13
votes
What do you think about putting your driver's license in your digital wallet?
I forgot my driver's license today but had my phone with me. I remembered seeing stories that google and apple both allow these (for some states) in the digital wallet.
Before doing this, I thought I would ask people here to weigh in on whether it is a good idea. Is it considered secure? Is it going to cause me more privacy issues than a physical card in my wallet?
This is also related to recent discussions about online age verification.
This is a related Tildes post from last year: Google Wallet adds age verification and more government ID support
It might be good as a backup, but you should also consider the one huge downside when using it. If you need to show/give it to the cops, they now have full access to your unlocked phone. I can't think of other situations where someone would need to walk away with your ID, but cops do need to take your ID back to their car if they've pulled you over.
Why? You just need to tap your phone against the reader.
Maybe I'm misunderstanding the implementation (if there's an explanation or demo of a country having implemented this, I'd love to see it), but the version I've seen is pretty much just a picture of your license in your digital wallet. Maybe it also came with an NFC signature, and I missed that part of the explanation.
But you also have to consider what happens if you're travelling outside of your home state/province/country and need to use your ID elsewhere. At that point, they may not be equipped with the proper reader, and would need to see your physical ID or the digital representation on your phone.
If you're outside your home state, they can also just not accept the digital ID to begin with, so that seems like a moot point.
Last time I looked at this for Apple Wallet it was only useful when going through the TSA. Normal law enforcement didn’t seem to accept it as valid ID yet.
Even then I don't think it's fully rolled out across the nation. I think only select TSA checkpoints allow it.
I went through a TSA checkpoint with signage saying they accepted it, but the TSA agent either didn't know how it worked or didn't want to be bothered with it.
It sounds to me like a very bad idea, and at least for my use case it's entirely unnecessary.
I think if you can provide it without unlocking the phone or physically handing it to law enforcement it’s not a bad idea. One less thing to carry and a potential backup in case you did forget.
In today’s political climate having backups of your identification is probably not a bad idea.
Additionally part of me wonders if Apple/Google could provide age verification abstractions by having your ID on the wallet. IE apps would have an “over 18?” API that the wallet could just respond yes or no to with user permission. No face scan. No uploading ID to another third party etc..
I would rather not provide personally identifying information like that to a company that does not have mine, or anyone's, best interests at heart.
Would I rather supply it to Apple or would I rather supply it to every individual application? I’d pick Apple in that scenario, assuming that age verification is a hard requirement.
I’d trust Apple over Blue Sky or Discord for privacy and security.
I’d rather not provide it to anyone but that’s not the way laws are moving.
So give up your personal information only when required to, not just because it's convenient, imo.
I don't trust any of the examples you cited, and many more besides, with my information. Enough information is already out there about every one of us. We don't need to make our devices one stop shopping for everything about us - at least, not moreso than they already are.
Last time I checked it was basically a useless feature since it's not recognized by law enforcement as valid ID. Maybe that's changed, or maybe it's state by state, but I don't see the point if that's still the case.
Relatively speaking? Absolutely not. The mere act of it being stored on an internet-capable device will inherently make it less secure than a card. Physical items need only be secured from local attempts to access them; digital ones need to be safe against the entire internet.
Not to mention that the more you centralize everything important to you on your phone, the more of a single-point-of-failure it becomes. Putting your ID on there would mean that if your phone should ever get stolen or hacked, or should you simply lower your guard at the wrong moment and fall for a scam, the consequences are that much worse than they already were.
Having information stored with notoriously data-hungry companies like Apple or Google is a privacy issue to begin with. Doing so with information this sensitive is even more so. You have to trust their security now, as well as trust their privacy policies on top. I wouldn't do either, regardless of the implementation they use.
If you don't trust their implementation (Secure Enclave, for Apple), then you've already lost the game. Most people, maybe not you, use biometrics (face or fingerprint identification) to authenticate with the secure element and unlock their phones. If it's not truly secure as described, then that data leaking is way more detrimental than a driver's license which holds a picture of the user and an address that has likely already been leaked tens of times by now.
As it happens, I lost my wallet yesterday. It had my driver's licence, my ID cards and my bank cards.
My very first thought was: why couldn't I have all of these things in my phone? Why do I need to carry a physical wallet in 2026? My phone is more secure than my wallet. Had I lost my phone, I might have been able to track its location or wipe it remotely. I realised that I'd be more comfortable losing my phone than my wallet.
It didn't make things better that I'm in a foreign country. Sure, I was able to put a temporarily hold on my bank cards from my phone, but having to get embassies (in my case plural) involved in cancelling my IDs and getting a temporary driver's licence felt like a major headache.
Fortunately, the story had a happy ending. I retraced my steps and found my wallet in a restaurant that I had visited earlier.
Of course, I don't know if someone copied all of my cards while I didn't have my wallet. Had I lost and found my phone instead, I could be reasonably certain that no one had any access to my data.
I'm now thinking about getting an AirTag or something for my wallet to make it easier to find. And perhaps I don't need to have credit cards in my wallet since I pay everything with the phone's digital wallet anyway.
But that leaves things like IDs and the driver's licence. There is talk about digital versions being launched where I live, but I'm a bit apprehensive about it, living in a country whose current regime doesn't have the greatest record in protecting its people's privacy, and is openly hostile against minorities and those who don't agree with government agenda. But if the implementation was one that, instead of a proprietary app, used Apple Wallet or similar, I feel I would be fine with that. It's sad that I trust a profit-driven corporation more than a government.
Maybe I should just get one of those phone cases that can take a couple of cards: my IDs and driver's licence. It wouldn't prevent data loss if my phone was lost, but at least I wouldn't need to carry a wallet.
Seems harmless enough. Probably more useful as a backup, but could come into handy. Whether or not it’s accepted by law enforcement would depend on the state, so best to check that in advance.
Years ago, I accidently memorized my driver's license number, so that's my fall-back if I lose or forget my wallet.
Hypothetically it would be useful, I would love the ability to have my ID on my smart watch when I am running to avoid having to bring my health card with me (semi-required for accessing public healthcare within my country).
In reality, not only does it require development by the teach companies, it also requires potentially multiple levels of government to accept it as ID. Until then, it is somewhat of a paperweight, only increasing your exposure to identity theft.
At this point I dont think its worth it, but hypothetically I could see myself using it for some ID if it was uniformally accepted in my jurisdiction.
...do you use your license regularly?..
...the only times i need mine are for voting, military base passes, and commercial air travel, which amounts to maybe three times per year: i just leave it at home and only toss it in my pocket on rare occasion i need it...as earhart noted above, i also have my license number memorised, so when traffic police pull me over i just tell them i forgot it and they look it up on their system...
I need it when I'm driving. If I get pulled over by a policeman I'm required to provide the license and proof of insurance.
I do have my license number memorized but I think they need to see the physical card with picture ID.
It's not like I get pulled over often but I don't want the risk.
I looked into this a while ago, and I don't see a major security or privacy problem with it over a physical card (since if someone can compromise the phone to get your name and address out they can compromise the phone to get a bunch of way more valuable stuff that's not already public record).
But I do see a major availability problem: phones lack the ontological inertia of a physical card, and you don't want to be relying on something to prove you're allowed to be driving that's one dead battery away from not being able to do that.
And there's a security problem with the system as a whole, which is that nobody knows how to check a virtual ID. Maybe the cops do, but if you want to prove your identity to a random business or a person you are trading with on Craigslist or something, they won't have the software or expertise to actually check the certificates/signatures involved. So you'd just be showing them an app on your own phone and claiming that's your ID. Which means when a scammer shows up and shows an app on their phone that claims they are you, nobody can tell the difference. So it's bad evidence, just like knowing someone's social security number, and one shouldn't go around expecting others to take it as good evidence.
Pointless unless it's officially an accepted type.