UK To Launch Digital Wallet For Passports, Driving Licences, and More (www.gov.uk) 49
Britain will launch a digital wallet app later this year allowing citizens to store government documents on their smartphones, UK Science Secretary Peter Kyle announced on Tuesday. The GOV.UK Wallet, available on Android and iOS, will first support veteran cards followed by driver's licenses in late 2025, with plans to eventually include passports, marriage certificates and benefit documents.
The app will use facial recognition for security. "The overflowing drawer rammed with letters from the government and hours spent on hold to get a basic appointment will soon be consigned to history," Kyle said. The Labour government aims to have all UK agencies offering digital alternatives to physical documents by 2027. Officials said users can recover their digital credentials if phones are lost, adding the system complies with existing data protection laws.
The app will use facial recognition for security. "The overflowing drawer rammed with letters from the government and hours spent on hold to get a basic appointment will soon be consigned to history," Kyle said. The Labour government aims to have all UK agencies offering digital alternatives to physical documents by 2027. Officials said users can recover their digital credentials if phones are lost, adding the system complies with existing data protection laws.
What Could Possibly Go Wrong Here? (Score:3, Insightful)
How many weeks until it's compromised?
Re: What Could Possibly Go Wrong Here? (Score:1)
It's already compromised. It's the UK govt so the contract will have gone to some 2-bit Bangladeshi firm ran by some ministers con-man cousin or brother or something. It's doomed from day 1.
Short Sighted (Score:4, Interesting)
Not a day goes by that we don't hear a story about some large hack that has stolen a bazillion credentials
from some company who treats information security as an expense to be cut at the first opportunity to increase
shareholder profits.
Not one.
Before the decision is made to make everything a digital entity, you might want to shore up the laws and
heavily increase the penalties ( IE: Prison time ) to ensure the people who store this information take the
security of it far more seriously than they do today.
Re: (Score:2)
Trust is a concept that requires impunity, unless you can use force, then you don't need trust.
You are absolutely right that the only incentive that could force the organizations in charge of protecting our data to prioritize security is if failing to do so is almost guaranteed to cripple them with fines, and that these fines can't be evaded by bankruptcy or other legal loophole.
But then, what would be the incentive for lawmakers and those who finance their campaigns to adequately enforce consequences for p
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Your plan is, government demands these corporations paint a target on their backs, then spend all their money not getting shot. That works in the physical world, where one can buy a safe for a few thousand dollars that that can't be defeated quickly by professional locksmiths. Buy and forget doesn't work in the digital world, which is the real problem. Governments around the world have made the decision that tracking you is more important stopping identity-theft. Otherwise the laws you demand, would alr
Re: (Score:2)
Your plan is, government demands these corporations paint a target on their backs, then spend all their money not getting shot.
Not quite. The typical order of events is:
Government: We have a poorly thought-out IT project. Which of you private companies wants a boat-load of taxpayer money to make it happen?
Company: We'll take that, thank you. Oh, and quite unrelatedly, please have this donation to your campaign/political party.
Govt: Thank you very much. Oh, and quite unrelatedly, have this knighthood for your CEO.
Cmpy: Thanks. By the way, this project will cost much more money and take longer.
Govt: Sure.
Some time later...
Govt: So
Re: (Score:2)
It sounds like you're concerned about the concept of a database containing sensitive information like driver's license details. Hate to break it to you, but that ship sailed a long, long time ago, and I don't think having my driver's license on my iPhone is going to be the straw that breaks the camel's back.
Re: (Score:2)
Exactly. There’s a new attack surface here, but it isn’t what these people are worrying about
What about the social score? (Score:1)
Re: (Score:2)
It's pretty simple to calculate, really.
if not FrostPiss:
SocialScore = -1
else
SocialScore = 5
Google/Apple Wallet Support? (Score:4, Insightful)
Hopefully they'll add support for Google/Apple Wallet instead of just their special app. Would be much better to use open standards and access in a central location for everything
Re: (Score:2)
The whole purpose is facial ID (Score:3)
Think of the stream of different facial ID pictures that the app will provide Gov. The purpose is to get a very comprehensive facial ID database with all the day to day variants that standard ID cards and passports don't gather.
This will be optional to start with, then mandatory for anyone receiving a government payout such as welfare or pension.
Re: (Score:2)
No thank you. The laws need to be changed and users need to get total control of the property they own.
Re: (Score:2)
That would be good, but somewhat unrelated to the discussion at hand
Re: (Score:2)
It's related to the comment I replied to.
Re: (Score:2)
Hopefully they'll add support for Google/Apple Wallet instead of just their special app. Would be much better to use open standards and access in a central location for everything
Because we all know it takes a multi-bazillion dollar company to make an open standard, not a government mandate. Jesus, what choices. Where's my fainting couch?
Re: (Score:2)
The government made their own app instead of using the standard ones. Good thing about multi-bazillion dollar companies is they have teams of people making these secure and private (partially to avoid giving away information for free I'd guess). The same can't be said about the government
Re: (Score:3)
The government made their own app instead of using the standard ones. Good thing about multi-bazillion dollar companies is they have teams of people making these secure and private (partially to avoid giving away information for free I'd guess). The same can't be said about the government
I just don't care for the word "open" being used to describe locked down corporate entities. It may be a standard by numbers, but I won't be one of those numbers because no amount of clout behind it makes me trust the digital wallet. I'm a tech person, which means I know better than to think security is easy.
No, I don't trust the government to do it any better. I think the idea of digital wallets is a really, REALLY dumb path to go down to begin with, and government created ones are doubling the dumb. But h
Re: Google/Apple Wallet Support? (Score:1)
I agree completely. While the most ominous words in the English language may be: "I'm from the government, I'm here to help" I don't think "I'm from the multinational megacorp... Etc" is any less so by any measure.
Re:Google/Apple Wallet Support? (Score:4, Insightful)
Would be much better to use open standards
I don't think you know what those words mean.
The road to CBDC, and end of freedoms (Score:2)
Soon you will have to use this app to pay for anything, or get paid, as cash will go away. At that point the government will control all aspects of life.
Have fun my British friends.
Don't Hand Over Your Phone (Score:3)
If you hand over your phone to police or border agents, you are an idiot.
Re: (Score:2)
Exactly my thought...
Re: (Score:3)
You talk a big talk but I guarantee you presented at the border your phone is being given to the border agent. Outside of the safety blanket of the internet everyone becomes "yes sir, of course sir, I'm sorry sir."
Re: Don't Hand Over Your Phone (Score:2)
and if you're entering another country and you don't show your phone, they deport you. so it's not like you have a choice anyways
Is that really the bottleneck? (Score:2)
Strong identifiers are relatively trivial(or, more accurately, they absolutely aren't; but reusing the work of a modest number of cryptographers and other specialists is easy and scales readily); but ensuring that you are issuing them to the right person is...less trivial; and normally where the hassl
Oh Boy! (Score:2)
Re: Oh Boy! (Score:1)
My "password manager" is a little black diary notebook I keep in the bottom drawer of my desk.
And before you say someone could just steal the book... You severely underestimate the illegibility of my handwriting. Some of the older ones even I cannot decipher.
That live journal account may be lost to me forever... But at least no one else is ever getting it.
Nope. (Score:2)
I'd never install a government app of any kind on my phone, regardless of declared permissions. Too much room for abuse and concealed access to my data.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'd never install a government app of any kind on my phone, regardless of declared permissions. Too much room for abuse and concealed access to my data.
You will when you need proof of identity, only available via the government installed app on your phone, in order to work, to purchase things, to own or rent a place to live, and all that other nonsense a modern citizen needs to do to survive the day to day. Isn't modern life grand? Haven't we done marvelous things with our tech toys?
Re: (Score:2)
What? But they're sooo useful. Take HMRC's app - it's so good, apparently thousands of people have used it to look up their National Insurance number!!
This one is so bizarre it makes no sense at all - HMRC, the tax collector, has an app, which they advertise as being good for looking up your NI number. Yes, your NI number, not "see what tax you owe" or "see how your tax is spent" or anything of that nature, nope, look up your NI number.
I suspect this digital wallet hasn't got much of a hope.
Australia already on the way (Score:2)
LOL (Score:3)
The UK introduced the ETA process this year similar to the USA ESTA, and the digital part is a shitshow.
1. They suggest you use an app
2. The website option to do it online instead suggests you use the app.
3. When you click "the app doesn't work on my phone" it says to borrow a family member's phone.
4. Finally click the option to apply online because you can't use the app and you end up back at step 1.
When you're in the app there's no going back. Anytime you make any mistake you have to start the process from step 1. This includes not being able to retake pictures if they are blurry, despite giving you a preview. Don't like the preview start the entire application again.
The UK couldn't have designed a worse experience for this. I have my doubts the digital wallet will be anything resembling competent.
Re: (Score:2)
To be fair, that was implemented by and under the Tories, who believed so hard in government incompetence they were unable to get anything right at all. It’s not like it’s impossible for governments to do digital well, and the Labour government has a chance (but no guarantee) of doing better.
Re: (Score:2)
No what you said isn't fair at all. It was rolled out under Labor. Regardless of who started the project the actual implementation is 100% the fault of the government in operation on day of operation. Just look across the channel and you can see what Labor could have done: Noticed that it wasn't good and delayed the implementation like the EU did with the EES and associated EITAS process (originally due mid 2024, now 2025).
My experience (Score:2)
In my country digital IDs have been used for more than 5 years now. It's very convenient and nowadays I only carry my "paper" documents with me in travels, as a security measure in case my smartphone gets inaccessible.
There's no information you give to the government to use it beyond what they already have. Also, you don't handle your smartphone to the police or anyone else. I was stopped by police in a traffic stop once, showed them the QR code on my screen and they scanned it with their device and checked
NO VERIFICATION in US versions (Score:4, Interesting)
Two things:
1. The smartphone screen displays an image, and today's apps display a static screen, meaning a previously taken screenshot or even a modified image file will work. I'm not familiar with the UK system but here in the US there is no "revocation system" like there is for certs, keys, signing authorities, etc. So if you image your driver's license and one day it's taken away (see point 2 below) that image is still good. For practical ITSEC purposes this is infinite-authentication without revocation. While that may be good for me to buy a bus pass, it should not be good to effect international travel, court entrance, or anywhere where some level of security is based on authentication of your identification. You know, Security Theater. But still when designing a system one should build in these guardrails.
2. You don't own your passport. In the United States the US Department of State ("State Department") owns your passport. They can request it back, declare it invalid, leave you stranded in Hong Kong with the only place to go being Russia because you can't get to Ecuador without going through a country with a US Extradition Treaty or an MLAT. So "duplicating" your passport isn't really "a thing" because it's not yours, and may be revoked at any time.
In sum, all these systems do is continue the mythos that security theater enhances our security OR that we must "trade" something to get that security. The reality is they decrease the level of trust in authentication.
We can also talk about how if your credentials are on your phone, they can be taken, modified, shared, reused -- just like all the idiots getting their crypto stolen.
Make Orvell Fiction Again (Score:2)
Re: (Score:2)
Meta will no longer be as cooperative with outing people to various authoritarian governments.
Meta demands people publish under their real name, hence their collaboration is not much needed for the police to track and arrest users based on their posts.