← Back to context

Comment by mschuster91

2 years ago

The thing is, unlike most of Europe, the US doesn't have a legal mandate for anyone to possess an ID card, and so in practice you got 50 states worth of driver's licenses, library cards, military or government employment IDs that can be used (or faked)... so you can't really use these for legitimately verifying anything unless you want to spend a lot of time and money to train your staff to spot fakes. Banks can do that but no one wants to do that for the goons that run security at venues for minimum wage.

8 comments

mschuster91

Reply
IncreasePosts  2 years ago

Sure, but realistically no one is going to get a fake ID with a certain name on it so they can go to a concert with that person's tickets.

  • ssl-3  2 years ago

    The problem isn't scams.

    The problem is that Americans are not required to have an ID -- at all. No federal law requires it, and there is none issued by default.

    (This is not the same as saying "Americans don't have to carry an ID" even though that is also true.)

    • IncreasePosts  2 years ago

      Americans aren't required to have an ID, but that is only relevant to government related services. Private businesses like concert venues are within their rights to card you in some manner, and refuse admittance if you don't provide ID.

      1 reply →

BobaFloutist  2 years ago

How hard is it to get access to a database to confirm that a scanned ID is valid, and corresponds to the name written on it?

  • mschuster91  2 years ago

    Easy if you're government (every random cop on a traffic stop must be able to do that after all) but really REALLY hard for private entities.

    The exception is anything that is accepted by airports for international travel aka, for you Americans, only a passport - ICAO 9303 is very detailed on how you can access the data stored on them. The specs and a basic understanding on how to communicate with smartcards are decent enough to get you to a readout in maybe a weekend worth of work. The authentication is either via a code derived from the MRZ or a dedicated access code printed on the document.

  • its_ethan  2 years ago

    Hopefully pretty hard.

    • BobaFloutist  2 years ago

      Not a database you can trawl for your own uses, just something that if you scan an ID pops up validating(/rejecting) it and lists the associated name.

      I guess you could abuse that to turn partial IDs into more realistic ones? But that feels like a stretch. I can't see it being that useful for much more than confirming that an ID isn't a fake, which seems hard to abuse.