The implementation of digital driver licences in Australia, notably in Victoria and New South Wales, has sparked significant debate regarding their security and reliability. The adoption of these licences aligns with international standards outlined in ISO 18013-5, which details best practices for digital licences, including usage, information sharing, and data storage. Here’s why experts are sounding the alarm about potential vulnerabilities in existing systems. Specifically, they are worried about the degree to which generative artificial intelligence could easily deconstruct things like security features.
In digital driver licences in Victoria and NSW, there’s an “on-app hologram,” a kinda cool-looking visual effect that’s meant to improve security. One major critique is that this hologram is easily replicable, which negates its purpose as a security feature to prevent fraud. Service NSW has looked for six visual aspects to check digital licenses. One of these elements is a shifting “waratah hologram,” but cybersecurity professionals have quickly noted that it doesn’t actually work as a legitimate security measure.
Questions Surrounding Security Features
Mr Uren, a digital sovereignty expert, said he was deeply concerned that fake digital licences would be misused. It’s one of many times he warned against the risk of fake documents. These things involve their potential for providing false identification when involved in automobile accidents and completing rental contracts.
“It’s not a security feature. Someone has conned someone who has purchasing power with public money and not enough technical understanding to see that it’s completely invalid.” – Mr. Uren
Uren was clear that the hologram fosters a false sense of security. This unnecessary sense of security can mislead consumers.
“All it does is give people a false sense of security that when they wobble the screen around, that’s somehow showing it’s a legitimate drivers licence when it just isn’t the case,” – Mr. Uren
As technology has grown in sophistication, including generative AI, the integrity of digital licences is being called into question. Experts argue that placing high fidelity visual elements, which can be easily and readily replicated, does introduce a serious Achilles heel to the verification process.
Critique of Current Verification Processes
Dr. Vanessa Teague, one of digital security’s leading advocates. She went on to assail the new verification procedures that different states have imposed. She rejected the idea that preventing fraud through visual inspection is sufficient.
“It definitely speaks to a total failure to run a good process for specifying, designing and building a secure app,” – Dr. Teague
Teague highlighted that Queensland’s digital driver licenses exceed international standards. He noted that the proposed visual inspections for “low-risk verification” are inadequate at best. She urged states to focus on harder to forge verification methods like QR code scanning.
“To me, it even raises the additional concern of whether the QR code scanning has been validly implemented.” – Dr. Teague
In her testimony, Dr. Teague highlighted the need for greater transparency and scrutiny in the overall design of these dangerous digital systems. She added it was unacceptable that Australia has not yet developed better standards for digital licence security.
“There’s really no excuse for Australia not to be adopting one of those transparent standards,” – Dr. Teague
A Call for Improved Security Measures
To prevent fraud, the Victorian government advises third parties to confirm a user’s digital licence by scanning the app-based QR code. This approach provides a more robust, secure, and tamper-proof option than visual inspection. Despite their potential, experts such as Dr. Teague are not quite sold on the technology or how they’d be used.
“It’s a scam. There’s no polite way of putting it,” – Dr. Teague
In response to these criticisms, many experts are calling on governments to rethink how they secure digital driver licences. Most importantly, they contend that we should demand rigorous standards and transparency from the implementation process. Without them, Americans are left exposed to scams enabled by duplicatable digital IDs.
Questions surrounding the effectiveness and safety of digital driver licenses persist. It is imperative that state governments and technology developers alike take proactive steps to improve security and restore public confidence with these systems.
“It costs nothing to do this on five lines of code. It’s not a security feature in any way, for that reason, because it costs nothing to make one,” – Mr. Uren
As discussions continue around the effectiveness and safety of digital driver licences, it is evident that both state governments and technology developers must take proactive steps to enhance security measures and restore public confidence in these systems.
