[azinman2]

Now imagine they are under obligation to accept it, and you can get to the point where you can leave your wallet at home. With car keys being Bluetooth, I now don’t carry keys in my pocket. To not carry a wallet to drive to the grocery store either would be a joy. I like a physical lightness.

[bri3d]

Yes, this idea would be interesting if acceptance were mandated, but I'm not aware of any movement in that direction in any state. Mandating this kind of system would be massively fraught with political and legal peril in the US and is likely impossible.

With the way the US works, there needs to be an incentive for businesses to use these systems, and I haven't seen an implementation with this focus yet.

Bars would probably like to spend less resource teaching their bouncers and staff to read fake ID tea leaves, but they also can't afford a system that breaks, or is slow or expensive. On paper, these systems should allow for fast, reliable offline verification with a good scanning device. States could partner with someone to make cheap, reliable, phone/tablet-attached scanning devices available widely off the shelf, rather than running "private pilot programs" that fizzle out, or handwaving.

Since mDL is an ISO standard, maybe there's room for someone to make a cheap mDL reader system for bars and restaurants, even if state programs seem overly shortsighted in funding this kind of development.

[nocoiner]

I’m thoroughly confused by your first paragraph. It seems like it would be basically trivial to mandate acceptance of a digital ID system, at least within one of our 50 laboratories of democracy.

Step 1: State adopts digital ID system and mandates that subdivisions and political units of the state are required to accept it for identification purposes in their interactions with the public. Step 2: Step 1 is extended to private actors.

What am I missing? I realize I’m completely handwaving away the details of implementation, as well as assuming that there’s at least one state that would make the political choice to accept a slightly higher baseline of ID misuse compared to a system that verifies that the instrument matches the bearer 99.99999% of the time, but conceptually it seems pretty straightforward. At the bottom of the digital ID, just put 8 pt letters reading “This digital ID constitutes legal identification of the person to which it has been issued for all purposes, public and private.” Boom, done.

I also don’t think there necessarily needs to be an incentive for businesses to invest in expensive card reader systems that phone home to a database and authenticate the QR displayed on the device. Instead, just change the law against selling liquor to kids saying that a good faith effort to validate the authenticity of state issued digital ID is a defense to prosecution under that law. In my state, at least, this is basically how it works now with physical ID cards.

Now, if you’re talking about an ID system operating at the federal and state level simultaneously or across state lines, another poster mentioned the still-not-fully-implemented 2005 Real ID Act and is a fair comment on the difficulties that would exist in coming up with a framework that would work on a many-to-many basis for every purpose for which each type of state ID documents is used.

Or if you’re unwilling to accept the shortcomings of the existing ID card regime (older siblings? doppelgängers?), then sure, you can come up with system requirements that try to eliminate every edge case that exists, and you can have an expensive and administratively burdensome physical AND digital ID system.

But otherwise, I think it would be conceptually pretty simple for a state to create a widely used digital ID ecosystem within that state.

[bri3d]

> 2: Step 1 is extended to private actors.

This the part which I believe would be extremely difficult to do by mandate given the current US social and political climate, which is why I think there needs to be some form of market incentive for these private actors.

> I also don’t think there necessarily needs to be an incentive for businesses to invest in expensive card reader systems that phone home to a database and authenticate the QR displayed on the device.

Thankfully nothing needs to phone home anyway, and there is no accessible database. It's all PKI based - the device attests certain facts and the reader verifies these attestations. A reasonably effective system which (for example) corner liquor store owners are going to want needs to exist to perform validation, though.

> Instead, just change the law against selling liquor to kids saying that a good faith effort to validate the authenticity of state issued digital ID is a defense to prosecution under that law. In my state, at least, this is basically how it works now with physical ID cards.

This would be the kind of incentive that I think would help a lot - if! a "good faith" effort to verify a digital ID were easier than a physical one. If using the digital system helps protect liquor vendors from liability and/or police sting operations, that's a huge incentive to use the system.

[nocoiner]

As to step 2, agreed - obviously we’re currently living in a world where stuff that seemed well within government’s remit since the ‘30s or so is now randomly determined to be extra constitutional. Who knew! But yes, that needs to be part of the system design.

That said, I still think this is fairly “easy” politically (weird court decisions notwithstanding) because there’s already an existing ID regime in place, and no one is saying that’s not a valid government function (yet). If a state wants to say that anyone can rely on a valid digital ID as proof of identity, that’s fundamentally permissive - if a private entity wants to hold itself to a higher standard, and require that every customer submit fingerprints and a birth certificate, it certainly can - good luck with that. But give everyone else the ability to reasonably rely on a standards-compliant identity app, and I think there will be a lot of voluntary uptake there.

Sounds like we’re probably in violent agreement - a system that makes sense for its users is probably going to be well received. States can lead the way by taking the pretty short step from physical IDs to digital IDs that are really not inferior in any way to the existing regime and potentially quite a bit more secure and convenient.

[azinman2]

It’s only year 1. Sooner than later it’ll feel silly not to accept it.

[bri3d]

Colorado's has been around for four years now. I've tried to use it once (giant fail) and I've never seen or heard of anyone else using it.

[intrasight]

> Mandating this kind of system

The US mandated the acceptance of fiat money. That too was controversial at first.

[eesmith]

Yes, fiat money was controversial at first, with political and legal peril when the US started printing greenbacks during the Civil War. https://en.wikipedia.org/wiki/United_States_Note#Politics_an...

But after the US switched back to specie (thanks to the large silver strikes and government policy which meant silver coins were priced by government fiat, not commodity value) it took nearly a century before the US fully embraced fiat money. It likely helped that the legal issues related to fiat money were resolved in the 1870s, https://en.wikipedia.org/wiki/Legal_Tender_Cases .

I suspect bri3d was thinking of a timescale in the decade or two range, not 100 years.

The Real ID Act of 2005 still isn't in fully in force, having been extended most recently to May 7, 2025. That should give an idea the likely timescale involved.

[mdaniel]

> With car keys being Bluetooth

https://francozappa.github.io/post/2023/bluffs-ccs23/ and a related but slightly different threat: https://news.ycombinator.com/item?id=38661182 are why I have no interest in that end of the convenience---security spectrum. For clarity, I'm not yucking your yum, just hoping the future is not made up entirely of c libraries written by.. security insensitive.. developers protecting my house and car

[azinman2]

There are car key amplification attacks where people leverage the remotes in peoples homes to break into cars. In the past there have been car brands that only had so many physical key skeletons that thieves would just acquire them all. Homes often have windows that are smashable and very pickable locks.

Perfect security doesn’t exist, especially as the consumer level. I have more faith in software updates.

[lostmsu]

The first is not an issue if the transmitted data is time-sensitive.

[homefree]

Add a home smart lock and you can get to the point where you only need to carry your phone.

Probably could go even further and only carry Apple Watch and AirPods in most cases!