But it would be a Hacker’s Paradise.
By Don Quijones, Spain & Mexico, editor at WOLF STREET.
On October 30, the French government announced, as quietly as possible, the creation of a massive new database that will collect and store personal information and biometric data on nearly everyone living in the country. As tends to happen whenever a government seeks to enact this type of “reforms,” the law wasn’t passed by parliament but by decree on the eve of a national holiday.
As France 24 reports, the new decree will affect 60 million people and “marks the first time the country has collected population data on such a scale since the start of the Nazi Occupation in 1940.”
The move has sparked outrage from civil rights groups as well as French media, with weekly magazine L’Observateur describing it as “terrifying,” and daily newspaper Libération dubbing it a “mega database that will do no good”. The National Digital Council (CNNum) “laments” the government’s lack of prior consultation and highlights the “many concerns” the new decree raises. “In a digital world where code is law, the existence of such a database leaves the door wide open to likely and unacceptable excesses,” it said.
The new database, known rather optimistically as Secure Electronic Documents (Titres électroniques sécurisés or TES) will store an individual’s name, date and place of birth, gender, eye color, height, address, photograph, digitized fingerprints, facial features, e-mail address, and the names, nationalities, dates and places of birth of parents. The aim — according to the government — is to make it easier to obtain and renew identity documents, and to aid in the fight against identity fraud.
Unlike a similar law proposed by Nicholas Sarkozy’s conservative government in 2012, which was shot down, the new database will only be used to authenticate individuals, not to identify them. In other words, it will be used to confirm that someone is who he or she claims to be, not to discover, say, the identity of someone whose biometrics have been found at the scene of a crime.
However, the potential for mission creep cannot be discounted. As an article in NextInpact points out, once the database exists, it is highly likely that there will be calls for it to be used for identification purposes, simply “because it is there.” There’s also good reason to suspect that a future government “will modify the aims,” as warns Gaëtan Gorce, a French senator and member of the National Commission for Information Technology and Civil Liberties (Cnil) who likened the TES to a “sort of monster.”
According to today’s government, the biometric data stored on the database could be used to identify criminal suspects only if “violations of the fundamental interests of the Nation and acts of terrorism” are involved. But who gets to decide what constitutes a “fundamental interest of the Nation” or, for that matter, “an act of terrorism”? [That was a rhetorical question, of course].
A Hacker’s Paradise
Another major problem with centralizing biometric data to this extent is that you make it a lot easier for it to be compromised. What’s to stop an insider from copying this data onto a drive and walking out with it, as Snowden and others have, including those who took Swiss banking data to the French and German authorities for money laundering investigations? This data would then most likely be sold online, on the so-called darknet.
“No computer system is impenetrable. All databases can be hacked. It’s always just a matter of time,” thundered French left-wing politician Jean-Jacques Urvoas in a 2012 blog post against Sarkozy’s proposed biometrics super database. Urvoas is now justice minister in Hollande’s government and hence is directly involved in drawing up the new decree, which bears a striking resemblance to Sarkozy’s earlier initiative.
If biometric data is compromised, it is a far more serious issue than a compromised password or an account. You can create a new password many times. But you can create your biometrics only once. If they’re compromised, they remain compromised forever.
There’s still a possibility that France’s constitutional council will throw the new law out, as it did with Sarkozy’s. If it doesn’t, TES risks establishing a very dangerous precedent.
Until now the most extensive biometric data retention schemes have been rolled out (perfected?) in war zones like Iraq and Afghanistan. Israel is also on the verge of creating its own centralized biometric database. But if TES were allowed to stand, France would become the first G7 nation to attempt to build a completely centralized, all-inclusive biometric database. And that would send a very clear signal — i.e. green for go — to other ostensibly democratic nations.
There’s also the fact that after Germany, France is the country with the most influence over the future direction of EU policy. The EU already has a biometrics super database called the Visa Information System (VIS), which is the largest shared database on maintaining public security, supporting police and judicial cooperation, and managing external border control in Europe.
If the elected representatives of the 66 million people of France can pass into law a completely centralized system of biometric data storage with absolutely no public consultation whatsoever, what’s to stop the European Commission’s ranks of faceless, unelected, power-hungry appointees from doing the same? Nothing. By Don Quijones, Raging Bull-Shit.
Besides aspiring to becoming a pioneer in the collection and use of personal data of all its citizens, France’s government is also one of the most ruthless combatants in the global war on cash, which is progressing on schedule. The Alliance is in place. Read… Who’s Powering the War on Cash?
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.