10th November, 2016

Biometric: The French Big Brother

Without grabbing the attention of the population, in France it has been approved a decree that will allow the creation of a huge database with the data of 60 million of French citizens that will collect information from the names to the addresses, from the photos to the fingerprints.

At the beginning of 2017 in France will be launched the database called TES (Titres Electroniques Securisés) that will collect biometrical information of more than 60 million of French citizens. Most of the data will be collected from passports and national identity cards and the information will be held between 15 and 20 years.

This initiative has been established by the Decree 1460 of the 28 of October 2016 "autorisant la création d'un traitement de données à caractère personnel relatif aux passeports et aux cartes nationales d'identité", published on the Journal officiel during the bridge of the end of October, taking advantage of the absence of many of the observers that might have reacted or raise any complaint.

The bigger complains that have been raised are about the way this has been introduced. Although this procedure will be extremely intrusive for the private life of the citizens, it's has been adopted by the Government without any consultation in Parliament, any communication with the ministers, with the competent authorities and not neither with the official department responsible for the informatics.

The official reason behind this decree, is to simplify the bureaucracy (i.e. to simplify the identification of people, done by the offices of the public administration, in the case of loss of documents). If for some reasons some people agree with this initiative because it could decrese the amount of identity thefts, on the other hand many people have the feeling to be just "under control" like in a movies of the '80s.

Most of the collected data will be the one already present on the identification documents as the national identity card or the passport. The information gathered will be age, sex, colour of the eyes, height, address, email and photo on the identity card, but also fingerprints and other biometrical information.

At least officially, the goal of this data collection is finalized to the authentication and not to the identification, meaning that it won't be possible to find the biometrical data of a person starting from his identity, but only the reverse. The access of these data will be granted only to competent authorities like the police, the gendarmerie and the tribunal, but also the Interpol and others 007 might have the same accesses.

Apart from the way in which this decree was approved (this database has been defined as a "fichier monstre"), the main concerns are about the privacy protection of the citizens. It is surprising that, especially based on all the recent cybersecurity violations, there is not a common understanding that usually the data that is collected is potentially subject to a theft, and this won't be an exception. Moreover, if the real goal of the Government is to speed up the bureaucracy, they should have at least to give a chance to the citizens to protect themselves the data, providing them a digital support, like an encrypted card or a token, where to held their data.

This system will be a really interesting target for any hacker that could steal, or alter, personal and sensitive information linked to the citizens without letting them to have any minimum control of the data that they will belong to them.

These data, which might be not anymore segregated into the country's boundaries, might be subject to fraudulent copies and exported to any part of the planet, being sold on the Internet black market, or finish in the hands of any company that might not keep really care about the privacy of the original owners.

Moreover, once these data will be in the hands of the Government: what tools will be introduced to prevent that the people having access to these informations will not abuse of their authority?

And maybe even more important: who will assure that the scope of the data collection won't be modified in a second moment, transforming the Government from an entity of protection to an entity of control?

Here the full text of the Decree in French: https://www.legifrance.gouv.fr/

Leave a comment

Swiss Identity & Access Management experts

Ask for a Demo