ProTip™: US Passports are ACCEPTABLE FORMS OF ID (in all US Jurisdictions), and are not able to be scanned for these types of purchases.

Government-issued identification, which passports (US or otherwise) are, are always acceptable forms of identification. I'm not sure this is a protip.

You know what is a protip though? When applying for a US passport you can also choose to get a passport card. It's a plastic card that is the same dimensions as a driver's license and is valid for use in place of a passport when traveling between US-Canada-Mexico by land, and it's also an acceptable form of identification in general because it's a government-issued identification.

Yes and no. For example, a concealed handgun license (a state-issued government ID) is not acceptible for (e.g.) opening a PO Box.

I grew up in Central Texas (HOURS to get out-of-state), and many drinking establishments would ONLY accept a Texas ID/Passport for alcohol purchases — this isn't "legal" but "how it was."

I'll take your ProTip, though, and get myself an ID Passport Card (I presume this is not scannable).

A very ethical but likely illegal life ProTip™®©: microwave a passport for 1 sec to burn out the RFID. The printed matter is sufficient to "read" a passport, while carrying around an unsecured, black box RFID readable at a distance is a privacy nightmare.

I've been to multiple countries where they read the RFID in the passport for automated border control, and if you don't have an RFID-capable passport they revert to manual inspection where you may be asked uncomfortable questions.

I'd rather use an RFID-safe pouch to store my passport and use the RFID-based automatic border control.

What sort of uncomfortable questions?

The kind of uncomfortable questions asked by racist border agents who assume anyone with a darker skin color will have obtained a visa fraudulently, or will overstay their legitimate visa.

"You an American, there, BOY!?!"

--

My fun, pre-RFID traveling days... always ended up with me in secondary screening. Millions of non-citizens, waived right-on-through... and then these two Texian gringoes... getting their beat-up, licensed & insured Z71 thermally scanned at every possible Rio Grande crossing.

--

Decades later, traveling insland (with gray hair and wiser comlexion) and I smoked a joint while a drug-sniffing dog walked by, unaware of his worthlessness (as intended).

--

It's all theater, welcome to Our Play.

If I recall correctly, the RFID data is “encrypted” using the name and birthdate on the passport, making it fairly hard for someone to remotely scan and get usable usable data.

You pretty much need the full MRZ or be lucky you get the right part (date of birth, document expiry and document number used) data at the bottom, it's unlikely you can brute force this in the fleeting time available with a run-by scan. If you have a digitised document number it is a lot easier but otherwise you need continuous access to the chip and when you have that you can also just read it.

See ICAO 9303 for details. (BAC specifically)

Name and birthday isn't enough entropy to resist even a naive brute force attack.

Why didn't they encrypt it with a random key and then put a QR code of the key on the inside of the passport? Or just use a magnetic stripe or similar instead of something that can be remotely accessed by an attacker?

It's not "encrypted by" but "authenticated by", see https://www.cs.ru.nl/~erikpoll/ufrj/C_ePassport.pdf slide 10 and 11.

Nationality is NOT one of these encrypted data fields (i.e. you can determine if an American is walking nearby, but not their name/DOB/etc).

For what it’s worth MDL, the digital driver’s license, has this baked in unless the standard changed since I paid attention - your identity authority signs a record saying >18 and >21 (+ photo) and that’s what’s transmitted.

Qld government spent $18m making its own digital license app ignoring that Apple and Google both implement the iso specification for digital ID protection. I've had two interactions online with sw people convinced "they did it better" and I am buggered if I can tell how.

Typically what happens is that consultants implement the IT systems for these departments. Unfortunately it wouldn’t surprise me if the government got snowed into thinking they needed this app / there are kickbacks involved behind the purchasing decision.

Still, it is possible the app has a legit reason like the OS wallet implementation is missing support for their region or OS wallet support is incomplete in some way and this bridges that gap.

18m does seems a tad steep though considering that RDW payed UDL to build a sample reference app for free and one would expect that to be the basis for any 3p implementation delivered. Like that would be 36 very highly paid engineers which is a lot for 2 apps. It’s possible the 18m was also for the backend changes to enable the app which would maybe be more legit and be required changes for the builtin integration. Are you sure it was 18m just for the app?

No. I misremembered, it's $53m AUD

https://www.themandarin.com.au/233815-queensland-digital-lic...

That's probably total development and some operations costs

Yeah and likely not just the app but also the backend infra to support the signing and whatnot.

It’s a shame that there’s so many disparate motor vehicle agencies. They should standardize their IT solutions to amortize development costs as I fear the vendors they pay double dip with the pricing of solutions.

What they should do is create one and publish it under an open source license so the others can use it.

I remember that the WeWork location I went to used to scan (and likely siphon/store) all that data as part of the front desk check-in. And they really didn't need it either, but were very insistent on doing so before letting someone know I (a guest) was in the lobby

Finally, a justification for lying about your weight on your license.