The Queensland digital drivers licence does meet international standards, but experts say allowing visual checks undermines that effort.
The international standard, ISO 18013-5, outlines best practices about how digital licences are used, how information is shared and how data is stored.
Personally I’m not convinced the Queensland one’s visual check is really so bad. In places where it’s more important to be precise they use the QR code, and when it’s less relevant (I’m in my 30s and got carded at a local pub just last week, to the amusement of the people I was there with) a visual check is good enough.
More concerning than the subject of the article, to me, is this news of fundamental security flaws from 2022 in how even the QR scanning version is implemented in NSW. It’s unclear whether any progress has been made in addressing that.
null_dot@lemmy.dbzer0.com 18 hours ago
I think this article is a bit of a beat-up borne of a misunderstanding of security and the design requirements of the app.
Only an idiot would think that the “hologram” from the app is intended to be a real hologram. Of course phones can’t do that. The “hologram” is simply an image in the background that moves when you move the phone. It prevents people from taking a screen shot of their license and sharing that photo with their friend. That’s it. It prevents the most basic of attacks, and does so very effectively. It does not prevent other more sophisticated attacks.
In low risk situations looking at someone’s ID and confirming that it’s not just a screen shot of someone else’s might be satisfactory.
As they said in the article, if you want to be sure the ID is legit you can scan the QR code.
Zagorath@aussie.zone 17 hours ago
Unfortunately at least for NSW, that seems like it probably isn’t sufficient. In 2022, some serious flaws with NSW’s QR system were uncovered. They might have fixed it since then, it’s really not clear. But given how they reacted to the original report by denying there even was a problem and pretending the criticism was about privacy, my guess is they never fixed it.
I think that this article is kinda trying to allude to this issue, but it throws it in as some tangential points about how Queensland implements the ISO standard good security with its QR, and no other state does, separate from the main conversation about the visual inspection. I agree with you that the visual inspection is basically fine as it is, for lower-priority situations.
But reading between the lines, it sounds like they’re saying NSW still does the QR codes wrong, and that Victoria and possibly other states followed NSW’s bad lead, with only Queensland doing it right.
null_dot@lemmy.dbzer0.com 6 hours ago
Yeah, the article doesn’t really examine how the app is using QR and what a more appropriate approach might be, it’s just complaining that the hologram doesn’t confirm authenticity - which it’s not intended to.