The electronic driver's license announced by the authorities, which allows citizens to leave a paper ID at home, will create risks for storing personal data and make life easier for attackers. This was stated yesterday by independent experts and lawyers invited to the Federation Council. As an example, in particular, the experiment with electronic rights in Australia, which did not end very successfully, was cited. However, a Kommersant source familiar with the preparation of the innovation called the claims unfounded.
“Legislative aspects” of the introduction of digital driver’s licenses were discussed yesterday at a round table of the Federation Council Committee on Constitutional Legislation and State Building. The Ministry of Digital Development and the State Traffic Safety Inspectorate, we would like to remind you, in July 2023 prepared amendments to the traffic rules allowing drivers to present STS inspectors with their license in the form of a QR code, which is generated by the State Services.Auto application. This option is already in effect, but now the inspector has the right to demand paper licenses. And if they are not there, then a fine of 500 rubles is applied. After the amendments are adopted, the QR code will receive legal status - you can leave your license and STS at home.
Although the amendments have already been agreed upon and are being prepared for signing in the White House, Deputy Chairman of the Federation Council Committee on State Construction Alexander Bashkin decided to discuss the risks that the innovation poses. Natalya Zhirnova, Associate Professor at the Department of Digital Technology and Biolaw of the HSE Faculty of Law, spoke about an experiment in Australia that “didn’t end very successfully” (conducted in 2019–2021): security experts managed to “penetrate” the digital ID database and make changes. “The main problem is the security of personal data,” said the expert. “Moreover, our government services website is not a standard of security and can be subject to any attack, which has already happened more than once.” “The introduction of digital IDs requires the adoption of security measures to prevent unauthorized access or damage to data,” supported Oksana Shevchuk, associate professor of the department of administrative, financial and information law at the State University of Justice. “There may also be resistance to changes on the part of civil servants and citizens who are accustomed to dealing with paper documents.”
“What if, for example, the traffic police database is “hanging”, there is no connection to the Internet and it is impossible to check the QR code? — Maxim Kadakov, editor-in-chief of the magazine “Behind the Wheel,” asked a reasonable question. “Is this a problem for the inspector or the driver?” There should be some instructions on this.” The expert noted that today it is impossible to prosecute people for forging a QR code. “Checking documents is not only for the convenience of drivers, but also for safety,” thought Alexei Dobrenkov, associate professor of the department of criminology at Moscow University of the Ministry of Internal Affairs. “There may be different people behind the wheel, including those on the wanted list, the inspector must determine exactly who is in front of him located. There will be thousands of people who will want to circumvent this law.”
Checking a QR code can take longer than checking a regular license, noted Alexander Bashkin: “Now, if the driver does not arouse suspicion, the inspector just glances at the documents and lets go. When presenting an electronic ID, you need to take out your phone, open the service, show the QR code, the inspector will scan it, connect to the database, receive an answer, and make a decision.”
Representatives of the traffic police were not invited to express their position at the round table. The experts did not understand the technology, hence a lot of misconceptions, a source familiar with the situation explained to Kommersant. In reality, Kommersant’s interlocutor says, inspectors do not ask for database code checks. The image of the real rights is “wired” in the code and signed with an electronic signature, and the tablet contains a key and a decoder. After decryption, the policeman sees the document in the same way as if he received it from the driver’s hands, but in much better quality. Since the QR code is constantly changing (it is animated), it is almost impossible to fake it - there can be no leakage of personal data. “At least the code itself and the application do not create new channels for such leaks,” explains Kommersant’s source. He adds that each check of electronic rights is recorded in the system, and in the event of a conflict situation on the road, you can always find out where, when and which inspector communicated with the traffic participant.