I think the argument against is that right now people know how terrible an authentication system this is and don't build actual security on top of it -- "we only have cardboard boxes so we installed cameras and encrypted the contents."
Once it's good people will outsource the work to what is essentially a CA system where every BMV in America is an issuer and I expect it to hold up at best as well as SMS verification.
I think the problem is that people are relying on this for actual security. The article demonstrates how easy it is to get companies to accept this form of fraudulent authentication (and the demand for this service speaks to its efficacy as well).
Why not let notaries or an authoritative agency issue cryptographically signed one time codes upon inspection of your physical ID? Frankly, it sounds like a superior system to me.
Cardboard boxes can be acquired without a record of their purchase and are easy to hide among other cardboard boxes, like a book in a library. Also can be used to hide from enemies while moving around under the box.
It can be. If my bicycle has no lock at all, I will not leave on a outdoor parking near the central railway station, because I know for sure it will be stolen. The value here comes not from imperfect security per se, but from my ability to predict the outcome. Now if my bicycle has a meh lock, the chance of it being snatched suddenly increases.
I'm saying that maybe people who chose to accept the id scan knowingly accept the risk, have a second line of checks somewhere, evaluate amount lost to fraud or fines against the cost of having full-fledged PKI and also knowingly make it your problem if their evaluation proves to be wrong.
