There are significant downsides to the digitalization of travel documents. The biggest one I can think of is ownership - the UK is moving to an entirely digital visa system and bringing in an ESTA style system called ETA for visa free countries. Unfortunately this means that residency cards for noncitizens are being phased out. This means that when the Home Office messes up and accidentally deletes your immigration status, or you are at an airport with no internet access, you have no evidence whatsoever of what status you hold. It also means you will no longer be in possession of any records that might be useful years in the future when the current database containing immigration records will likely have been replaced. It’s much easier to keep a piece of paper around for 30+ years than it is to make sure a digital record doesn’t rot in that time.
I feel strongly that any future digital travel credentials that are offered by governments should be able to operate entirely offline, and provide records that can be retained by the data subject. That means that revocation is harder, but IMO that’s a tradeoff that is worth making to avoid another Windrush scandal.
This has already become a pain when dealing with countries that don’t stamp passports, because when you need to apply for something that asks for your travel history over the past 10 years, you might not have any records anymore.
For me, this is a human rights issue. Article 13 of https://www.un.org/en/about-us/universal-declaration-of-huma... is not contingent upon ownership of a smartphone.
Especially when these days it's near impossible to truly own your own smartphone.
And when you do really own it, you will probably be blocked from using the ID app just like most banking apps won't work on custom firmware.
I've simply been buying Pixel phones and using the GrapheneOS web installation tool. It holds your hand through unlocking the bootloader and flashing the new image on, and it always works without a hitch. Super-easy and reliable. I suppose you still don't "own" the radio firmware, but at least you can have a perfectly functional Google-free Android phone that way.
I suppose the real trouble comes from needing to install software from the Google Play store in order to travel. If you feel you need to do that you can create a new Google account just for that installation of the Google Play from the phone itself and then never give it any of your personal information such as a payment method. GrapheneOS claims to do a pretty good job of sandboxing Google Play components.
Regardless I agree with others here who think it should always be possible to travel without any electronics on your person.
I use GrapheneOS, and wouldn't have it any other way, but its prolonged existence depends on Google not making any asshole moves in their next Pixels, and on the (highly appreciated) efforts of a few dedicated individuals.
And like Linux on the desktop: it offers a better experience for everyone who either has the knowledge to step off the beaten path, or has someone who supports them. But that is just a few percent of people. The rest gets what market forces dictate.
Chris Woope nicely summarizes the main anti-user features I'd like to surgically remove from GrapheneOS:
https://github.com/chriswoope/resign-android-image?tab=readm...
I just wish there were a supported and easier way of achieving this. Would love any suggestions.
GrapheneOS doesn't implement or keep anti-user features. The way the linked repository is portrays things is not accurate. It gets the technical details wrong and also misrepresents the GrapheneOS decision making including portraying officially planned features as if they're things we disallowed because we didn't implement it yet.
You should use our official instructions for building and signing the OS. We provide official support for it including helping people with it in our development chat room available via Discord, Matrix or Telegram:
* https://grapheneos.org/build * https://grapheneos.org/contact#community-chat
Building GrapheneOS is far easier than trying to modify the official releases. It's not hard to build and doesn't have a lot of dependencies on the host OS since it uses the standard AOSP build toolchain for reproducible builds. It takes around 40 minutes to do a full build of the OS portion of GrapheneOS on a recent 16 core AMD gaming CPU and half as many cores won't actually take twice as long since scaling isn't linear. It takes under a minute to do most incremental builds for testing changes after the initial build.
If you make your own builds, you don't have to modify anything to have root access via ADB. A userdebug build has root access in the Android Debug Bridge (ADB) shell via a su executable along with support for adb root to run ADB itself with root access so every command has it available including the shell, push and pull. You should enable ro.adb.secure=1 for a userdebug build if you intend to use it in production to enable USB-based ADB authentication like a regular user build. You should be aware userdebug reduces security through poking a lot of holes in SELinux policy in order to provide root access and the ability to disable dm-verity while unlocked.
Your own builds will not connect to releases.grapheneos.org for updates. If you want updates, you need to enable the Updater app by exporting OFFICIAL_BUILD=true after changing the URL to point at your own static web server. It's very easy to set up an update server and we publish official documentation and the sources for our services. We don't outsource our update systems to mirrors for privacy and security reasons. The app releases, OS releases and app repository metadata are signed with downgrade protection but that doesn't mean a mirror system is a good idea.
Here's a list of all default connections made by GrapheneOS:
https://grapheneos.org/faq#default-connections
Here's where you can get what you need to host all of this yourself, which is quite straightforward and easy:
* https://github.com/GrapheneOS/releases.grapheneos.org * https://github.com/GrapheneOS/apps.grapheneos.org * https://github.com/GrapheneOS/grapheneos.network
You can choose to host only the network services and use our official app repository. If you rebuild one of the apps we update through there, just change the app id so it won't try to update it.
The services need to be updated before an OS update depending on changes to the APIs which are documented in the official release notes. For example, Broadcom GNSS moved to a new format for part of the PSDS data. It's all in 1 repository (grapheneos.network) if you don't host app and OS updates. You can host all this stuff on 1 server but we use separate ones for network services and updates since the load is so dramatically different.
The approach in the repository you're linked was always a very fragile and improper way of doing things. GrapheneOS is an open source project and you should modify the sources if you want to make changes.
GrapheneOS has officially planned support for toggling off secure activities disabling screenshots, toggling off apps detecting screenshots, built-in network-based location with multiple options including fully offline support via scraped data and Location Scopes for per-app location spoofing to go along with our Contact Scopes and Storage Scopes features. We don't understand why this repository is portraying these things as if people need to modify GrapheneOS to obtain them. If people helped us implemented the features in GrapheneOS, they would be available to everyone. Built-in network-based location is one of our top priorities and our implementation is nearly ready to ship in a production release. Location Scopes is a relatively high priority. The screenshot-related ones are low priorities but someone who considers it important can contribute and get it implemented soon.
The linked README has many inaccuracies about how things work and why they work the way they do. GrapheneOS has a built-in encrypted backup system which backs up data for every app since it uses the device-to-device backup mode. Play Store requires apps to use a modern API level for both updates and new apps along with unlisting apps not updating their API level for a few years. Therefore, the issue of certain apps not supporting backups due to opting out of cloud backups or excluding their files from cloud backups has been solved. allowBackup is not a thing anymore and neither are the traditional file exclusions. Apps can specifically exclude files from device-to-device backups for security or portability reasons, but few do, and it's almost always for a good reason. Apps can provide a backup service to backup and restore with a portable format. Files are often device or install specific. Logins also usually aren't meant to be cloned and can be made device-specific with the hardware keystore, as can other data. Signal encrypts their whole database with the hardware keystore so ignoring the backup exclusions won't achieve anything.
The hardware keystore works as a normal HSM does for good reason and it has attestation to prove keys are backed in a TEE or secure element along with verifying the OS. This gets into their mention of the legacy SafetyNet Attestation API and the current Play Integrity API. We had a feature filed about spoofing Play Integrity, but only spoofing the software device integrity level is possible and they require hardware attestation on devices properly supporting it. Pretending to be a Pixel with stock OS requires leaked keys. Pretending to be another device with the stock OS is easy for them to block via their extensive fingerprinting including GPU fingerprinting. Any attempt to do spoofing at scale can be blocked by them. It would be a black hole for development effort, and users would not have a reliable way to use apps banning using any aftermarket OS or non-Google-certified device.
Apps which want to forbid something like Mock Location such as Pokemon Go can and will use the Play Integrity API to require a Google-certified OS. Since GrapheneOS supports hardware attestation, they can check that it's unmodified GrapheneOS and permit it too, which we've convinced a few app developers to do:
https://grapheneos.org/articles/attestation-compatibility-gu...
Hiding that Mock Location is active simply means apps will not permit using GrapheneOS. It's pointless to trick apps about this when they won't permit using an OS tricking them. We haven't decided what to do for Location Scopes. Our approach will likely be making a new API so apps banning Mock Location will be compatible but apps which want to ban spoofing location don't have to ban GrapheneOS. That way, apps unaware of GrapheneOS will work with it if they don't ban it and apps aware of it don't have to ban it. What's a better option?
We're not doing anything anti-user. Preserving the security model in the regular production releases is not anti-user but rather pro-user. Most people aren't ever going to be using CLI commands while understanding and truly consenting to what they're doing by reading the documentation.
App-accessible root is not something we think is at all pro-user and the apps using it are taking a shortcut to implementing something without following the principle of least privilege, etc. By definition, it's not a secure way to implement functionality. It inherently gives root to a massive portion of the OS and can't truly be revoked. Users having root themselves via ADB is a different story but it doesn't mean it's a good idea to have that in regular production builds for everyone. It has a cost.
First off, thanks for all your work on graphene! I run cyber security for a company in the defense space, with data-sovereignty requirements, and you guys are the only serious project around. You should think about selling support contacts, I know a lot of BlackBerry refugees still looking for something serious. I bet you could sell support and a barebones MDM as subscription /very/ successfully.
(As an aside, I've been very happy to see you are still involved with the project!)
> GrapheneOS has a built-in encrypted backup system
Do you mean seed vault? It's really not satisfactory. For one, I should be able to encrypt my backups with any key of my choosing, on a hardware token if I so choose, not be forced into its silly codeword system or nothing at all. AES, gpg, and X.509 compatible support would get you all of the way there.
Even just letting backups be exported unencrypted, so I can easily and automatically use a trusted device to encrypt it the way all my other data is would make it so much more usable.
Frankly, the current implementation just reads as one of those ridiculous things trying to force the uneducated/uninterested to be secure, with no escape hatch for people who actually know what they are doing, nor for enterprises who need secure mobile devices, but also know an end-user will /never/ successfully take a backup on their own.
> First off, thanks for all your work on graphene! I run cyber security for a company in the defense space, with data-sovereignty requirements, and you guys are the only serious project around. You should think about selling support contacts, I know a lot of BlackBerry refugees still looking for something serious. I bet you could sell support and a barebones MDM as subscription /very/ successfully.
It's something we can consider in the future. We do plan to make our device management system with a unique approach not available elsewhere in the industry. We'll wait until we have it implemented to explain it.
We have funding to continue expanding the project and need to focus on that before trying to get funding in more ways than donations. We've been successfully expanding the development team. It's the non-development aspects which are barely in place.
Bear in mind our open source project has been around since 2014 but the non-profit organization was only formed in March 2023. There was a false start through forming a company in 2015 to support the project, then having it go off the rails and try to take over the open source project followed by years spent trying to destroy the project when that didn't work. It resulted in a lot of lost time, energy, money and opportunities. From a development perspective, GrapheneOS is a very mature project. From an organization perspective, we're still rebuilding from what happened in 2018. The focus is very much on development and building out the non-profit isn't easy for us.
> It's really not satisfactory.
We know it didn't turn out the way it was planned. Someone made the initial implementation for our use based on our design specifications and input. It was meant to become an official GrapheneOS project. We gave our design concepts to someone who began working on it, but the takeover attempt in 2018 lined up with this in a way that it got derailed. Today, this backup project is controlled by people directly involved in the takeover attempt and subsequent attacks on GrapheneOS. Believe me, we're not fans of the project and intend to either incrementally rewrite it or outright replace it.
The basic concept we created was an encrypted backup system able to support local backups, backups to an external drive, direct transfers from one device to another, arbitrary sync providers, etc. There was a whole vision for what it was meant to be but only certain aspects of it got implemented and mostly not in the way we intended at all. The fact that it exists acts as a barrier to making something better because we don't want to rip it out and start over with something not fully functional. It's easier to start a new project to add a missing feature than to figure out what to do about replacing an incomplete and low quality implementation of what we wanted from this. We need to figure out a whole migration plan away from it to something new where the old system doesn't go away until the new one at least does what it can do better.
> silly codeword system
It's a standard BIP39 seed phrase. It was meant to be a lot less limited than it is. There was a vision for what it should be which was partially communicated. The current team working on it doesn't understand the original vision for it and is not capable of creating something on the level we wanted to have.
Are you aware that the title of this submission is "The paper passport's days are numbered" ? Not "Why You Should Use GrapheneOS?" Way to hijack a discussion about what is fundamentally a human rights issue.
I responded to two posts directly about GrapheneOS. I tried to give helpful information on the correct way to do what they want to do and addressed the idea that we're doing anything anti-user. The linked content is misleading and it's only fair that we have a chance to give our perspective and explain our decision making. A lot of what was listed is stuff we plan to change but there have always been lots of higher priorities. The rest are security vs. incredibly niche features where we choose security but people can still have it the other way due to it being open source.
I fully agree one should own their own keys. I suppose in the case of my phone I feel I can't let perfect be the enemy of good.
See https://news.ycombinator.com/item?id=42536302 for an official response to the claims in that repository. Many of the features listed there are officially planned features, although not necessarily in the way they imagine them. We want to give users a choice about things like secure activities blocking potentially accidental screenshots and apps detecting screenshots so those will have toggles.
GrapheneOS is heavily focused on privacy and security. That means we're not going to add massive attack surface or poke huge holes in the security model for very niche things that are not going to benefit the vast majority of users. We provide official support for userdebug builds with ADB root access for people building the OS. Official support includes helping people with their builds in our development room, with the hope that people end up contributing back. People making userdebug builds for production usage should enable ro.adb.secure=1 unlike a regular development build. They should be aware of the security downsides and it's their responsibility to secure the computer(s) they're using for builds, signing and ADB access. ADB access can also be used on the device itself via network ADB which is non-persistent for security reasons.
GrapheneOS is an open source project. Modifying the official binary releases is not the intended way of making changes to GrapheneOS. People are intended to modify the sources and build it themselves. The whole process is only a few commands and can be trivially scripted if people only want production builds signed with their keys.
GrapheneOS even has fully reproducible builds for the OS and we have a community member that's reproducing each OS release successfully. There's only one known issue specific to 8th gen Pixels which has been worked around by them doing the 8th gen Pixel Linux kernel build from a specific path. It should be resolved already by Android 15 QPR2 that's currently in Beta due to it moving to the 6.1 kernel used for 9th gen Pixels for 6th/7th/8th gen Pixels too.
The UDHR is more a list of (short descriptions of) ideals than exact wording of the law to get there or when other things take priority.
The 2 sentences making up that article don't really live up to that level of useful detail.
[flagged]
I do agree that conceptually the government shouldn’t force you to buy things from private companies to exercise your rights.
However, you already have to buy a passport (often for a lot of money) in most countries, so pragmatically, I don’t know that it’s a hugely different thing to ask. However, there’s a big difference for children, the elderly, and people with disabilities.
Immigration tends to stretch human rights though. It costs >10k gbp in visa fees for a British citizen to return to the UK with a non-UK spouse from arrival to settlement. You also need to be earning a fair bit of money, and not have the British partner as a stay at home spouse. I would say that frustrates article 8 ECHR, but the government disagrees.
There are countless examples of similar issues re international travel and immigration. Smartphone ownership is simply one of many.
A paper passport can be valid for 10 years (maybe more, I'm not sure). It can be stashed in a safe. It can be left alone for several years and be picked up just before leaving for the airport.
A smartphone will not satisfy any of these properties.
If you are convicted of hacking in Australia, you may be subject to a lifetime order that prevents you from owning a smartphone. However, once your parole is done, you do have freedom of travel.
Ownership of a device simply is not a guarantee you can rest on - even before you get to those who may not be able to use them.
I completely agree. There are a variety of reasons why a person might be digitally excluded.
Governments need to make sure that people can access the services that they’re entitled to through a wide variety of channels, including physically visiting an office if necessary.
Though I will say, at a practical level, you will find that it’s increasingly difficult for people with criminal records to travel internationally (due to entry requirements).
Entitled is a strong word, eligible is maybe more precise.
"They're entitled to" or "Have a right to" seem more precise than "eligible". At least in my country, I think everyone (citizens) has the right to a passport. It's not something you need to be chosen for as "eligible" would imply.
My reasoning is that eligibility is a prerequisite for entitlement. I believe eligible is defined as meeting some criteria for, not necessarily being chosen though that could be a criteria. I agree they have a right to, however entitlement implies to me that the person has invested some time and resources in asserting their right. Whereas eligible means only that the right to something exists, if it were to be asserted.
The way I see it "entitle" = "in title". People in their title as citizens have a right (often from birth and unalienable) to certain things such as passports.
"Eligible" means you're able to be elected, but you must still be elected. Different from a passport, you may be eligible to a visa, and at some point an officer is likely going to interview you and decide whether to give you one.
People are entitled to a passport but only eligible to a visa. You can assert what you're entitled to, but not what you're eligible to.
> entitlement implies to me that the person has invested some time and resources in asserting their right
That's only when your title was earned, which not all are; some are born into them.
> I believe eligible is defined as meeting some criteria for, not necessarily being chosen though that could be a criteria.
The confusion may have started when decisions became more automated into "criteria" to be checked for by bureaucrats that no longer have the deciding power they once had (and later further automated by software), but "chosen" is in the latin root of the word. For example, "chosen" in Spanish is "elegido", "choosable" would be "elegible". "Eligible" = "electable" = "choosable". They're all basically synonyms.
>> entitlement implies to me that the person has invested some time and resources in asserting their right
Something else about what you said here, for titles that are earned (e.g. naturalized citizens), you don't invest time and resources to assert your right. You invest time and resources to earn the title. When you've earned the title, you've earned the rights that come with it. Having then those rights, you can then assert them. You don't need to expend anything to assert. You just claim them, since they're already your own. For example, if someone says you need to expend time and resources to assert your right to vote when you're already a citizen, that's wrong. Having expended time and resources to become a citizen (or having been born a citizen), it's already your right to vote. You're entitled to a vote.
Entitled is more accurate.
Issuing a passport by the Austrian State Printing House costs 60€. Show me a phone with decent battery life that has comparable costs.
>However, you already have to buy a passport (often for a lot of money) in most countries
From the government, paying what is more an administration fee than the actual cost of the good, yes.
This is about principles, not economics.
Transparency is another important one.
One reason I dislike such digital ID schemes because I can't actually tell what information (or metadata) is being forked over. Even if it does purport to show me, I'm just supposed to trust what it says?
No thank you. A piece of paper provides a common format that's easy for both me and the official inspecting it to understand.
What do you think happens when passport control scans your passport? The fact that the identifier is a paper document vs a digital token will make zero difference to the data that they track. It's linked to innumerable national and international databases which they will be tracking. Your privacy is basically zero when you cross borders.
The difference is when computer says no, you can show that computer is wrong
No, because the fake passeport detection is done by checking the database anyway.
Honestly I don't see any other way. Else it becomes a paradise for forgery.
That's not true. My freshly printed passport was denied by a computer at the UK border, they ran forensic checks for 2 hours while I waited in detention and then it was all good and they let me go.
No, if you don't come with a database solution, any paper or physical only solution is 100% counterfeitable, with just enough means poured into it.
Mafias all around the world will buy expensively any valid or even used identity document just for this purpose, i.e. to study it and perfect their forgery skills.
The process you witnessed is a remnant of the past, a feature of the necessary transition period, and I hope it disappears soon, because that's a giant gaping security hole.
Btw, your fingerprints are in the database, as some facial features too. That could be in addition to retinal scans and, why not, DNA features too in the future.
Thanks to all those biometric data, in case of a problem, the process will be much more reliable using the database than using old fashioned paper IDs.
Also, all these tests are very fast to perform (excepted maybe DNA tests), much quicker than the unreliable administrative cross-checks that were performed until now when there was an ID issue.
Passports have had NFC chips with the potential to store additional data for at least the past 10 years.
Not to mention the Passport Number which links the passport to databases of other information.
Like the information on my visa application, or the fingerprints collected at that time, or my travel history, hotel stays, and so on.
Data does not have your be "in the passport" to follow me around.
I have a (USA) digital driver's license that I've presented to TSA via my iPhone a couple of times. It's explicit exactly what information is being shared. You tap (as if to pay), the information being requested displays on the screen, and you double-click to acknowledge and send.
Note: USA "paper" passports have included an RFID chip since 2007.
Dude, your passort already have information on the chip that is machine readable. All the data that is being forked over is not on the passport but various databases - Interpol, Europol, etc.
Most comment here are not related to the problem, which is your interest & my interest & interest of 98% of HN others at least conflicting with the interest of those who control how humans vote. We know how things ought to be if everyone wanted them to be good for most humans. None of this discussion will however convince anyone to work more altruistically in reality.
Those who control the public opinion know that there's some opposition who confuses the problems with the conflict. They laugh since no one who thinks legislation like in the link would be generally bad can do anything. The ignorant will vote what the Orwellianishly-named "smartphone" will command them.
In the next five years, it's likely the option to stab the kings will be for the first time removed, since robotic militias will mean no insurance CEO can simply be shot. This means there will be zero limits to what cruelty they'll do you, since no matter how torturous it gets you'll be unable to even violently resist this. You'll have no democratic mouth, but you must scream. Completes cyberpunkization well.
---
Aside: US drones + US satellites that enable global connectivity of drones was a rather obvious consequence of Starlink ~4 years ago. If they really want some person, they now can search most of Earth in few hours with the drones + computer vision, and soon with land robots, all connected through Starlink (starshield to use the euphemism). The irony is how this at the same time solves the connectivity problem.
Biometric databases will be hacked and leaked, criminals will perform cosmetic surgery to assume new identities.
> US drones + US satellites that enable global connectivity of drones was a rather obvious consequence of Starlink ~4 years ago.
One would probaby be safe from the US in Serbia, Transnistria and other non-US friendly places for a while, given enough bribe money. The US won't sneak drones into sovereign airspace without another state's approval even if they're looking for high level targets such as Osama bin Laden, Al Baghdadi, Qassem Soleimani. We are not talking about failed states or states in civil war like Syria, Libya or atates under US assistance like Iraq here.
You are insane if you think the U.S. couldn't get you out of the politically, economically and militarily small Serbia or Pridnestrovia.
The only place where you'd stand a serious chance is Russia, if there's political backing. (see Snowden, Marsalek et al.)
Who are "those who control the public opinion"?
In case I did, I would make sure I don't get pinpointed to, but in the US perhaps look at CFR / state department veterans & advertising corporations' stockholders & Google.
In Europe traditional news sources there got economically slaughtered & replaced by few big online 1995-2005. This qas a consequence 1970s & 1980s academic networks working closely with US on web, and US then doing what it did with Google.
If you can influence what ends up in the social media feed of those deciding about university curriculums and/or most politicians, that's quite powerful also.
In Russia & China, there seems to be less hidden, less culture of valuing "free media."
---
That public opinion "matters" but gets shaped is very plausible if you consider that most of history it didn't matter unless the public got very angry.
Century of Self describes the process before Zuboff.
One might argue that control of public opinion was originally more psychoanalytic idea, and then became more Skinnerian with computers.
Chief-level people in newspapers.
Those are all valid concerns.
Then, the digital passport's ship has already sailed for better or for worse, and all these questions are solved in other ways.
> when the Home Office messes up and accidentally deletes your immigration status
You're toast either way, because it will be checked at the airport. You'll have to deal with the immigration officer and have them do something, because you won't go very far with just a paper that will be checked against the backend. In my experience it has already been the case for a while now.
You still better have the reference paper that will help identify your visa procedure, dates etc. But it's already just a key to the info in the DB.
> you will no longer be in possession of any records
Print out the papers and keep track of the important pieces. It's the same for everything else in your life, including tax documents, birth certificates etc.
Even in the olden days, the papers you had only had value against the agency's record that could prove their validity. If you had to prove residency in some specific period, having a stamp on your passport would mean very little if the agency denied having any records of it. So it's exactly the same weight as if you printed out a certificate while the DB blew out and no data about it are left.
PS: I think in previous time people were also so much more lenient. It wasn't much a question of physical papers or not, and more on how much few people cared if your info was valid or not. I had an error in my name in many official documents, and while people noticed it, a simple "they typed it wrong" explanation was enough in 99% situations.
If you have records of your own and pointers to other organizations contemporaneous records, you may have an opportunity to appeal if your DB record is lost.
The home office rather notoriously destroyed/never kept its own records of arrivals of commonwealth citizens, which was one of the steps leading to the Windrush scandal.
Many older records only exist in paper form, and often the receipts are good enough. This is especially true when you’re dealing with 3rd party governments. A foreign government is going to put a lot more stock (rightly or wrongly) on a birth certificate that is printed on fancy paper covered in security features than it is to a printout of an email.
I second both points. You absolutely need to keep your own papers and records and it's fully expected as well.
Also yes fancy paper is more valued than junky ones when nothing else remains, but random printouts are also provided everyday, and they're fine with it. At the crux of it, the foreign gov usually doesn't actually care that much about your birth certificate: they want due diligence at most, even if they'll have a more strict public facing facade. It's cross referenced only when it really matters (e.g. you're trying to get citizenship or a background check for security clearance ?)
> Even in the olden days, the papers you had only had value against the agency's record that could prove their validity.
That's not true. For example, Jews (or people who wouldn't be always considered Jews, but those who would still fall under the Law of Return) have to produce some kind of document which states that their ancestor was Jewish. Often these documents were issued by authorities that no longer exist. And it was up to immigration authorities to decide whether they trust such a paper or not. Basically, anything coming from Western Ukraine prior to Soviet occupation would be issued by such authorities, same with Baltics.
Unrelated to above: a lot of databases are only required to store their records for so long. For instance, the transcripts from most colleges can be produced within 10 or so years after graduation. Then it's like they've never existed. So, if for whatever reason you need to show your grades later, you better have a paper version.
I'm kinda baffled what you mean by authorities prior Soviet occupation, as Baltics an Ukraine/Poland have archives and power to acknowledge Jewish ancestry. It was not a question on decision to trust but requirement of the process by Israel for those that wanted to migrate to Israel.
What power are we talking about? That's completely new to me (and I had to go through this process).
Just to give an example of a document that I know had been submitted in this situation. A graduation certificate from a Jewish girls gymnasium in Vilno. The city has changed name since then, there's no such street address, there aren't any girl schools, definitely not gymnasiums, let alone Jewish. The building that used to be the school was destroyed in WW2. So, there's nobody who can vouch for the document. Maaaybe you could somehow find an index of all such schools that exited in the year of graduation, but even this info might not be available.
During WW2 a lot of civil records have been lost, especially in smaller towns / villages. Sometimes it was deliberate, especially if it was a Jewish settlement. It was common for Jews in the military to try to erase any trace of their ancestry, as regardless of how poorly the Red Army PoWs were treated, Jews and Communists would've been executed immediately. So, destroying records indicating such connections and forging personal documents was a common case. Now that people try to recover any traces tying them to their ancestors, they often have very little to rely on. Like, receipts from donating to a synagogue, or permits to start a particular business (typically associated with being a Jew) etc.
* * *
Another funny memory I have in this respect: in the 90's I was queuing in a bakery in some central part of Lviv. A man behind me overhead me speaking Russian (which wasn't very common at the time, since Lviv citizens frowned upon it, and mostly spoke Ukrainian), and decided to ask me if I know where Adolf Hitler street was.
My jaw dropped. But, the man pulled out from a pocket a triangular letter (the kind soldiers used to send during the war) with the address specifying exactly that. Apparently, the carrier of the letter was looking for his long-lost friend whose last known address was in Lviv, on that unfortunately named street. And since Lviv was seen as being quite radical in their way to dedicate streets to questionable historical figures, the old man believed that they might just have such a street...
Anyways, some locals overheard our conversation, and soon we discovered that the street in question was indeed named after Hitler during the German occupation, after Soviet occupation was renamed the Lenin street, but historically was called Lychakivska (and that was its current name, restored in the recent years).
* * *
Another similar story involves my dad's friend who was born in the 30's when the Soviets and the Nazis had a love affair. So, this guy was named Adolf, yes you guessed it, after the Austrian painter. He was Jewish. So, after the love affair ended, he sought to change his name. But you cannot change the name on the birth certificate. Also, his school graduation papers etc. all had him as Adolf, and that's how his family called him. Sort of. (I knew him as "uncle Dolik".) Not surprisingly, there wasn't much of a record of him changing his name to Alexei :) and he'd routinely get in trouble with all kinds of authorities, police when checking his driver's license, paying electricity bills etc.
Similarly, in Western Ukraine, prior to Soviet occupation, it was customary to give two names to children. Eg. my grandmother was Daria Anna. But the Soviet system didn't acknowledge this, and only one name could go into the passport / city records. So, she became Daria. At first. Then Dariana. And after having all sorts of documents, she was in a very tough spot proving ownership of her apartment, because it wasn't possible to tell (from the authorities perspective) whether Daria Anna, Daria and Dariana were the same person. Add to this that in order to preserve some of the family property she and her remaining relatives tried to mud the waters around these documents. Eg. to avoid partitioning the apartment she'd claim to have a sister Anna, who lived at the same address...
I'm quite sure that this wasn't an isolated incident. There would've been a lot of attempts to manipulate the system by creating fake people, trying to wipe out one's own records etc. Paper documents help in detective work to untangle such manipulations. If there was ever a single central source of this information, such manipulations would've been a lot more successful.
It's getting hard to even take printing stuff for granted. It's getting harder and harder on iOS just to arbitrarily copy and paste text from many apps - can't even copy the title of a YouTube video last time I tried. This mostly just worked on PC.
It hurts me. Everything going so far backwards.
At least once a week I have to screenshot something on iOS and use the new Photo OCR feature to copy and paste it out of the image. I wish I was joking.
> That means that revocation is harder, but IMO that’s a tradeoff that is worth making to avoid another Windrush scandal.
I don't think the UK (Or US, other other European) government are too torn up about the possibility of another Windrush scandal.
But I generally agree with you. A physical passport offers a degree of psychological and real "security" that the promise of some cloud-hosted credential absolutely does not.
As a minor aside, I (US citizen) was once able to able to enter the US (at Toronto Pearson airport) despite having left my passport in some hotel. I just told the stern American guy "Yo soy American." Apparently they have ways of telling.
> I feel strongly that any future digital travel credentials that are offered by governments should be able to operate entirely offline
How offline is the current system today, where officers swipe/scan our paper passports into a machine?
With the current system, the passport chip can be validated offline if you have the CAs cached. If your computer is completely dead, you can look at the documents under a UV light and verify authenticity the old fashioned way. You could definitely design something that was verifiable offline using phones, but you’d be harder pressed to have it verifiable without any tech whatsoever.
Exactly this when I said in another comment I want both. The old physical protection of UV light and verify authenticity the old fashioned way. It doesn't even need a stamp but a physical thing that prove my identity I can own. Not another number in the system.
This is the same thing I am against a cashless society where the society no longer accept physical cash. And in 2012, and later 2014 when Apple Pay was introduced all the way to 2017, 99% of HN were in support of getting rid of physical cash.
Paper has no downtime.
In times of disaster, the people welding paper along with the people who can trade on their street cred, familiar friends, family, will get stuff, do necessary business.
Everyone else will be essentially panhandling.
Mind you, not a damn thing wrong with panhandling. That is not a crime.
My point is to avoid having to do that where possible and practical.
but that is not my problem
my passport has been through a washing machine accidentally and i can still present it in the remotest of countries no matter the internet or whatever, and it works
in the US, yes they are switching to face recognition and often they barely even look at the passport anymore. I enjoy the convenience of that, but i don't wish to share this data with all the countries in the world, nor to be on the hook for having a connected device everywhere in the world for basic movements.
You may not wish to share it, but it's a simple choice:if those countries want that data, you'll either share it or be refused entry. Passports are only a small part of that, regardless of what data is stored on them. The US for example requires you to provide fingerprints and submit to a face scan, that then get permananetly stored (for non-citizens). They also require you to submit to a phone and laptop search if the TSA agent believes it's necessary. You are of course free to refuse all of this, and go back to the country you were coming from.
So having digital vs physical passports opens no new avenues of private data sharing with regimes you might not trust: they already have a right to demand any kind of data they want about you.
As a Brit with NZ permanent residency, there hasn't been residency stickers in passports for NZ residency for years now, so the only thing I have is a number and a PDF I can print out...
> the UK is moving to an entirely digital visa system and bringing in an ESTA style system called ETA for visa free countries.
Canada, at least, already uses an ETA system called exactly that (or I guess TAE in French), so that probably had greater influence than the US ESTA.
Yes, and so do NZ and Australia. I actually think the biggest influencer is probably EITAS, which is the same thing for the Schengen area (yet to come into force).
It’s a part of a wider trend going forward. I will say the UK/EU systems are fairly unique in that they aren’t excluding each other. Canadians don’t need ESTAs nor do Americans need Canadian ETAs
I for one am really worried about the UK Digital Visa system. There are just so many ways it can break down
Airport WiFi - people can easily run deauth with aircrack-ng. Email server might be down Phone out of battery Etc
It's not digital in the sense that you need to show it on your device.
It's digital in the sense that it's electronically stored against your passport number, and the UK Border Force can see it just by scanning your passport.
Tech bros need something to sell. Sew current maga vs musk
[dead]
As soon as the local banks here started the push of 'you'll be locked out of your account if you dont activate our App' I switched to a dumb-phone. Tech has turned against us, and as a developer I feel very sad about that.
I strongly believe that a smart-phone should not be a requirement to partake in society.
Something as basic and important as a passport should not be entrusted to these ad-phones. Same with the push for smart-phone fintech / digital currency, or card-only retail. The 'easy option' seems to cost us more and more freedoms.
'This app requires permission to access your passport details. This is only to confirm your date of birth, and thus your eligibility to access the ad infested internet'
Having ranted about all that, I have to say that requesting a new UK passport last month was The best website experience I have had in a very long time. Simple UI, clear process, and worked perfectly without needing the latest nightly build of whatever new browser API / GB framework is the monthly fad. Just a shame it is quite ugly compared to the previous European one.
>I strongly believe that a smart-phone should not be a requirement to partake in society.
I'm 40; I stopped using email in 2016 (save temp-burners for a few necessary signups); essentially never do I carry a cellular phone, nor do I app/text.
My bank treats me like a criminal, locking me out of online banking; occassionally they cancel my debit card ("didn't you see our app notification?!"). Jokes on them, though: I live one block away from this bank, so I just walk in constantly to ask them for account balances/transactions, and to poke fun at their ideas of security (e.g. text 2FA, which login.gov specifically declares "bad practice").
It's actually kind of nice, having built rapore with a few of the tellers who already know why I'm visiting their location so often: bad company policies, dependant upon smartphone apps.
Should physical identification ever be legislated out of existance, I'd probably just expatriate (at this point, semi-retired).
My god, can I please rent your basement? I want off this ride.
I always suggest this as the first step:
Become "unreachable" — from whom is your choice, but I always suggest to start with ignoring work-related calls/texts, except when *on the clock. Certain countries are beginning to implement "right to disconnect" laws, which require your employer to pay you for contacting you outside of your scheduled work hours.
At this point I wouldn't even give a new employer my personal phone number (they'd get a burner for HR docs)... if your employers wants to call/text you, even during work hours, they can provide a phone/number.
Which bank is that?
None of my banks or credit card companies have any app requirement like that.
Which bank did that ?!?
Instead of replacing passports with apps, in between would support passport cards. Better to allow using national ID cards as passports. The digital data could be saved on card but with physical photo and info as backup. It also works for people without smartphone.
The US has passport cards but they only work for land and sea from Canada, Mexico, and Caribbean countries.
Recent Canadian passports are basically a plastic card glued to the first page of a paper passport. For backwards compatibility it seems - it’s obvious the plastic card contains the chip and everything that matters.
Chips have been present in passports, even the all-paper ones, since the 1990s, with all the same information. They’re called “Biometric Passports”. The plastic card in newer passports is for durability and making them more difficult to forge.
But the chip doesn’t contain “everything that matters”. The chips have biometric info (hence the name) like legal name, sex, nationality, photos, and sometimes fingerprints. But the bulk of a passport book is made up of tens of pages where stamps, stickers, and even entire visa documents can be stapled/attached. None of these are present in the chip.
The chip has at least the same information that is printed in machine readable format on the photo page.
It has all the same fields in one or two lines with "<" field separators.
I've had the chip read, I've also seen the passport being scanned to read those lines.
A passport has two components, one is identification of the holder, the other is the travel (entry/exit stamps) history and potentially the conditions of entry (visas etc).
Some people fly to places like Afghanistan which do not have all these fancy computers I suppose.
> The chips have biometric info (hence the name) like legal name, sex, nationality, photos, and sometimes fingerprints
... legal names and nationalities aren't "biometric info" though. Is it fair to say that the chip contains the content of the travel document at the time it was issued (doesn't the chip also include the passport number, issue/expiration dates, etc) but not the stamps/visas that are added after the passport is issued ? I think everyone gets that the chip isn't updated when you get stamped into or out of a country.
> Is it fair to say that the chip contains the content of the travel document at the time it was issued
Yes to expiration date and number (although afaik it does vary because each country may include or exclude certain information), but in general no, because even if you have a visa issued to you at the time of a passport being issued (like at the time of a passport renewal), the chip will not have that information. The chip information is basically just proving who you are, but doesn’t have any info on where you are permitted to go (other than permissions implied by your characteristics like nationality). That information is stored elsewhere, like in the passport pages or a country’s internal immigration records.
the chip is inside the relatively soft back cover, not in the polycarbonate page
it's the same in the US
[dead]
National ID cards are widely used for international travel in Europe. You just need to standardize them, so that every checkpoint doesn't have to support 200 weird national standards.
I think the digital portion is pretty standard nowadays (same as biometric passports, plus any national addons like e-signing on top of that). And physical features are customizable, but that’s atrue for passports as well.
you're talking about humans, a civilization that cannot fully win the decades-long fight for one portable charging format, and proposing all governments get on the same page about their passports?
The machine readable printed parts are covered by an international standard ISO/IEC 7501-1 [1].
So despite your cynicism, all governments literally are on the same page about passports.
What do people think organizations like ISO, ITU, ICAO etc do other than exactly this sort of standardization process of human activities that are common across national boundaries?
National ID cards are evil. They are not a thing in my country and there would be very very strong opposition if they were seriously proposed (including riots, like when vaccine mandates were imposed on a subset of the population a few years ago). The passport is the only thing remotely close to a national ID, and a good proportion of the population do not have one. Standardizing a national tracking ID so foreign powers can know everything about you and sell it to further enrich their oligarchs? Not a chance.
This is basically what biometric passports are. They can fit in a national ID card. However, for backward compatibility, the papers are also provided.
i don't even know if it would work for majority of Mexico tbh. Around covid time, especially in non-Cancun airports, they would basically refuse to let me leave the country if the stupid physical entry stamp was not perfectly readable. Explain to them the digital revolution.
Makes perfect sense…
Other than standardizing on equipment and root certificates, none of this is new technology.
The challenge is how do you revoke a certificate which was used to issue millions of ID cards/passports once it leaks? Does everybody suddenly not have a "valid" ID proof?
Or how do you scale non-digitized operations up on-demand once some of this fails?
When it comes to privacy, government can even not keep any of the PII in a central place: it just needs to get it for signing and never needs to store it.
Basically, you can have a device that wirelessly transmits government-signed data containing your facial data and other PII, and upon validation, that data would be used for facial recognition and ID verification.
(Like JWT tokens for those familiar with them)
> The challenge is how do you revoke a certificate which was used to issue millions of ID cards/passports once it leaks? Does everybody suddenly not have a "valid" ID proof?
Revocations always come with a revocation date. Only passports issued after that date would be invalidated. The issuance dates could be proofed with cryptographic timestamps.
There is a trade-off between false positives and false negatives when choosing the revocation date of the issuer certificate. With OCSP, you could also revoke all the individual IDs that are not known-good (known to have been issued legitimately).
Of course, a world-wide interoperable passport scheme is unlikely to be designed with such an elaborate verification system, and maintaining registries of all legitimate IDs comes with its own risks.
In case of a massive breach, it’s more likely that everyone will have to get a new passport and re-prove their identity for that using separate means.
> In case of a massive breach, it’s more likely that everyone will have to get a new passport and re-prove their identity for that using separate means.
If you have a big family with the ownership of many assets - a car, house or an apartment, bank accounts, mortgage, various subsidies, and so on, the number of instances that you need to go to change your old passport data to a new one could quickly grow up to one hundred, depending on a country. The biggest problem with reissuing a passport is that its number and issuance date change, forcing you to jump through many hoops to continue life as before.
That sounds weird. Which country abuses passports like that?
From my perspective, a passport is just an identity document. It's not a source of identity. When you get a new passport, your identity doesn't change, so you don't have to update your information anywhere. Immigration officials may be the main exception, if you live outside the country of your citizenship. Or maybe there is some hassle if you need to transfer a visa to the new passport.
> It's not a source of identity.
Lots of countries use ID's serial number as a sort of identity. Like, your bank would literally store "Mr. John Doe, G.I. ID 60-05 123-456-9012, D.o.B. 1985-07-29, etc." in your record, and when the next time you visit a branch and show them your new ID, it better have a "previously issued IDs" section on it with that old ID number there, so they would confirm that it's still you and update their record.
The passport can retain the same ID. It’s only its certification that changes. This is analogous to how a web server doesn’t need to change its domain name when the TLS certificate has to be replaced.
And presumably, you would still have to renew your passport every ten years or so anyway.
> how do you revoke a certificate which was used to issue millions of ID cards/passports once it leaks? Does everybody suddenly not have a "valid" ID proof?
You need cutoff date and some kind of public trail log to prevent backdating new certificates. This can be done via short-lived secondary certs derived from a root one, logged publicly
> You need cutoff date and some kind of public trail log to prevent backdating new certificates.
You might be able to do it without a public log by using an RFC 3161 (TSP) secure timestamp facility like the unfortunately named https://www.freetsa.org/. Basically, we want to trust identity attestations ("I am Bill Clinton and this is my face") made by a compromised CA between the time the CA certificate was created and an estimate (hopefully a conservative one) of the date of compromise. We want to distrust any certificates signed outside this time range.
This way, in the event of a CA compromise, we don't have to revoke everyone's certificate after a CA compromise.
I think we can implement this security model by having the CA ask the TSP server to countersign each certificate that the CA issues. The TSP would sign a hash of the whole CSR, including both identity ("I am Bill Clinton") and biometric (bill-clinton.jpg) information. Anyone can use the TSP's attestation to provide that the TSP server witnessed this combination of inputs at a specific time.
Sure, if you've compromised the CA, you can issue a certificate saying "I am Bill Clinton", but to do so, you need to either use a genuine, up-to-date TSP attestation, giving away the game, or you need to use an old TSP attestation, forcing you to use exactly the original inputs to the TSP. Using the exact inputs wouldn't help you: you want to issue a certificate saying "I am Bill Clinton" with attacker.jpg as the face, not bill-clinton.jpg. The latter won't help you do anything: you don't look like Bill Clinton and you don't have his private key.
An attacker would have to compromise both the CA and the TSP server to pull off a passport forgery. And you can make this process even harder by requiring multiple independent TSP servers to countersign certificates.
That's pretty much how it works now, except they are not logged publicly.
Sounds a lot like a blockchain
It really isn't, aside from using public key cryptography. There isn't even a concept of a "block" (ie. a linked list where each node is cryptographically linked to a prior node).
Blockchain can be the store of public data (dump public keys of intermediate certs into blockchain), but it's not necessary, public trail log is enough to call on backdated cert issuing
What certificate are you talking about? The document is your face
"Your face" doesn't tell border officials anything important about you. For that, you need a travel document with relevant biographical information (eg. name, date of birth), along with a picture of your face so they know who to associate that information with. Finally, to ensure that you can't make a fake document that looks like a real document, there's a PKI system where all the information on the document is digitally signed by the country issuing the travel document.
That's far down the line.
The examples in the article just store the document data in national database. In both examples (Finland and Singapore) you register online before the trip and then still show up with your passport.
Singaporeans just show up with their face because their face is already linked to their government ID, stored locally. This can be done by any country after pre-registering your regular passport.
All of this is trivial to implement. There's still no mention of full digital validation.
Well, the thing is -- after doing the whole ICAO PKI into the passport (which already happened) and keeping the trace in the local government database somebody realised there is no point to issue an expensive unforgable paper copy of it, since the digital artifact bundled with it (theoretically) provides stronger security. So instead of issuing ICAO PKI into the paassport, you can just have a dumb app generating a QR code with it or A4 paper extract.
How does that work for identical twins?
The same way as it does now. The face is checked against the identity claim, not against the global lookup, which can't reliably work anyway.
So there's no non-repudiation making it no different than a paper document.
Sorry I can’t really parse the comment, but I do agree it’s no different from a paper document, because why would it?
It's hard to think of any scheme that fully works for that, unless you mandate distinctive body modification like tattoos or scars.
I've been in a handful of places where no meaningful digital proof of identity/legal entry could possibly be produced: deserts, small towns with no cell service, etc. It's hard to imagine the expectation of a physical passport with a physical stamp in it going away anytime soon in these places.
Yea, lots of comments in here advocating for full digital or “just use passport cards” are coming from a narrow perspective of only having to use passports in established travel routes like major international airports or developed countries. Most of these suggestions just simply wouldn’t work in the majority of the land border crossings I’ve experienced in places like Laos, Cambodia, rural China, Thailand, Peru, Bolivia, etc.
Or... Canada! I've biked from Montana into Alberta and the border crossing was in the middle of forest in the middle of nowhere. Definitely no reception or wifi there.
Put a star link there, problem solved. That works pretty much anywhere in the world.
This is the narrow perspective I was referring to. There are border crossings in the world where there is no reliable electricity, and laptops/smartphones are a rare luxury. Starlink is not a solution to these problems.
But there currently isn't a problem with physical passports. They work!
Why introduce new problems? I was bike touring and wasn't carrying a phone. Isn't that allowed?
They work, sure. It just involves queueing, lots of manual checks, endless amounts of misery at airports, etc. But it works. But I would label it as a problem.
I like being able to skip all of that. That works too. It's not that hard.
I wouldn't qualify standing in a line as endless misery...
Regardless, I have global entry so I do appreciate the desire to skip a line, but I don't follow how 100% digitization solves the need for checkpoints completely. It just seems like techno utopianism to me.
This is such a brain dead solution to a problem that shouldn't exist. Why push for digitization?
Because it works, quite well actually. It isn't that hard or expensive. And it's convenient. Why push for the old stuff? There's absolutely nothing fun about having to queue for some TSA prick for two hours after a transatlantic flight who hates his pointless, miserable life (and rightfully so). All that stuff can be automated these days.
TSA does not do border control, and in fact border control is usually relatively fast compared to being re-screened through security (TSA).
Edit: It's convenient if you are a digital native, but elderly folks, among others, will not find it easier than a physical passport. The push to require everyone to have a digital device to participate in society is troubling to me.
I guess if that's how you feel about it, more power to you. The day I get away from almost all tech will be a good day. Also I get that TSA sucks but I don't think they deserve the vitriol you're throwing.
i don't see how a physical passport with a physical stamp is any more meaningful than an offline smartphone with a passport app, either way the receiver needs some connection if they want to do any real verification
Physical passports, in the same way as physical currency, have numerous mechanisms for reducing the ability to forge the documents.
So these documents can be checked locally without any form of communications to some central authority (which doesn't exist across national boundaries).
They have visible anti forgery like UV printed symbols and information, underprinted background text and patterns, etc etc.
So they are more "meaningful" than an offline smartphone with a passport app in that they do not require anything other than the officer's ability to see, feel and read the documents.
If being forgery-resistant is the argument for paper docs, a passport that identifies me using strong cryptography is just as forgery-resistant (likely more so). And we could do a cryptographic verification without a persistent internet connection. (Or can’t we?)
The argument is graceful degradation.
Even when there's no connection, no electricity, you get some modest layer of security out of "it's hard to manufacture a convincing fake passport if you don't have large-scale resources behind you."
What happens then with app-only passports? Do we close the border crossing entirely until the network is back up? Or do we rely on showing a QR code or NFC handshake that can't be properly verified? I'd think creating a fake passport app that reached those hurdles would probably be easier than getting access to specialized papers and printing technology.
Modern passports with RFID chips already support that actually - https://www.icao.int/Security/FAL/PKD/BVRT/Pages/Basics.aspx
A passport with strong cryptography would be forgery-resistant, however it is dependent on some form of PKI to distribute the public keys to every customs/border inspection point across the world, for every passport-issuing nation.
It's meaningful to a bored police officer in a less-than-democratic country who has nothing better to do than make my life annoying.
I'm not denying that it's security theater or claiming that it's more meaningful; I'm saying solely that there are physical expectations that are going to be very hard to shake once you go off the beaten path.
> It's meaningful to a bored police officer in a less-than-democratic country who has nothing better to do than make my life annoying.
I've found that money is more meaningful than anything else to those bored officers. Either they don't actually care that much about your documents, or if they do, they're simply looking for a bribe. At least that's been my experience at out of the way border crossings in southern Africa.
The most ridiculous experience I had was crossing into Zimbabwe with my 11 year old son. The officer wanted to see his birth certificate, which was still in the car that had already been driven across the border. So I had to leave the building, walk across the border, which nobody batted an eye at, get the document, walk back across the border, re-enter the building, and then present the document to the officer who didn't even look at it before letting me proceed to leave the building and walk across the border once again.
I’m curious about your experience with this. A friend did a big tour through Africa about 15 years ago and when he got home he commented that you had to be careful to right-size your bribe: if your bribe was missing it not big enough, you’d get hassled about paperwork or maybe have to pay a “fine” or “document processing fee” to make up for it; if your bribe was too big, though, then you and the people you were travelling with would be subject to intense scrutiny. From what I recall about $5 USD was about right and $20 USD could result in the contents of your suitcase getting dumped in the dirt and very thoroughly rummaged through.
I took 'could possibly' + reference to cell service to mean that there is some sort of technical/infrastructural limitation. If your point is that the world is big and any effort to do this would take a long, long time to fully penetrate beyond a few highly developed Western countries, then I definitely agree.
Yep, that was the sole point.
I think things generally start off as experiments in first world countries then trickle down eventually to third world countries. That's just the reality. 20 years ago not everything could be digitized because internet/smartphone access isn't widespread, but now more or less every single person on the planet has some sort of internet access. Things change eventually, they gotta start somewhere.
I assume that you are excluding the US banking system from that "trickle down" effect.
US banking is behind many developed countries due to security model mismatch.
More like 68% of people, which seems pretty far from "more or less every single person on the planet".
https://www.statista.com/statistics/273018/number-of-interne...
But is probably very close to every single adult on the planet.
[dead]
Currently, a physical passport is globally accepted as its own "verification." That's the point.
That factor is so important that the US intentionally restricted the usability of the US passport card to keep that status quo
Paper does not have downtime. Tech does.
direct to cellular via satellite is reducing all deadzones to zero, barring some mountains at angle
just playing devil's advocate with the way I see it heading
There are still significant portions of the world where having electricity, internet, and running water all working at the same time is not as common as you would hope.
Expecting always on satellite connections in a lot of these places is asking for a lot.
> Expecting always on satellite connections in a lot of these places is asking for a lot.
It might be easier than having reliable power grids or running water supply. Assuming at least some of the satellite-internet projects work out (Starlink, Amazon's thing, Chinese thing, European thing, ...) all you need might be a fairly affordable (comparing to infrastructure for running water) hardware that can run on demand using batteries.
the needed infrastructure can be just at the passport checkpoints
AST Spacemobile and Starlink's user experience will just require mobile phones. No adapters or base station. they'll find a way to power them, or extend signal from them. for the passport holder, that will just be client side and no connectivity necessary.
No. It isn't "just at the passport checkpoints." It's everywhere. Passports are the only form of ID most people have abroad that are recognized by foreign governments and establishments.
Good luck to the French dude trying to drink in the U.S. without a passport, or getting stopped by the police in Łodz and not having any valid identification on you.
Any government id eg drivers license will work for that.
15 years ago, a Polish driver named "Prawo Jazdy" was causing a real nuisance to the Irish police, seemingly all over the country. Turns out they couldn't parse the document and they were looking for a man named "Driver's Licence". http://news.bbc.co.uk/2/hi/uk_news/northern_ireland/7899171....
Nowadays, the licenses in the EU are standardized, but at the same time, they are completely unreadable if you don't know the standard, since data fields are numbered, but not usually described in English.
This is very much false in much of the world. Especially if you have foreign paperwork, it's very likely a passport will be required by any kind of official asking for any other paperwork from you.
Nope that'll get you threatened to have the police called on you at the Walmart in Burlington NC. (Austrian federal ID trying to buy alcohol)
I am a dual citizen, and I have not found this to be the case in either of my two countries. Neither of them will accept photo IDs issued by the other, except for passports.
Don’t know about Lodz, but you can absolutely not get a drink in Utah with a French driver’s license. They insisted on a passport since I was from out of state.
I've been in some very steep mountain valleys :-)
But as others have noted: assuming satellite cellular access is also a big leap. I once had someone check my papers by taking my passport, writing a copy of the entry visa number on it (itself hand-written), and then finding me hours later after they were able to find a landline to call the border service with.
it seems like the exact same would be possible with an app
You're going to use an app over a landline?
if my app has a code, presumably they're equally able to verify it over a landline
Sure, assuming the phone isn't dead. I've also been in disaster-stricken places where that wasn't a certainty.
Even in a world with ubiquitous connectivity, this introduced a single point of failure. At least some offline capabilities are essential for something as crucial as travel documents.
Since I run GrapheneOS on a Google-less Pixel phone, I can't install airline apps. So what I typically do is use my web browser to check in for my flight and get a PDF of my boarding pass, then I take a screenshot of the QR code.
The last time I did that the TSA scanner was able to read the QR code just fine, but the tablet app that the flight attendant was using at the gate couldn't read it for some reason. After about 10 seconds of fidgeting with the tablet they asked me what my name and seat number was. I told them, and after checking the list they let me through onto the plane. It looked like they tapped around in the app to override the QR code scan or something.
Fast-forward 20 minutes, and we don't push back from the gate when it's time to depart. After another 5 minutes of delay they got on the PA system and said something about the passenger count being off and that the airline's headquarters wouldn't authorize departure until they figured that out. At one point about half an hour into this a flight attendant walked over to my seat and leaned over to adjust the air flow thingy, which I thought was a super weird and random thing to do. In all it took nearly an hour of everyone sitting on the plane at the gate before they figured it out and authorized departure.
I actually have no idea where the breakdown was, because this happened at the gate when I flew earlier and it wasn't at all a problem. I presume the flight attendant scanning QR codes at the gate didn't hit the right buttons on their tablet that time. If we're going to rely on peoples' completely random personal devices to track authorization to travel, our systems need to be a lot better than this. Exceptions to whatever they think should be the "typical" flow should be straightforward and streamlined.
In the meantime since they've gotten rid of kiosks in my local airport I guess I'll be going to the front desk every time and ask for printed boarding passes.
There are a lot of suppositions loosely glued together here. The count being off happens sometimes and may not have had anything to do with you. I’ve had it happen several times when traveling.
Flight attendants need to adjust airflow when the plane will be sitting on the tarmac longer than expected. On older aircraft those little nozzles are the only way they can control cabin temp while on the ground. They keep an eye on cabin temp readout and adjust nozzles to change it. Again, I’ve had attendants reach in and adjust (usually open) nozzles when we’re stuck on the ground.
What do you suggest the whole leaning over and adjusting the air flow thing was about?
Validation of the passenger manifest.
I remember a sci-fi short story from a long time ago where everything that defined you as a person was digitized and available in your smartphone. The story was about a person loosing his smartphone and coming into all kinds of admin horror to regain his identity but eventually ended up broke sleeping under the bridge..
It's probably not that, but there's a sci-fi novel "The Age of the Pussyfoot" by Frederik Pohl, in which one of the key technologies is a device that everybody carries on their belt that is described thus:
> The remote-access computer transponder called the "joymaker" is your most valuable single possession in your new life. If you can imagine a combination of telephone, credit card, alarm clock, pocket bar, reference library, and full-time secretary, you will have sketched some of the functions provided by your joymaker.
The protagonist eventually finds out from personal experience that people who do not have those things (e.g. because they can't afford them) are basically social outcasts, not the least because they can't hold most jobs, or even look for one. But even beyond that, not having the device means that you aren't being tracked means that you can e.g. be murdered without much of a consequence. And so people who can't afford the real thing still shell out money for a mockup of a joymaker to carry on the belt, just so they aren't obvious targets.
The most interesting thing about that novel is that it was published in 1969, long before cellphones or "the cloud" were a thing. A rare case of a sci-fi author taking a contemporary hot bleeding edge tech (remote time-sharing terminals for mainframes) and correctly extrapolating it into the future. Pohl even gave a broadly correct timeframe when he talked about the novel:
> I do not really think it will be that long. Not five centuries. Perhaps not even five decades.
I feel like this was my last week. Welcome to the UK as an American tech worker. You use a custom Android ROM, too bad, you can't setup your visa. Want to book something on Ryan Air too bad, "computer says no" (really I should never do this again for many reasons).
The level of expectation that your phone is a set of handcuffs that you do not own is high. If you own your device and not vice versa, things just don't work in this world. And honestly why would I want a computer that I didn't control anyway?
I sympathize but a much, much simpler way to negotiate all of this is a dedicated phone for "official" ID activities.
In some ways it is the opposite of a "burner" phone - sort of a quarantined device that only interacts with your real, official, legal identity.
Oh yeah, that really sucks. I’ve had a bunch of apps deem my non-rooted, bootloader relocked phone too insecure for them to operate. Nothing critical for me, fortunately (though I do miss Google Pay).
This is how I feel leaving the house without my phone.
Related: Philip K. Dick's Flow My Tears, the Policeman Said is a great novel on this topic.
https://en.wikipedia.org/wiki/Flow_My_Tears,_the_Policeman_S...
Sounds like a marginally more modern Brazil.
You don't end up under a bridge in Brazil for losing your phone.
You end up there by being born in the wrong family or part of town.
I meant the movie.
Google working to build web standards to let companies demand & verify state issued credentials too. This feels like such a scary scary step for the internet, letting companies demand strong verification.
Normally a huge fan of a bigger web platform, but will control, coral, and track users and that's a #rfc8890 violation of very high degree.
Digital Credentials API: https://developer.chrome.com/blog/digital-credentials-api-or...
I wonder if we can have both, the checking being done digitally. While still having an actual stamp on the paper passport. I know this sounds absurd but I dislike everything digital with no real, physical record I can keep.
I Denmark we can have digital drivers licenses, id cards, public transportation passes, online authentication etc.All of them have physical counteeparts. I dont think there are any plans to outphase any of the physical counteeparts for various good reasons such as people not having phones, accessibility, compatibility and so on.
I imagine that the issues for making, deploying and integrating a digital-only passport on a global scale would be much harder.
Love this idea, I too would love to have the stamping still available, perhaps at an automated kiosk you stick your passport in to receive your sentimental stamp.
or a global e-stamp service?
I am bummed entering Malaysia and Mexico because they no longer stamp my passport as I pass through the electronic gates.
France still does it with their e-gates for non EU citizens. Of course you could give them any passport to stamp and I think they would.
Can’t tell if the stamper has a plum job or if it’s a punishment.
The EU will stop stamping passports some time next year, assuming the new system isn't further delayed.
Don't go through the electronic gates? Also if you ask the officer and give him a reason (travel memories or bs like that), they might do it.
That is available now in the UK if you use the automatic gates. Soon in the EU stamps will be a thing of the past but you may be able to request one, if you can find a person to do it.
The problem you'll have is that the stamps may not carry the force of law, so not much help in a pinch.
I don't mind my passport lasting longer due to fewer stamps. What I don't like is that more and more countries require pre-registration. They can add as many questions as they want and the form can be as crappy as it needs to be.
Hopefully this will be fully automated at check in though. They already have all the info there, don't ask me twice. Send me an email if you won't accept me into your country. It can have its upsides.
Boaters, especially in northern Michigan and northern Washington (where the various small islands can almost seem randomly distributed between Canada and US), can get an app on their phone (the "CBP ROAM" app) to handle their frequent border crossings. A user creates a "trip" on the phone at the beginning of the day and then presses a button every time they cross the border. If the US has a problem they do a video call through the app. It's been around for a few years.
> can get an app on their phone
ok, do you want that, or are you required to have that..
Uniform servicemen already have made agreements about their data, locations, records, check-ins ad infinitum.. but citizens have not made those agreements.. So uniform services will just make those agreements mandatory.. there is no end to this.
especially irksome is piling on requirements for constant check-in among law abiding people who own property and pay taxes.. while somehow hundreds of thousands can walk around living in parks in the South ? I am not even extreme on this topic .. it just defies common sense and says Slippery Slope in giant letters
None of it is required, at least on the ocean in Washington.
When you cross the border on the water, you aren't required to report until you go to land (if you never set foot in Canada, but only sail through territorial waters, there is no requirement to report), at which point you must go to a specified customs dock, and present your paperwork.
Sounds like you’ve got people moving backwards and forwards frequently between the U.S. and Canada. Both countries are going to want to track those boarder crossings, doing it in an app just makes it easier for everyone.
Don’t really see what a bunch of people wondering around parks all located in the same country has to do with boaters moving between a smorgasbord of islands belonging to two different countries, and thus randomly crossing the boarder back and forth multiple times in a single trip.
You have to fill out request forms, and have an interview, and if they like you they allow you to use the app.
People want it because it lets them do what they want with less hassle and it makes many trips possible that are impossible if you have to cross the border at a manned border crossing.
But of course, there is a slippery slope danger.
You are annoyed that border controls don’t also affect what people can do thousands of miles away from the border? And you are also afraid of a slippery slope where border controls become ever more strict and interfering? That is a very odd pair of thoughts.
Oh ** I hope not.
If so I'm going to be the one asshole who presents the document on my laptop just because I don't believe that people have the right to invite themselves onto my phone.
Reminder that it is a condition of crossing many western country borders that you can be asked to hand over devices to be cellebrite'd. Refusal? YMMV
> Address the massive amount of data from passenger digital devices
> Collect all relevant data from every available data source uncovered at the border
But they can invite themselves to your laptop?
Easier to run a VM and a FOSS OS on your laptop.
[dead]
They already did this with the EU settled scheme in UK.
It’s a little disconcerting because you’re literally one „computer says no“ incident away from not being able to return to your own bed.
Literally zero paperwork was issued to fall back on so you’re entirely dependent on a DB server somewhere
Probably going to get a UK passport too just to manage risk. (Already qualify)
Yeah and they’re now rolling that out to everyone, not just EU citizens. This sucks the most for visa nationals because their passport isn’t good enough to get into the country. They need the server to be alive and their documents linked to even make it to the border, let alone to cross it.
Travel to the UK is going to be really chaotic from 1st Jan when all BRPs expire, and 8th Jan when US citizens and other non-EU nationals require ETAs.
I think they now allowed to use expired BRPs for a few months post 1st Jan.
From HO website: "You may be able to use your expired BRP to travel to the UK until 31 March 2025 if both: your BRP expires on or after 31 December 2024. you still have permission to stay in the UK."
Yes, they’ve said that, but gate agents at airports are the people who get to make decisions about boarding and expired documents will definitely freak them out. The issue isn’t really at border control, where there’s direct access to the databases anyway, it’s at the various stages of delegated border enforcement (boarding a plane, right to rent etc) where this will suck.
You might be able to bully them into accepting them because it’s in Timatic but there will be British residents who are blocked at least temporarily because of this.
Ah good point. Hadn’t occurred to me that I could still get in as tourist so to speak
Quite a juicy target if you want to disrupt a whole nation. Putin taking notes.
> Putin taking notes.
Russian visas are machine-readable since 1997 to ease the DB request.
As soon as you put everything on a single point of failure, it will fail you.
It is not a good idea to have keys, documents, passes, ... all on a smartphone: it can break if dropped, it can be stolen anytime, it can have no battery. Those devices are not good for such important elements of a travel.
Ah! I know this one! You buy the compatible watch and tablet too! ;)
>As soon as you put everything on a single point of failure, it will fail you.
And thus: Gregoriol's Law is born.
Everyone here is freaking out but here are a few things from my experience:
1. There is very little to no chance that all the governments in the world are going to cooperate to create a centralized database about their citizens. Most countries don't want to do it and I don't see China or the US doing it anytime soon.
2. The biometric passport is not a paper passport already. The same way the SIM chip disappeared, your "passport" can disappear too.
3. The non-biometric passport will remain valid for at least 20-30 more years. I am talking about these very old passport that only a few handful of countries still issue including the USA (for particular situations). This backward compatibility will mean that the paper passports (even non-biometric!) will remain supported for a very long time.
> There is very little to no chance that all the governments in the world are going to cooperate to create a centralized database about their citizens
Agree that a 100% rollout is unlikely. However the UN, WEF and associated groups have been seeking global Digital ID for awhile now. Apparently it will help them protect us all from Climate Change.
https://www.undp.org/blog/why-legal-identity-crucial-tacklin...
Some countries can still only issue non-biometric passports in their consulates, so expats who can't stay in their "main" country for a long time are stuck with those.
Lots of edge cases. (ie: US citizens who have never been to the US)
https://www.id2020.org/New technology in the airport is incredibly scary. I recently flew between the United States and Canada and it is mind boggling how trivial passports are already becoming. I began by looking into a camera on a kiosk, where as soon as my face was recognized, I walked up to the CBP officer and he verified my identify with a quick look at my passport and ticket. I don't see the passport lasting much longer, at last in the US, Canada, and Europe.
Singapore is even further ahead, with no human in the (regular) loop at all. I walked up to the first barrier, it scanned my face and opened. My name appeared on the screen inside, before I inserted my passport. Then the system "thought" about it for a few seconds, and then the second barrier opened.
I appreciated the complete lack of a passport line (going and coming), but got squicked out about the heuristics the system (might) run through before it let me through.
That's where all of this is headed, though.
>but got squicked out about the heuristics the system (might) run through before it let me through.
I think you're overestimating how sophisticated the system is. Most online check-in processes require you to input your passport details. In-person check-in probably results in the gate agent doing something similar. If the arrival airport has this information, it's pretty easy to look up the corresponding face on file (that you provided when you applied for a passport), and use that to generate a list of faces you need to match against. From there, it's only a matter of matching a given face to a face in that set. Moreover, given that arrivals are staggered, that set is going to be relatively small. A wide-body aircraft holds around 300 passengers. If 3 of them arrive at the same time, to the same passport control point, that's only around 1000 faces to match against. That's far easier to do than trying to match against all faces in the entire country, for instance.
Sure, the recognition step is fairly simplistic.
It's not inconceivable, however, that the system connects to whatever other dossier(s) have been built against my identity. Even before we consider ML facial recognition by public cameras (probably not yet possible at scale?), the Singaporean SIM card I bought was connected to my passport, which gives them my location: both absolute and relative to anyone I might have spent time around.
I mean, I was a normal tourist, and not doing anything shady whilst I was there, but... False positives exist, and I wouldn't have wanted to have been pulled out of the queue for questioning about something I couldn't possibly have explained.
Singaporeans seem to have a different point of view about surveillance, however. Even the (fairly low-key) human rights activist I chatted with thought it was all great, and said something along the lines of "the cameras keep us safe". "Privacy" as we tend to think about it on this board may be a mainly Anglo-Saxon concern, for what that's worth.
>It's not inconceivable, however, that the system connects to whatever other dossier(s) have been built against my identity. Even before we consider ML facial recognition by public cameras (probably not yet possible at scale?), the Singaporean SIM card I bought was connected to my passport, which gives them my location: both absolute and relative to anyone I might have spent time around.
Why do they need a dossier on you when the passenger manifest has your exact identity? Or are you talking about them tracking you in the country after you left customs? Given that passport control is already plastered with cameras, and you need to present an identity document containing your face to enter the country, I'm not sure why people feel extra creeped out by an automated passport control gate. If they wanted to track you they already have all they need.
I'm talking about them tracking me in the country after I left customs.
Singapore has moved to no passport entry for many countries. As in you don't need to show your passport at all.
https://www.ica.gov.sg/news-and-publications/newsroom/media-...
Most of the EU is no human in the loop as well if you are a Schengen-area citizen
ATL has this in parts for domestic flights if you're eligible for 'Digital ID'. Passport control in the US is still for the most part way behind other countries.
Why is there an identity check for a domestic flight anyway?
When flying into Toronto last year, I filled in my rudimentary customs declaration on the machine and then was waved through right out. Not only did I not interact with a border officer, I did not pass any kind of e-gate either.
You can opt out of the facial recognition in many cases. I do.
Only if :
1. I get a Free Smart Phone for use for this
2. The service is Free
Passport books have a 1 time fee and for 10 years in the country I live in. I expect the same for Phone use.
Believe me you don't want free smartphone from the government. I'm astonished how easily people accepted to load everything onto their private smartphones. This happened so fast, within one decade.
A free smartphone only for this. I don't want it on my phone.
Yup. You can always keep it powered off and in a Faraday sleeve until it's time to use it at the border. It should be possible to distribute a device that's smaller and lighter than a passport, and I'd be all for it, so long as it's at least as reliable and/or if there's a fallback process when it isn't.
I like my RSA fob, they changed the app name one day and I wasted time working with the IT department.
In the US, it currently costs $165 in total for a passport book (new or renewal).[1]
That’s more than enough for a cheap android phone.
1. https://travel.state.gov/content/travel/en/passports/how-app...
We can label the service 'Free', for "17 layers of indirection in paying for it" values of 'Free'.
Not much above emotional attachment is free here under the sun.
In my experience, emotional attachment is often the most expensive thing there is.
Well, not in the UK. Here you need a passport to partake in any significant financial activity - I had to get one to sell my flat, and you need one to open a bank account. Neither of these were needed 20 or so years ago. It's basically introducing ID cards by the backdoor, when the majority of the UK has always been against them (but civil servants and politicians love them). And all under the nebulous reason of "preventing money laundering".
I have to say though that the guy I spoke to at the Passport Office (a civil servant!) was very nice, and they did git it to me quickly. Never used it again 4 years later, though.
Do you need a passport, or do you need some form of government ID?
Presumably the 15% of UK residents who have no passport are still able to identify themselves somehow...
All three of my last UK jobs all wanted to see passports on day one for everyone (Brits and foreign) to verify work status so in more formalized part of economy everyone has one
Completely ignorant here. What happens to individuals that are ineligible for passport issuance? Are they just extra-screwed?
There is usually a complicated list of documents that can be used.
Depending on the legal process in question, another photo ID (e.g. driving licence) may still be needed.
Pretty much. But they may have other IDs like driving licences. And they are introducing electronic visas for immigrants.
Well, of course. They didn't bring back blue covers only to get rid of the document completely.
"Digital only" is a truly terrible idea for passports, currency and everything else. Even if everything worked perfectly (it never does) and all the databases were completely secure (they aren't), what happens when there is a power outage? What happens when the network goes down? What happens when you drop your phone in the toilet? In a perfect world nobody in a position of power would be remotely stupid enough to suggest going all digital for anything critically important, yet here we are.
> What happens when the network goes down?
When I was traveling in London in 2018 I was barely able to pay for the groceries I needed in order to eat that night because I was checking out just as the global VISA outage started happening.
https://www.theguardian.com/world/live/2018/jun/01/visa-outa...
The machine took a long time to process my payment, but after a couple of attempts it managed to go through. As I left the store I noticed a long line forming for the self-checkout registers, and nobody else was able to get their payments to go through. There was apparently no option to fall back to cash at that store.
Whenever I travel now one of the bits of research I do now is to make sure I have a plan for getting basic necessities like food and shelter should an electronic payment system outage like that happen again.
I've repeatedly wished for a mechanism integrated into a phone that allows displaying one or more documents (e.g. QR codes, tickets, some other form of document to be displayed) while having the phone otherwise locked (in lockdown mode, so a password is required to unlock it). That would make it much safer to display a QR code on your phone without the net effect of having your phone unlocked when going through security.
Until then, I'll continue to print such things out on paper.
If you put your boarding passes into the Wallet app, you can access them from the lock screen of an iPhone.
This seems to have been the case on older Android (the "Quick Access Wallet" setting introduced in Android 12), but if that still exists on current Android 15 I haven't found it.
Why until then? Print in any case. It is an excellent way to have all of your important travel documents separate from your smartphone. Use you smartphone as the backup, not the other way around.
My Eink phone can do this (Hisense model), but the sacrifice of using one might be too big just for an on-demand QR code.
Every time I try such machines, I end up talking to a police officer, instead of being recognised.
Additionally, passports don't need to be charged.
In response, I've stopped traveling to surveillance states or high (in)security states. I'm unwilling to participate in a society where I am expected to produce ID when walking down the street or can be accused of vague pseudo-crimes like being, "suspicious looking".
I know my boycott won't mean much to those who are willing to put their entire lives onto their personal tracking devices. Maybe it even seems unreasonable to those who are accustomed to complying with testicular exams at the airport. That's totally fine. I'm not here to convince them of my principles. We all have different values.
The point is I can leave the house without a device or ID and live a perfectly normal life.
[dead]
Well I hope the numbers we're counting down from are pretty high then, because my interest in using my phone or face as a digital ID is non-existent. Can't we at least do smart cards? What if I don't want to travel with a phone? And let me guess: my options are some Android phone or an iPhone, and there's no need to worry about any potential new entrants to the smartphone market for the foreseeable future. We needed more barriers to entry for that market, it was getting awfully competitive!
Yeah, sounds good. Again, I hope those days are numbered higher than mine.
Governments passively support a Windows desktop monopoly, why would they care about a cellphone duopoly?
My question: how about we just don't do this? Can we all agree the "governments depending on ActiveX controls for important things" thing was a terrible idea and just not? Smart cards would work fine, and there's even standards for it!
The answer: nope, it's almost certainly time for round 2. Plus some forced facial recognition for good measure.
Like I said, I hope the number on those days starts pretty high.
Well no, there is still no passport app in EU or the US. It's not dying, but it's going to
There is a passport app that lets you clear US customs much more quickly: (no pre-approval needed, only US/Canada citizens are eligible at present)
https://www.cbp.gov/travel/us-citizens/mobile-passport-contr...
But you still need to carry the paper passport as backup.
just to note you can also use it as a non-US citizen if you are arriving on a Visa waiver programme (ESTA)
Additionally, Legal Permanent Residents of the US can use it too.
It says "Returning Visa Waiver Program Applicants". What does "returning" mean in this context?
The US has had a self-service border crossing app for years. It is aimed at pleasure boaters and requires an in-person interview once a year to use.
What if we just didn't do borders instead? Seems like it worked fine for the EU.
The EU has borders
Im aware but I apologize, we're in a thread about passports and I forgot I was on pendant news.
^pedant
Correct answer
Yea, no thanks.
if this really does somehow become the only option, I'd imagine the best you could do is just carry a cheap android phone for this sole purpose.
If the government is going to mandate that you carry a phone in order to travel, they should provide the phone with the passport. I don't know how any of these "smartphone only" official document schemes are expected to work for people who don't carry smartphones.
There was a lesser known Obamaphone program where the government did exactly that. it's not a bad idea.
Ukraine cancelled consular services for all men abroad. It is not possible to renew passport without risking freedom.
I think many men will keep their paper passports with 10 year expiration date. And renew it every year "just in case".
The outcome of ubiquitous digitalization will vary depending on number of orifices in your crotch. Number of orifices will be verified by medical commission when you reach adulthood. In case of Ukrainian men this ruling likely impacts only those non affluent, their rich kids seem to have a good time in EU and around the world.
That's the usual thing. You either cross the border before turning 18, or you have fathered three kids (surprisingly, they don't have to be from the same woman) or you have a special exception for special reasons and promise to be back.
Last time I checked, the story was something like -- you need to log into the system, make you personal details up to date so they can summon you for the best job in the world, but they don't actually summon anyone from abroad yet for obvious reasons.
Risking freedom? You mean doing your part for freedom for all
Sounds great. When do you land there? You already purchased your one-way ticket to there, did you not?
Two thoughts:
1. How would it work in case of dual citizenship? Would one be able to choose under which nationality they want to cross the border?
2. "(...) no fallback systems in place." This is worrying. Do we just send people back (at their own cost, I presume), because they were rejected by the system? This seems like a pile of lawsuits for unlawfully preventing family members to visit each other or generally restricting freedom to travel with no accountability.
You will be numbered as well.
Revelation 13:17 And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
This article seems like a baseless assertion to me. There are lots of fast track like systems that are basically equivalent to a return to the earlier practices of using licenses at borders. That wasn't anywhere near a viable replacement to the issuance of all passports back then and the same issues are present now.
I hate this idea. I hate having to depend on my phone. I rarely use it and often let it run out of charge. They can pry my passport from my cold dead hands.
I think the article is poorly titled, as it doesn't mean the end of paper passports. I can't see that happening in my lifetime - we still have checks and credit cards despite most young people just tapping their phone around.
I'm all for digitalizing documents as an option, but not if it means losing physical copies. So far the government has been on the side of not discarding them - we still get paper social security cards.
The reason hard copies of most documents will exist for a long time -- building federated digital systems is a huge pain in the ass.
Sure, you can have a digital passport for purposes of authenticating yourself, which is operated by your national government. Will this government allow the same level of access to the embassy of North Korea or some other geopolitical adversary or just to a random sim card issuing shop in a mall oh the other side of the globe? Maybe they will in the same way corona certificates were implemented. Now will every single place that legitimately needs to have a copy of your id on file be bothered to interface with this system and all slightly incompatible versions of it provided by other governments? Probably not.
And passports are kinda sorta simple to begin with.
The US has checks. Most other nations have mostly (or completely) phased them out for more than 2 decades.
Credit cards are just chip carriers now. Mag stripe is being phased out. So either you use the chip connection or use contactless. The cards issued by my bank (Australia) aren't embossed and the mag stripes will probably disappear once the banking 3rd world (US + some of Asia) catches up with the rest of the world.
Oh and contactless is literally the same protocol as the contact connections, so "just tapping their phone around" is exactly the same (to the terminal) as "just tapping their card around" or "just inserting their card to read".
Government ID could be done in a privacy enhanced way that only provides the requestor attestation of the required information and nothing else.
eg * "Is this person that just provided an encrypted and unreadable blob from their ID card over 18?" "Yes".
* "Is the person that just provided an encrypted and unreadable blob called John Doe?" "Yes".
The government already has all of your identification from birth to death.
By (mostly) definition, your identification is what your local government says it is.
> we still have checks and credit cards despite most young people just tapping their phone around
Unfortunately we're losing cash. There is one of those modern "chic" mixed-business-and-apartments developments not far from my house. Shortly after they completed construction my 12-year-old daughter visited the ice cream store there with her friends, but she couldn't pay for her ice cream when she got to the register because they didn't accept cash. They ended up just giving her the ice cream.
Most of the restaurants there have a "no cash" policy posted in their windows and at the till. No skin off my back. They're overpriced for what they are anyway, so I'm happy to give my business to other local restaurants not in the fancy mixed-use development.
What happens if I loose my phone while travelling? Stolen, smashed, broken, exploded like Samsung?
Or if your battery runs out. Or if it has a bug. Or if it runs a non approved OS. Or if it's too old. Or if it's being running an update.
I’m annoyed that I had to scroll this far to find “battery runs out” as an issue. I travel frequently and have had this happen a number of times.
Paper passports shouldn’t go away. The USA should, though, stop issuing 50 page passports by default. Way too many pages for how less frequent passport stamps have become for the average traveler.
How is this any different a concern than losing your physical passport while traveling?
Much harder to smash a piece of paper/plastic and it's kept protected whem not needed, while phone is constantly in use. Also paper can't brake down randomly.
In my country everyone has to be able to ID themselves when asked so I have to carry my passport around. If they can put it on my phone that would be nice.
On the other hand if my phone is gone I am prety much dead no money no papers just another john doe...
I wonder how paperless passports would work for folks with multiple passports.
The title is hyperbolic. You still do need a passport and there's no such thing as a digital passport. You need to register your document at some point, so that one is what you will use. Using a different passport would mean logging in and changing your data; your user will be unchanged.
The article is speculating about the future based on current trends, so of course there is not yet a digital passport.
The current experiments seem to be fractured across governments and I would be very surprised to see a centralized system (as your response seems to imply) come into play until well after various governments introduce their own digital systems.
It's not even future, it's rolled out in Ukraine to millions of people and it uses silly face id over the camera to authenticate you for remote things. You can't cross borders with it, as it requires amending the treaties, but otherwise it's a thing.
> You can't cross borders with it,
Ok so it's not a passport. What is being described by the article are just national identities based on physical cards. Estonia has been doing that for a very long time as well.
Also, I had to leave my passport at a consulate to get a visa added. How would that work? It seems the coordination alone would make something like moving to full digital take a long time to happen.
I’ve done the online process to get a visa before (India and Australia), you just upload pictures of your passport and they code a visa to your passport number.
Without a paper passport I’m not sure how that would work. They could code it to another piece of identity I guess (like your ID card), but there would still be something unless biometrics become advanced enough.
I assumed that's how it should work and was surprised they needed my passport. It was sent back with an entirely new picture page. When I've crossed borders they don't seem to know I even have a visa unless I tell them /shrug.
Same as current ones - each gov does their own thing & are largely mutually blind aside from info their spooks/police/taxman may share. Chances of this being widely coordinated are slim.
Everyone is quite keen on maintaining sovereignty on matters like this aside from tightly integrated blocs like EU
It would be a nice start if the EU could stop inking passports on the way in and out as well as computer recording it all. Such a waste of time and ink
> if the EU could stop inking passports on the way in and out
I’m not sure what you’re referring to. Where are you traveling from? I never had my EU passport inked when traveling to the UK or US. Within the Schengen Area I never needed a passport.
I’m a US citizen and get stamped on the way in and out of Schengen area every time. I think they do the same for UK post-Brexit.
They need to track time in the Schengen zone for non-EU citizens, which is what the stamps are mostly for AIUI.
Common in/out the Schengen with my UK passport post Brexit - got lots of stamps. Though it varies by country
Every round trip from the USA to Ukraine gets six stamps for me. I’m going to have to renew about five years early on this passport. I’ll get the fat passport next time.
My UK passport has been stamped on every EU entry I've made since Brexit, except Ireland.
Like every other non-EU citizen when entering/exiting the Schengen area.
As an AU passport holder it's been like that for at least 30 years.
This is an odd complaint. It’s not a waste of anything to update a record on an official document. Indeed, it’s more frustrating when they don’t because now I can’t see my full travel history by looking at my passport. Yes that exists somewhere in a DB but I don’t have access to that.
Those pages are some of the most expensive square centimetres of paper in the world.
What?
EES is rolling out next year: https://home-affairs.ec.europa.eu/policies/schengen-borders-...
Well, the parliament blessed this idea in 2017, so any time in 2025, the entry exit system will be operational. Public sector timelines are like that.
Pasports should be cards. Visas should also be cards. The booklets and stickers should be done away with.
I have a card passport that I can use when crossing the Canadian-US border by land. In fact just my driver's license is technically all I need.
The problem was when I caught COVID while on a trip to Vancouver. I was getting very sick and needed to get back home ASAP, but since I took the train I couldn't drive. All the car rental companies in the area were completely booked out. I thought, "Great, I guess I'll just go to the airport and catch a flight," except since I had crossed by land on the way in I didn't have the document I needed to fly out.
Fortunately I was able to find a bus early the next morning, but it was looking pretty sketchy for a few hours until I could figure out how to get back home. After that experience I'll never travel out of the country again without my actual passport.
I have a passport card that I use domestically and present in the event I am pulled over while traveling.
> The booklets and stickers should be done away with.
I would prefer that stickers continue to be used, but have cryptographic information in them and partially derived from information on the passport book itself.
I was so sad I did not get a stamp in my passport when I visited Australia. Everything is electronic
You can ask a security officer after the immigrations desk to stamp it. It's entirely dependent on the officer and whether the stamp is at the desk that day, but my wife and I recently both got our passports stamped this way.
No guarantee, etc - but theoretically still possible as of 2024.
I do two or three return trips between Australia and the US every year. My four year old passport has no stamps at all.
This is frankly an abomination.
I understand the need to identify people people crossing borders etc, but it's not, never has been and should never be a binary or digital thing. I'm not a religious person whatsoever but the identity of a human is not a stamp.
No-one should have this right to such centralized control of human interaction, whether it be facebook or globally linked digital passports. We desperately need more local and subjective methods of reputation that are not tied to big centralized corporations or governments (one in the same).
And yes, subjectively is a feature. I don't know how we can solve it but current path does not look good and is incredibly anti-life.
Passports can die when they merge the passport with my drivers license, at least here in the US.
It would be great if we had a universal ID program. Even better if that program also replaced Social Security numbers.
Alas, it'll likely never happen in my life time.
> Passports can die when they merge the passport with my drivers license, at least here in the US.
They've been trying to do this, with "Real IDs"
Not exactly what you're asking for, but it's more akin to making Drivers licenses like passport cards
Passports can die when there is reliable internet everywhere in the world. Including remote wilderness areas you paid a lot of money to visit and disaster zones where basic infrastructure has failed.
Why do you need "reliable internet"? There's no reason why a digital id system requires internet access to function. If it's stored on your phone, all it needs to do is be able to transmit a pre-signed blob that contains your biographical details. The verifier doesn't need internet either. All that's needed to verify a given electronic passport is a list of root authorities for every country, which can easily be preloaded onto a device.
> If it's stored on your phone
What do you if your phone is stolen or broken?
The same you do when your passport is stolen -- panic and reissue. If anything, reissuing a digital id on a new phone is less hassle, as long as you didn't lose every other physical id, the sim card and reissue codes for esim.
All of that already works and wasn't even revoked for military-aged men for the usual reasons.
Dealing with consulates and embassies is much more pain in the ass compared to redownloading the app and banging in a number of cold restore cases.
Aren't you concerned about the rising dependency on that little spy in your pocket?
Compared to spending half a day just to get to the embassy and hoping they woke up and choose not to be useless today? Or paying notary public and having apostile stump and then paying for DHL?
No, no I don’t, not for this reason at least. I can have my x509 issued without a phone as well and it works with an opening source library.
I don’t use any of that regularly, but the alternatives I experienced wrre much, much worse.
Those however are not the places where you usually need to show a passport anyway.
How close are the various satellite systems to achieving this?
Not even close. Half the time you can’t even get workable mobile internet at customs.
Isn’t that by design?
In a few spots - but not usually. Unless you count terrible design as intentional design.
There are too many varied political interests against this.
I have plenty of left-wing friends who refuse to get realids due to something about illegal immigrants and right-wing people hate it because they view it as central govt overreach.
What happens if you don’t have a “smart phone” or any phone/tracking devices at all?
Are we all getting bar code tattoos and will be prosecuted for not having a barcode tattoo?
this is yet another step in the frog-cooking approach to identity management.
from a weak passport owner's perspective, our biometrics are already taken away whenever you apply for a visa. as shown in the article, for domestic purposes too this is done, so this is just a matter of convenience to nudge everyone to give it up now.
with the above fallacy, one would be ok to adopt this system for international travel. but i wonder if adopting this system in all air travel would be the additional notch up in the temperature of digital privacy.
The title is slightly misleading, as the article seems to focus on flying between certain countries. Good luck expecting to cross 90% of the worlds borders without a paper passport, where these technologies will never appear.
The author seems to lack the capacity (or experience!) to imagine other ways of moving around the world that are not flying.
Cold, dead hands.
It’s funny how all the dystopian predictions of supposed “conspiracy theorists” (a term graciously coined by the ever helpful CIA, a bastion of freedom for all) seem to always come to fruition.
It basically is a prison planet already, the remaining aspects of the humanity of it are just being automated out slowly but surely. The worst tyrannical dictatorships in history could not have even dreamt of the current state of things in their wildest dreams, and we are all racing at breakneck speed towards a hell of total domination by sadistic tyrants.
Had to read a bit but, ah, there it is: the war on general computation
> A DTC, according to the United Nations’ International Civil Aviation Organization (ICAO), which is behind the approach, is made up of two parts: a virtual element, which represents the information stored on passports, and a physical part, the bit on your phone. The two are cryptographically linked to ensure they’re not forgeries.
Your phone, apparently, can't simply carry this data and provide that at your choice to the passport checkpoint for it to verify by taking a picture of you and comparing it against their database. No, it needs to be locked down. If you are the admin on your device, you could make a copy, so it sounds like this will never be allowed to run on a phone that isn't locked
Smartphones are supplanting computers for a lot of people but manufacturers lock it down in a way that you can't fully see (let alone control) what it does. Some manufacturers let you flip a switch and get this access, but then big corps and governments try to counteract that and refuse to provide their service on your unlocked device
For a smartcard (bank chip, SIM card, yubikey, passport, oyster card, etc.) this isn't a problem because the device is dedicated. I don't need access to the private key on a SIM card because I've got no intention of forging it. Would be cool to see its internals but it doesn't have a microphone or its own uplink. However, I do want access to my smartphone because I use it for all sorts of things (including making a full backup instead of dealing with individual apps' manual or adb export functionality) and it processes all sorts of personal data about me that I want to be in control of (I often open an app's data folder to see what is stored, queued for uploading when I don't give it network access (SwiftKey has telemetry reports queued for years and years), or to modify some setting that the GUI doesn't expose). One of my primary devices wouldn't really be mine if I need it to carry these things requiring DRM
These applications have legitimate reasons to want to be on a smartcard, for it would require an always-online database who the counterparty (such as border control) can trust if they can't trust me or my device. It just doesn't belong on a smartphone, like get your own secure storage if that's what you want me to carry. Payment, passports, and public transport can all bundle their thingies onto one smartcard just fine (if they can standardise on phones, they can also standardise on a much simpler device with more uniform functionality). It could even be a smartcard chip inside my phone, but it shouldn't be my phone with my data on it that needs to be locked down for this unrelated purpose
good luck with that ( ಠ ͜ʖ ರೃ)