | prev [-]

Many EU countries already issue a chipcard IDs which can be used to auth for government services (via NFC or a dedicated reader).

So yeah, I'd expect those to move to a phone as an alternative to the card

▲

shevy-java 6 hours ago | parent [-]

This is not the same. For instance, we can access the internet without needing that ID. But right now there are attempts to force a digital ID in order to access information on the www - this is the whole idea behind "age verification". The kids are just used as excuse here. It has never been about the kids.

	▲	izacus an hour ago \| parent [-]
		I think you're jumping to conclusions that aren't supported by the digital ID proposal. Even with that: There's plenty of services dangerous to kids that we gate behind an ID check and I don't particularly see why internet is special in any way.