I really admire these folks for standing on a worthy principle. I also dig the performance art vibe of showing up at the TSA headquarters without an ID to read a deeply nested tree of paper documents about IDs. If you're going to joust windmills, these are some good windmills to joust.
Most places I've worked, despite similar security needs, have met them in a much less... performative way.
After all, the security gate is the first impression visitors get of your industrial facility, or office, or embassy, or whatever. You want it to look welcoming and secure at the same time. Projecting strength but not fearfulness.
If you must use the cheap fencing, conceal it with some plants. Where the fence is visible, go for some nice decorative metalwork. Move the turnstiles into a lobby and put a reception desk and some couches next to them. Add some meeting rooms (and toilets and coffee facilities) at the security boundary, so job interviews and meetings with suppliers don't give them unfettered access.
The performance aspect is necessary when managing optics with a whole nation's population. Plenty of people have no idea what good security looks like, but they expect it looks like a lot of steps and many inconveniences.
Corporations generally don't need to worry about this.
Representing the security what now? Given the agency's performance over the decades I'd be deeply surprised to find out the TSA could credibly secure a mall parking lot.
That’s not the point of terrorism. If you blow up a TSA building, citizens get scared because it looks like „if the state can’t even protect itself, how are they going to protect me?“.
there are semi-competent arms of the US security apparatus that are not principally theatrical, that I would find shocking to be hit. The NSA comes to mind.
If anyone ever hit the TSA I'd just laugh at their piss-poor targeting. Thanks for clearing out our dusty community theater, now maybe we can build an ice cream shop there or something else actually useful.
To be honest, I am genuinely surprised an attack never materialized. But then I also remember mentioning my thoughts on the matter to my wife, who was aghast that I would even consider such a scenario. Maybe, on average, people are actually decent and it is people like me, who come up with weird hypotheticals.
>To be honest, I am genuinely surprised an attack never materialized.
I'm not. The TSA is hated by the populace the way the population hates every wasteful boondoggle jobs program. Foreigners hate them for profiling but that's pretty far down the list of grievances. Foreigners looking to strike at America and Americans looking to get off the porch likely have dozens of more preferable targets.
I doubt the TSA makes any would be attackers list of top five most deserving agencies.
Edit: A fed sponsored false flag attack on the TSA could make a good comedy plot. It might need to be a TV series in order to have time to fit in all the jokes, references, tropes and wise cracks you'd be obligated to make when covering such subject matter.
You mean I’m not the only one who has wondered if you could etch a knife shape onto the back of an acrylic clipboard? Something that wouldn’t show up on X-ray, but could be punched out with little effort on the plane?
My wife says it’s a wonder I’m not on the no fly list.
Reinforced doors and a belief among everyone from passengers to pilots that a successful hijacking is likely to lead to death rather than inconvenience reduced hijacking after 2001. I would be surprised if searching passengers more aggressively or requiring people to prove their address to get a driver's license had much to do with it.
Yeah, I think passenger game-theory is the number one reason, and that was already in place on September 12th, 2001.
Passengers are now aware that hijackers might actually just buying time until they can trigger a murder-suicide attempt, and many will believe it is likely enough that they need to fight for their own lives. The old assumptions that "almost everyone gets out alive by passively cooperating" no longer hold.
Who's we? Al Qaeda reduced it down to ~4 per year because now passengers no longer assume to survive and act accordingly. Locked doors and plain clothes security are just icing on the cake.
Look at all those other pre-2001 hijackings, and ask yourself what would have happened if most of the passengers were terrified that the hijackers were preparing to destroy the entire plane and everyone on it, regardless of any demands being made or met.
Would-be hostage-taking hijackers know it too: Their business plan, as it were, has been ruined for a generation by their suicidal colleagues.
Airline and security protocols are no longer "comply with everything so that nobody gets killed". Doors are locked. Passengers will likely bum rush you. There might be armed security on any given flight. The odds of success are unbelievably long compared to what they were in the 80s. Just not worth it vs a "boring" bombing or whatever.
Depending on your perspective on security theater, it might be appropriate to observe that a TSA building as exactly as much security as the TSA is capable providing itself.
I think it's reasonable. Not the exact details of this installation necessarily. The reality is that there are a bunch of people that want to lash out at the government for whatever reason, and the civil servants that just want to do their job shouldn't be put in a dangerous situation by allowing those people to walk into their offices unimpeded. If you believe that the agency shouldn't exist, lobby Congress. Don't take it out on people that just want to do their assigned administrative work for 8 hours a day.
Some security precautions are understandable in my opinion. (I don't think the ID requirement is reasonable. Take and store a photograph, deleted after 3 months, and make people go through a metal detector. Also, put the ID requirement documents online. It's free.)
Yup, exactly. That's what they're up against. I think it's reasonable to take precautions.
I guess I'm getting downvoted for "checking ID at the gate doesn't prevent you from flying your airplane into the building" which is true, but we have to realize that most anti-government-inclined folks don't jump right to a terrorist attack as their first intervention. I do think that people hired to do a job deserve some protection from the general public while at their workplace.
> These mobile driver’s licenses (mDLs) will be issued by state driver’s license agencies, but the standards incorporated into the TSA rule require that they be deployed through smartphone platforms (i.e. Google and/or Apple) and operate through government apps that collect photos of users and log usage of these credentials.
This is really disturbing in a number of different ways. It's bad enough to have the government requiring you to have a government-approved smart phone, but on top of that it's the logging and data analysis wet dream that authoriarian governments the world over could have only dreamed of.
> mDL apps will be required to log each time a digital ID is presented, and to whom. This is described as a measure to protect ID-holders’ privacy, despite the obvious risk posed by police or others being able to know when and to whom you have shown your ID.
Even worse, the whole thing is a cash cow for Idemia and a couple of other companies, who probably alt wrote the secret rules to benefit their company and prevent competition.
No need to get worked up. You can get a RealID compliant driver's license (plastic credit card sized item) or state ID (ditto) You don't need a smart phone.
>You can get a RealID compliant driver's license (plastic credit card sized item) or state ID (ditto) You don't need a smart phone.
For now.
You used to be able to pay for parking without downloading an app. You used to be able to buy dynamite without doxing yourself to the feds (something that you don't really think is all that important until you have to clear a lot of forested land and the reality of your options for dealing with stumps and boulders becomes clear).
The Government kills a lot of people in various non-war wars around the world that create people who would like revenge because they saw their parents get burned to death, etc. by American made munitions.
It might be part of becoming the dominant defense supplier. Our weapons are so complicated it takes a lot of American know how to keep them maintained and probably even fire them. This puts Americans everywhere with a conflict.
We all get to pay with absolute security. If I killed people all of the time it would be hard to track who I killed, their living relations, even bystanders it makes sense to mistrust everyone.
A few months ago going through a TSA line at an airport they were taking everyone's photo for biometrics and made it seem mandatory. I went along with it, not fighting it, maybe you can opt-out for a bit but eventually the Government always makes it mandatory.
It gets worse. In US most of the bigger corps institute some sort of means to authenticate you via cellphone, which means that if you want to be remote, phone is effectively a necessity ( which one usually does ). Only a year ago, it was still possible to avoid having to have a cell ( although that meant you had to be in person -- an interesting trade off in itself ).
At my last workplace, I somehow managed to get away with only Microsoft Authenticator on my phone, with no actual remote management capabilities enabled. That's pretty much exactly where I draw the line: if I have to have a device to perform work functions, the workplace needs to supply it. I'm not going to put work data on my personal machines, and I'm definitely not letting a third party root my phone for me "for sekhurity", and apply work policies on my personal device. I'm okay with work 2FA on my phone, but only without MDM, as an exception for where otherwise there's no reason for me to have a work phone.
These days a lot of folks can probably do more than just authenticator on their personal device. Teams and Outlook, for example, are both able to run with the MDM-level controls the company wants but without the device-level MDM. It's part of the app and has no control over anything else.
A company I previously worked for had a policy that if you had any company data on your phone, they had the right to force you to unlock it and look through it (not sure if they ever actually did but it was in the employee handbook). When IT tried introducing a system that required me to Auth with my phone I refused, citing the policy, and they helped me setup a workaround Yubikey.
Might not be possible everywhere but worth a shot. Also always helps to make friends in IT.
Most places can issue you with a physical token instead, like a Yubikey.
It's just unusual, so the first line in helpdesk don't always know about it. And people seldom want to start a battle with the bureaucracy on their first day on the job...
That's the technological ratchet at work, as it has been since the dawn of humanity. A solution that's convenient or useful enough to gain wide adoption has a way of becoming a soft necessity, and eventually a hard one. Some examples that meaningfully affected our lives[0], in many ways not for the better:
- An accurate clock / watch -- hard necessity. Good luck functioning in society without it. Opening hours, appointments, public transit schedules, are just few among many things synchronized in time, that expect you to have a clock so you can stay in sync too. And no, you can't get away with a rooster or a sundial, like you could 200 years ago - you need precision of at least a minute.
- A car -- somewhere between hard and soft necessity, depending on where you live. The society expects you to be able to commute long distances in short time, for things like work, medical services, or government appointments.
- Mobile phones, Internet, credit/debit cards -- soft necessities. You can sort of still live without them even in the big cities, but it's going to be a pain, as everything is optimized on the assumptions everyone owns a smartphone, has Internet access, bank account with a card, and increasingly often, means of contactless payments (think e.g. public transit). There's a reason even the poorest people without a roof over their heads still own iPhones, and it's not entertainment.
- Government ID app, electronic IDs, other means to do official errands fully on-line - convenience for now. I feel they'll transition into soft necessities within next 10 years, simply because interacting with government is always very annoying, and those tools simplify that process and save you some trips.
--
[0] - All in context of the developed/industrialized/western societies; of course this does not apply to societies that did not embrace a particular technology (yet).
> An accurate clock / watch -- hard necessity. Good luck functioning in society without it. Opening hours, appointments, public transit schedules, are just few among many things synchronized in time, that expect you to have a clock so you can stay in sync too. And no, you can't get away with a rooster or a sundial, like you could 200 years ago - you need precision of at least a minute.
You might enjoy the short story "Chronopolis" by J.G. Ballard.
It's set in a world where everything had been strictly done according to schedules to maximize efficiency, but it became too much and people rebelled and outlawed clocks.
> If there's any one lesson to draw from the last several years, it's that the executive branch can do anything they goddamn well please.
You can agree or disagree with the goals and priorities of the Biden administration, but surely their interactions with the legislative and judicial branches demonstrate that, despite the high concentration of power there, the executive branch definitely still cannot act unchecked unilaterally.
I'd suggest reading 'Mandate for Leadership' (better known as 'Project 2025') to get an ida of the intended scope of executive branch power under the incoming administration - specifically chapter 2 by Russ Vought, who has just been nominated back to his old job overseeing the Office of Management & Budget.
> You neglected to mention the president that has been convicted of multiple felonies
I took "the last several years" to refer to the currently sitting president. Even including the incoming president still illustrates the point, I think; the power he is likely to wield will come not merely because he is in the executive branch, but because the interests of the executive branch that he represents will be, in many respects, aligned with those of the legislative and judicial branches as currently constituted. (The judicial decisions nominally gave enormous immunity to the president, but it is checked by untested language that leaves unspecified, and so presumably in the hands of the judicial branch, decisions about what constitute 'core powers' of the presidency. I don't think it is likely to be successful, but I see it as very much an attempt to render the judicial branch still necessary even while essentially captured.)
> One of your staff asked me yesterday how I had traveled to the DC area, whether I had traveled by air, and whether I has shown any ID to do so. As a matter of principle and personal security, I do not wish to discuss my travel history, modes, or plans with you, and I am not required to do so. But the consistent position of your agency in litigation has been that no Federal law or regulation requires airline passengers to have, to carry, or to show ID. The responses by your agency to some of our FOIA requests confirm that, as you know, people fly without ID every day.
> The TSA officer may ask you to complete an identity verification process which includes collecting information such as your name and current address to confirm your identity. If your identity is confirmed, you will be allowed to enter the screening checkpoint, where you may be subject to additional screening.
> You will not be allowed to enter the security checkpoint if you choose to not provide acceptable identification, you decline to cooperate with the identity verification process, or your identity cannot be confirmed.
Every time I’ve flown for the past few years, my ID fails to scan at TSA. Don’t know why but every time it’s happened, the TSA agent will just call over another TSA rep, they will look at it, and then say I’m good to go ahead. Never knew these other methods existed, I’ve never been asked to confirm my identity a different way.
My mother forgot her ID once and she told me there are two ways:
- They can verify identify through something like a credit card, bank statements, etc.
- Even if you do not have this, they can phone someone that will verify your identity over the phone after getting some info from you. From what I heard you are only allowed to use this method twice per year.
While I completely agree that any individual should have access to the laws and texts that govern us, I have a problem with:
> “Access procedures are especially critical with respect to this proposed rule because ‘the class of persons affected’ – the relevant category pursuant to 1 CFR § 51.7(3), as quoted above – obviously includes individuals who do not have ID deemed compliant with the REAL-ID Act.
These laws "apply" to platform makers who are attempting to create Real ID mDLs, not people who want a REAL ID in the abstract. Someone without a REAL ID cannot get an mDL, regardless of the text of these rules.
1 CFR § 51.7(3) [0] is laying out the requirements by which a reference is eligible for being included in rulemaking?
The 5 U.S.C. 552(a) [1] it modifies notes that "Except to the extent that a person has actual and timely notice of the terms thereof, a person may not in any manner be required to resort to, or be adversely affected by, a matter required to be published in the Federal Register and not so published."
Which seems to be a pretty broad definition of affected person.
I'd certainly consider myself to be affected if in order to avail myself of one option of TSA identification for air travel I had to use an app that did... (reference not openly available)
But that’s not what this is. None of this precludes regular REAL IDs so the class of people arguably is only people with REAL IDs who are interested in making them an mDL. (Well, and companies implementing the specification)
These laws "belong" to the citizens. If the government is not applying it's rules correctly who is there to monitor that? Do I not have that _basic right_?
Someone (with or without ID) may very much suspect that there are legal issues with gating any federal or governmental behaviors behind real ID, or not allowing open source Real ID mDLs or various similar things.
Real-ID is such a farce. I have had an ID since I was 15, and presented my birth certificate and ssn as a minor to do so. There is no instance where I am not "real".
I have a US Passport that took less effort and paperwork to get than a Real-ID. I will never submit.
The passport card is also an option, one that’s small enough to fit in a wallet. It can be used to cross land borders, and to fly domestically (but not internationally).
Unlike most driver’s licenses, a passport card doesn’t expose one’s address. This makes it a great form of ID to use in non‐airport situations as well.
> These mobile driver’s licenses (mDLs) will be issued by state driver’s license agencies, but the standards incorporated into the TSA rule require that they be deployed through smartphone platforms (i.e. Google and/or Apple) and operate through government apps that collect photos of users and log usage of these credentials.
This is utterly ridiculous, at least for driving. Anyone who needs to validate that someone’s driver’s license is authentic should be well-equipped to query the relevant state’s database and look it up. Just like how they would search for outstanding warrants, Amber Alerts, etc.
With that in mind, surely it should be legal to drive with a photo of one’s driver’s license, a copy of one’s license, any app whatsoever that can display a license, etc. There is basically no security added by a fancy add by an approved contractor — at most they can do some “device posture” crap to sort of prove to a reader that the app thinks that the phone it’s on really does belong to the owner of the license, which is a silly form of security by overcomplication. If I want to pretend to be my friend, I can borrow their phone or their actual drivers license just fine.
I'm with you in spirit, but I think the threat model they're trying to address is someone passing as you and needing only biometrics or a little personal information to succeed. Maybe your sibling looks enough like you, or someone acquired your ID and then alters their appearance to match. If your one true ID is a single physical token, then this threat is harder to pull off.
This is also why IDs are not accepted when they expire -- if they were accepted, then my underage brother might take my old one to buy beer. I've been in the ridiculous situation of saying "I know my ID has expired, but I assure you I have not. I'm still me."
I really admire these folks for standing on a worthy principle. I also dig the performance art vibe of showing up at the TSA headquarters without an ID to read a deeply nested tree of paper documents about IDs. If you're going to joust windmills, these are some good windmills to joust.
Why does the TSA building itself need so much security? Are they expecting it to be the target of an attack?
Is that surprising? It’s a federal agency representing the security apparatus of the US. That’s a good target for terrorism.
Most places I've worked, despite similar security needs, have met them in a much less... performative way.
After all, the security gate is the first impression visitors get of your industrial facility, or office, or embassy, or whatever. You want it to look welcoming and secure at the same time. Projecting strength but not fearfulness.
If you must use the cheap fencing, conceal it with some plants. Where the fence is visible, go for some nice decorative metalwork. Move the turnstiles into a lobby and put a reception desk and some couches next to them. Add some meeting rooms (and toilets and coffee facilities) at the security boundary, so job interviews and meetings with suppliers don't give them unfettered access.
The performance aspect is necessary when managing optics with a whole nation's population. Plenty of people have no idea what good security looks like, but they expect it looks like a lot of steps and many inconveniences.
Corporations generally don't need to worry about this.
> That’s a good target for terrorism.
Exactly! Nobody would be laughing if Al-Qaeda drove a giant Dasani truck into TSA headquarters, would they?
Not at first. They'd be too happy cheering.
Representing the security what now? Given the agency's performance over the decades I'd be deeply surprised to find out the TSA could credibly secure a mall parking lot.
That’s not the point of terrorism. If you blow up a TSA building, citizens get scared because it looks like „if the state can’t even protect itself, how are they going to protect me?“.
there are semi-competent arms of the US security apparatus that are not principally theatrical, that I would find shocking to be hit. The NSA comes to mind.
If anyone ever hit the TSA I'd just laugh at their piss-poor targeting. Thanks for clearing out our dusty community theater, now maybe we can build an ice cream shop there or something else actually useful.
Most federal agencies tend to be colocated.
Of the 168 people who died in the Oklahoma City bombing, only 8 were from law enforcement. https://en.wikipedia.org/wiki/Oklahoma_City_bombing
To be honest, I am genuinely surprised an attack never materialized. But then I also remember mentioning my thoughts on the matter to my wife, who was aghast that I would even consider such a scenario. Maybe, on average, people are actually decent and it is people like me, who come up with weird hypotheticals.
>To be honest, I am genuinely surprised an attack never materialized.
I'm not. The TSA is hated by the populace the way the population hates every wasteful boondoggle jobs program. Foreigners hate them for profiling but that's pretty far down the list of grievances. Foreigners looking to strike at America and Americans looking to get off the porch likely have dozens of more preferable targets.
I doubt the TSA makes any would be attackers list of top five most deserving agencies.
Edit: A fed sponsored false flag attack on the TSA could make a good comedy plot. It might need to be a TV series in order to have time to fit in all the jokes, references, tropes and wise cracks you'd be obligated to make when covering such subject matter.
You mean I’m not the only one who has wondered if you could etch a knife shape onto the back of an acrylic clipboard? Something that wouldn’t show up on X-ray, but could be punched out with little effort on the plane?
My wife says it’s a wonder I’m not on the no fly list.
~60 airplane hijackings per year in the 70s.
We’ve significantly reduced it down to <4 per year.
https://ourworldindata.org/grapher/airliner-hijackings-and-f...
Reinforced doors and a belief among everyone from passengers to pilots that a successful hijacking is likely to lead to death rather than inconvenience reduced hijacking after 2001. I would be surprised if searching passengers more aggressively or requiring people to prove their address to get a driver's license had much to do with it.
Yeah, I think passenger game-theory is the number one reason, and that was already in place on September 12th, 2001.
Passengers are now aware that hijackers might actually just buying time until they can trigger a murder-suicide attempt, and many will believe it is likely enough that they need to fight for their own lives. The old assumptions that "almost everyone gets out alive by passively cooperating" no longer hold.
Who's we? Al Qaeda reduced it down to ~4 per year because now passengers no longer assume to survive and act accordingly. Locked doors and plain clothes security are just icing on the cake.
> Who's we? Al Qaeda reduced it down to ~4 per year because now passengers no longer assume to survive and act accordingly.
You think hijackings decreased because the passengers are more likely to attack the hijackers now?
I think it’s more likely that surveillance and intelligence is better now and most hijacking attempts get discovered before they are executed.
Not parent poster, but absolutely.
Look at all those other pre-2001 hijackings, and ask yourself what would have happened if most of the passengers were terrified that the hijackers were preparing to destroy the entire plane and everyone on it, regardless of any demands being made or met.
Would-be hostage-taking hijackers know it too: Their business plan, as it were, has been ruined for a generation by their suicidal colleagues.
Airline and security protocols are no longer "comply with everything so that nobody gets killed". Doors are locked. Passengers will likely bum rush you. There might be armed security on any given flight. The odds of success are unbelievably long compared to what they were in the 80s. Just not worth it vs a "boring" bombing or whatever.
Hijacking an airplane isn’t an attack on the TSA specifically though. We were talking about the security of the TSA building itself.
Yes, but the TSA wasn't created in the 1980s, when most of the decrease happened. The TSA wasn't invented until after 9/11.
Well, they are the best at security theater, so it makes sense their headquarters is too.
Depending on your perspective on security theater, it might be appropriate to observe that a TSA building as exactly as much security as the TSA is capable providing itself.
I think it's reasonable. Not the exact details of this installation necessarily. The reality is that there are a bunch of people that want to lash out at the government for whatever reason, and the civil servants that just want to do their job shouldn't be put in a dangerous situation by allowing those people to walk into their offices unimpeded. If you believe that the agency shouldn't exist, lobby Congress. Don't take it out on people that just want to do their assigned administrative work for 8 hours a day.
Remember that someone was so mad at the IRS that they filled their airplane with gas cans and flew it into an IRS building, killing an employee: https://en.wikipedia.org/wiki/2010_Austin_suicide_attack
Some security precautions are understandable in my opinion. (I don't think the ID requirement is reasonable. Take and store a photograph, deleted after 3 months, and make people go through a metal detector. Also, put the ID requirement documents online. It's free.)
There's also been significantly worse. 168 people died in the Oklahoma City bombing by a domestic terrorist. https://en.wikipedia.org/wiki/Oklahoma_City_bombing
Yup, exactly. That's what they're up against. I think it's reasonable to take precautions.
I guess I'm getting downvoted for "checking ID at the gate doesn't prevent you from flying your airplane into the building" which is true, but we have to realize that most anti-government-inclined folks don't jump right to a terrorist attack as their first intervention. I do think that people hired to do a job deserve some protection from the general public while at their workplace.
> These mobile driver’s licenses (mDLs) will be issued by state driver’s license agencies, but the standards incorporated into the TSA rule require that they be deployed through smartphone platforms (i.e. Google and/or Apple) and operate through government apps that collect photos of users and log usage of these credentials.
This is really disturbing in a number of different ways. It's bad enough to have the government requiring you to have a government-approved smart phone, but on top of that it's the logging and data analysis wet dream that authoriarian governments the world over could have only dreamed of.
Along with that:
> mDL apps will be required to log each time a digital ID is presented, and to whom. This is described as a measure to protect ID-holders’ privacy, despite the obvious risk posed by police or others being able to know when and to whom you have shown your ID.
That's down right horrifying.
Even worse, the whole thing is a cash cow for Idemia and a couple of other companies, who probably alt wrote the secret rules to benefit their company and prevent competition.
It's not a dream. China and India have been doing it for a while.
Discussed earlier
https://news.ycombinator.com/item?id=41608810
No need to get worked up. You can get a RealID compliant driver's license (plastic credit card sized item) or state ID (ditto) You don't need a smart phone.
>You can get a RealID compliant driver's license (plastic credit card sized item) or state ID (ditto) You don't need a smart phone.
For now.
You used to be able to pay for parking without downloading an app. You used to be able to buy dynamite without doxing yourself to the feds (something that you don't really think is all that important until you have to clear a lot of forested land and the reality of your options for dealing with stumps and boulders becomes clear).
The Government kills a lot of people in various non-war wars around the world that create people who would like revenge because they saw their parents get burned to death, etc. by American made munitions.
It might be part of becoming the dominant defense supplier. Our weapons are so complicated it takes a lot of American know how to keep them maintained and probably even fire them. This puts Americans everywhere with a conflict.
We all get to pay with absolute security. If I killed people all of the time it would be hard to track who I killed, their living relations, even bystanders it makes sense to mistrust everyone.
A few months ago going through a TSA line at an airport they were taking everyone's photo for biometrics and made it seem mandatory. I went along with it, not fighting it, maybe you can opt-out for a bit but eventually the Government always makes it mandatory.
https://www.kxnet.com/news/top-stories/the-us-is-presently-i...
https://www.palestinechronicle.com/let-him-never-be-forgotte...
https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-t...
It gets worse. In US most of the bigger corps institute some sort of means to authenticate you via cellphone, which means that if you want to be remote, phone is effectively a necessity ( which one usually does ). Only a year ago, it was still possible to avoid having to have a cell ( although that meant you had to be in person -- an interesting trade off in itself ).
Anyway, I hate the now.
At my last workplace, I somehow managed to get away with only Microsoft Authenticator on my phone, with no actual remote management capabilities enabled. That's pretty much exactly where I draw the line: if I have to have a device to perform work functions, the workplace needs to supply it. I'm not going to put work data on my personal machines, and I'm definitely not letting a third party root my phone for me "for sekhurity", and apply work policies on my personal device. I'm okay with work 2FA on my phone, but only without MDM, as an exception for where otherwise there's no reason for me to have a work phone.
These days a lot of folks can probably do more than just authenticator on their personal device. Teams and Outlook, for example, are both able to run with the MDM-level controls the company wants but without the device-level MDM. It's part of the app and has no control over anything else.
And, as a plus, your phone can now be subject to a subpoena issued to your employer!
I don't want their data on my device for a variety of reasons. Loss of control would be enough on it's own, but there are others.
Work with your IT dept.
A company I previously worked for had a policy that if you had any company data on your phone, they had the right to force you to unlock it and look through it (not sure if they ever actually did but it was in the employee handbook). When IT tried introducing a system that required me to Auth with my phone I refused, citing the policy, and they helped me setup a workaround Yubikey.
Might not be possible everywhere but worth a shot. Also always helps to make friends in IT.
Ask for your corporation to give you a corporate phone.
I have one for that reason, and it lives in the office alongside my work issued laptop.
Most places can issue you with a physical token instead, like a Yubikey.
It's just unusual, so the first line in helpdesk don't always know about it. And people seldom want to start a battle with the bureaucracy on their first day on the job...
> It's bad enough to have the government requiring you to have a government-approved smart phone
The government isn't requiring that.
It's not forcing you to get a mobile ID.
Your physical ID continues to be just fine. Mobile device ID's are simply for people who want the convenience of not carrying the physical one.
Edit: geez, what's with the downvotes? I wasn't even defending anything. Just trying to keep things factually accurate here.
Think long-term. In 40 years, when the last paper IDs are discontinued, we'll all be tracked, but the time to complain was now.
> are simply for people who want the convenience
That's the technological ratchet at work, as it has been since the dawn of humanity. A solution that's convenient or useful enough to gain wide adoption has a way of becoming a soft necessity, and eventually a hard one. Some examples that meaningfully affected our lives[0], in many ways not for the better:
- An accurate clock / watch -- hard necessity. Good luck functioning in society without it. Opening hours, appointments, public transit schedules, are just few among many things synchronized in time, that expect you to have a clock so you can stay in sync too. And no, you can't get away with a rooster or a sundial, like you could 200 years ago - you need precision of at least a minute.
- A car -- somewhere between hard and soft necessity, depending on where you live. The society expects you to be able to commute long distances in short time, for things like work, medical services, or government appointments.
- Mobile phones, Internet, credit/debit cards -- soft necessities. You can sort of still live without them even in the big cities, but it's going to be a pain, as everything is optimized on the assumptions everyone owns a smartphone, has Internet access, bank account with a card, and increasingly often, means of contactless payments (think e.g. public transit). There's a reason even the poorest people without a roof over their heads still own iPhones, and it's not entertainment.
- Government ID app, electronic IDs, other means to do official errands fully on-line - convenience for now. I feel they'll transition into soft necessities within next 10 years, simply because interacting with government is always very annoying, and those tools simplify that process and save you some trips.
--
[0] - All in context of the developed/industrialized/western societies; of course this does not apply to societies that did not embrace a particular technology (yet).
> An accurate clock / watch -- hard necessity. Good luck functioning in society without it. Opening hours, appointments, public transit schedules, are just few among many things synchronized in time, that expect you to have a clock so you can stay in sync too. And no, you can't get away with a rooster or a sundial, like you could 200 years ago - you need precision of at least a minute.
You might enjoy the short story "Chronopolis" by J.G. Ballard.
It's set in a world where everything had been strictly done according to schedules to maximize efficiency, but it became too much and people rebelled and outlawed clocks.
Until they aren't.
Well sure. Physical IDs are also not tiny government listening devices either. Unit they are.
Kudos to Mr. Hasbrouck, who I assume is the narrator, for putting feet to ground to demonstrate the lack of open access to executive branch law.
You can't have a law, and also keep it secret.
If there's any one lesson to draw from the last several years, it's that the executive branch can do anything they goddamn well please.
This is nothing new.
> If there's any one lesson to draw from the last several years, it's that the executive branch can do anything they goddamn well please.
You can agree or disagree with the goals and priorities of the Biden administration, but surely their interactions with the legislative and judicial branches demonstrate that, despite the high concentration of power there, the executive branch definitely still cannot act unchecked unilaterally.
Is this satire?
You neglected to mention the president that has been convicted of multiple felonies
I think the immunity thing is more of an issue than any particular criminal past.
How is that related? The people electing someone despite their background doesn’t have any bearing on the power of the exec branch
I'd suggest reading 'Mandate for Leadership' (better known as 'Project 2025') to get an ida of the intended scope of executive branch power under the incoming administration - specifically chapter 2 by Russ Vought, who has just been nominated back to his old job overseeing the Office of Management & Budget.
https://static.project2025.org/2025_MandateForLeadership_FUL...
Of course these aspirations will be challenged in court, but given recent jurisprudence I wouldn't bet on those challenges succeeding.
> You neglected to mention the president that has been convicted of multiple felonies
I took "the last several years" to refer to the currently sitting president. Even including the incoming president still illustrates the point, I think; the power he is likely to wield will come not merely because he is in the executive branch, but because the interests of the executive branch that he represents will be, in many respects, aligned with those of the legislative and judicial branches as currently constituted. (The judicial decisions nominally gave enormous immunity to the president, but it is checked by untested language that leaves unspecified, and so presumably in the hands of the judicial branch, decisions about what constitute 'core powers' of the presidency. I don't think it is likely to be successful, but I see it as very much an attempt to render the judicial branch still necessary even while essentially captured.)
This was intriguing to me:
> One of your staff asked me yesterday how I had traveled to the DC area, whether I had traveled by air, and whether I has shown any ID to do so. As a matter of principle and personal security, I do not wish to discuss my travel history, modes, or plans with you, and I am not required to do so. But the consistent position of your agency in litigation has been that no Federal law or regulation requires airline passengers to have, to carry, or to show ID. The responses by your agency to some of our FOIA requests confirm that, as you know, people fly without ID every day.
How does one go about this process?
TSA video walkthrough of flying without ID: https://papersplease.org/wp/2021/04/08/tsa-posts-video-showi...
TSA ID verification procedures (redacted) for people without ID: https://papersplease.org/wp/2018/05/08/tsa-releases-redacted...
records of how the TSA decides whether to let you fly without ID: https://papersplease.org/wp/2016/06/09/how-does-the-tsa-deci...
The TSA is intentionally vague about this. Via https://www.tsa.gov/travel/security-screening/identification
> The TSA officer may ask you to complete an identity verification process which includes collecting information such as your name and current address to confirm your identity. If your identity is confirmed, you will be allowed to enter the screening checkpoint, where you may be subject to additional screening.
> You will not be allowed to enter the security checkpoint if you choose to not provide acceptable identification, you decline to cooperate with the identity verification process, or your identity cannot be confirmed.
Every time I’ve flown for the past few years, my ID fails to scan at TSA. Don’t know why but every time it’s happened, the TSA agent will just call over another TSA rep, they will look at it, and then say I’m good to go ahead. Never knew these other methods existed, I’ve never been asked to confirm my identity a different way.
Watch the old folks in wheelchairs. Many of those people have no valid ID.
My mother forgot her ID once and she told me there are two ways:
- They can verify identify through something like a credit card, bank statements, etc.
- Even if you do not have this, they can phone someone that will verify your identity over the phone after getting some info from you. From what I heard you are only allowed to use this method twice per year.
While I completely agree that any individual should have access to the laws and texts that govern us, I have a problem with:
> “Access procedures are especially critical with respect to this proposed rule because ‘the class of persons affected’ – the relevant category pursuant to 1 CFR § 51.7(3), as quoted above – obviously includes individuals who do not have ID deemed compliant with the REAL-ID Act.
These laws "apply" to platform makers who are attempting to create Real ID mDLs, not people who want a REAL ID in the abstract. Someone without a REAL ID cannot get an mDL, regardless of the text of these rules.
1 CFR § 51.7(3) [0] is laying out the requirements by which a reference is eligible for being included in rulemaking?
The 5 U.S.C. 552(a) [1] it modifies notes that "Except to the extent that a person has actual and timely notice of the terms thereof, a person may not in any manner be required to resort to, or be adversely affected by, a matter required to be published in the Federal Register and not so published."
Which seems to be a pretty broad definition of affected person.
I'd certainly consider myself to be affected if in order to avail myself of one option of TSA identification for air travel I had to use an app that did... (reference not openly available)
[0] https://www.ecfr.gov/current/title-1/part-51/section-51.7#p-...
[1] https://www.govinfo.gov/link/uscode/5/552
But that’s not what this is. None of this precludes regular REAL IDs so the class of people arguably is only people with REAL IDs who are interested in making them an mDL. (Well, and companies implementing the specification)
These laws "belong" to the citizens. If the government is not applying it's rules correctly who is there to monitor that? Do I not have that _basic right_?
Someone (with or without ID) may very much suspect that there are legal issues with gating any federal or governmental behaviors behind real ID, or not allowing open source Real ID mDLs or various similar things.
Real-ID is such a farce. I have had an ID since I was 15, and presented my birth certificate and ssn as a minor to do so. There is no instance where I am not "real".
I have a US Passport that took less effort and paperwork to get than a Real-ID. I will never submit.
US Passports are RealID.
I have a drivers license and a passport, but the combination is insufficient to get a real id drivers license.
True. But at least in my state, the remaining documentation is trivial, especially if you have a DMV ID or driver license.
RealID seems to have added some verification requirements on US passports, but it doesn't look like it made US passports a form of "RealID".
Throughout the RealID farce, a passport has been a perfectly reasonable form of identification.
It proves my identity as a US Citizen as much as it has to be.
The passport card is also an option, one that’s small enough to fit in a wallet. It can be used to cross land borders, and to fly domestically (but not internationally).
Unlike most driver’s licenses, a passport card doesn’t expose one’s address. This makes it a great form of ID to use in non‐airport situations as well.
> These mobile driver’s licenses (mDLs) will be issued by state driver’s license agencies, but the standards incorporated into the TSA rule require that they be deployed through smartphone platforms (i.e. Google and/or Apple) and operate through government apps that collect photos of users and log usage of these credentials.
This is utterly ridiculous, at least for driving. Anyone who needs to validate that someone’s driver’s license is authentic should be well-equipped to query the relevant state’s database and look it up. Just like how they would search for outstanding warrants, Amber Alerts, etc.
With that in mind, surely it should be legal to drive with a photo of one’s driver’s license, a copy of one’s license, any app whatsoever that can display a license, etc. There is basically no security added by a fancy add by an approved contractor — at most they can do some “device posture” crap to sort of prove to a reader that the app thinks that the phone it’s on really does belong to the owner of the license, which is a silly form of security by overcomplication. If I want to pretend to be my friend, I can borrow their phone or their actual drivers license just fine.
I'm with you in spirit, but I think the threat model they're trying to address is someone passing as you and needing only biometrics or a little personal information to succeed. Maybe your sibling looks enough like you, or someone acquired your ID and then alters their appearance to match. If your one true ID is a single physical token, then this threat is harder to pull off.
This is also why IDs are not accepted when they expire -- if they were accepted, then my underage brother might take my old one to buy beer. I've been in the ridiculous situation of saying "I know my ID has expired, but I assure you I have not. I'm still me."
IDs often are accepted after they expire. The TSA for instance will accept expired driver's licenses for up to a year after the expiration date.
https://archive.is/paqb8