France Just Set a Very Scary Precedent

But it would be a Hacker’s Paradise.

By Don Quijones, Spain & Mexico, editor at WOLF STREET.

On October 30, the French government announced, as quietly as possible, the creation of a massive new database that will collect and store personal information and biometric data on nearly everyone living in the country. As tends to happen whenever a government seeks to enact this type of “reforms,” the law wasn’t passed by parliament but by decree on the eve of a national holiday.

As France 24 reports, the new decree will affect 60 million people and “marks the first time the country has collected population data on such a scale since the start of the Nazi Occupation in 1940.”

“Unacceptable Excesses”

The move has sparked outrage from civil rights groups as well as French media, with weekly magazine L’Observateur describing it as “terrifying,” and daily newspaper Libération dubbing it a “mega database that will do no good”. The National Digital Council (CNNum) “laments” the government’s lack of prior consultation and highlights the “many concerns” the new decree raises. “In a digital world where code is law, the existence of such a database leaves the door wide open to likely and unacceptable excesses,” it said.

The new database, known rather optimistically as Secure Electronic Documents (Titres électroniques sécurisés or TES) will store an individual’s name, date and place of birth, gender, eye color, height, address, photograph, digitized fingerprints, facial features, e-mail address, and the names, nationalities, dates and places of birth of parents. The aim — according to the government — is to make it easier to obtain and renew identity documents, and to aid in the fight against identity fraud.

Unlike a similar law proposed by Nicholas Sarkozy’s conservative government in 2012, which was shot down, the new database will only be used to authenticate individuals, not to identify them. In other words, it will be used to confirm that someone is who he or she claims to be, not to discover, say, the identity of someone whose biometrics have been found at the scene of a crime.

However, the potential for mission creep cannot be discounted. As an article in NextInpact points out, once the database exists, it is highly likely that there will be calls for it to be used for identification purposes, simply “because it is there.” There’s also good reason to suspect that a future government “will modify the aims,” as warns Gaëtan Gorce, a French senator and member of the National Commission for Information Technology and Civil Liberties (Cnil) who likened the TES to a “sort of monster.”

According to today’s government, the biometric data stored on the database could be used to identify criminal suspects only if “violations of the fundamental interests of the Nation and acts of terrorism” are involved. But who gets to decide what constitutes a “fundamental interest of the Nation” or, for that matter, “an act of terrorism”? [That was a rhetorical question, of course].

A Hacker’s Paradise

Another major problem with centralizing biometric data to this extent is that you make it a lot easier for it to be compromised. What’s to stop an insider from copying this data onto a drive and walking out with it, as Snowden and others have, including those who took Swiss banking data to the French and German authorities for money laundering investigations? This data would then most likely be sold online, on the so-called darknet.

“No computer system is impenetrable. All databases can be hacked. It’s always just a matter of time,” thundered French left-wing politician Jean-Jacques Urvoas in a 2012 blog post against Sarkozy’s proposed biometrics super database. Urvoas is now justice minister in Hollande’s government and hence is directly involved in drawing up the new decree, which bears a striking resemblance to Sarkozy’s earlier initiative.

If biometric data is compromised, it is a far more serious issue than a compromised password or an account. You can create a new password many times. But you can create your biometrics only once. If they’re compromised, they remain compromised forever.

There’s still a possibility that France’s constitutional council will throw the new law out, as it did with Sarkozy’s. If it doesn’t, TES risks establishing a very dangerous precedent.

Until now the most extensive biometric data retention schemes have been rolled out (perfected?) in war zones like Iraq and Afghanistan. Israel is also on the verge of creating its own centralized biometric database. But if TES were allowed to stand, France would become the first G7 nation to attempt to build a completely centralized, all-inclusive biometric database. And that would send a very clear signal — i.e. green for go — to other ostensibly democratic nations.

There’s also the fact that after Germany, France is the country with the most influence over the future direction of EU policy. The EU already has a biometrics super database called the Visa Information System (VIS), which is the largest shared database on maintaining public security, supporting police and judicial cooperation, and managing external border control in Europe.

If the elected representatives of the 66 million people of France can pass into law a completely centralized system of biometric data storage with absolutely no public consultation whatsoever, what’s to stop the European Commission’s ranks of faceless, unelected, power-hungry appointees from doing the same? Nothing. By Don Quijones, Raging Bull-Shit.

Besides aspiring to becoming a pioneer in the collection and use of personal data of all its citizens, France’s government is also one of the most ruthless combatants in the global war on cash, which is progressing on schedule. The Alliance is in place. Read… Who’s Powering the War on Cash?

Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:

Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.

  16 comments for “France Just Set a Very Scary Precedent

  1. Nik says:

    Aloha Friends…I see the “$Ethereal 4thReich$” continues to Strongly move Onward,Upward and Outward….from its Humble Technological beginnings in ‘Operation Paper-clip”……lolol..would have laughed longer,were it not so Tragic,aloha and thanks for reading

  2. Islander says:

    We’re 32 years after year 1984 with most liberties still mostly intact. No need to worry! History would NEVER repeat itself, or even rhyme. So move on, nothing to see here ..

  3. Chicken says:

    The unelected self-appointed control absolutely by not asking the question “If” but by dictating the answer “When”. This absolves them of all responsibility of outcome.

    As if we were sleeping and didn’t notice

    • this one says:

      “As if we were sleeping and didn’t notice”

      Then star nor sun shall waken, nor any change of light.
      Nor sound of waters shaken, nor any sound or sight.
      Nor wintry leaves nor vernal, nor days, nor things diurnal.
      Only the sleep eternal,

      In an eternal night.

  4. NotSoSure says:

    Who cares seriously? In the land of the free, pretty soon all Apple denizens will be uploading their fingerprints free of charge to their corporate masters and afterwards the government. And it won’t be long before other biometrics will be uploaded as well.

    LOL, when it comes to idiocy, no one can beat plain old Americans.

  5. MC says:

    This is a “make work” project for the French defense industry, nothing more, nothing less.
    After François Hollande folded to pressure from Washington and cancelled the goodwill contracts the Russians had placed with DCNS, another shoe dropped as India failed to finalize the contract for over 120 Dassault Rafale jet fighters and a license to manufacture them. After months of negotiations, in September India conceded they will will buy a measly 6 Rafales per year for six years as a reparation of sorts. A contract is still a contract, but this is nothing to boast about and the Indians have insisted on a severance clause, so they may still opt out of the contract by paying a relativaly small penal.

    France’s defense industry has been shrinking dramatically since the 80’s and, ironically enough, suffered a major blow after 2001, as the US and Israel started to aggressively enter some of France’s traditional markets, such as Sub-Saharan Africa. US defense supplies are generally provided free of charge as part of various aid packages and Israeli ones are both directly and indirectly subsidized by the US taxpayer: when all is said and done it’s impossible to say where the US defense industry ends and the Israeli one begins as the two have been joined at the hip for almost two decades now.

    Now: when we speak about “defense industry” we invariably imagine tanks, jet fighters and firearms. But it’s so much more, starting from “information and surveillance systems”, meaning electronics and software.
    If you think Microsoft or CAS are overcharging you, you haven’t seen how much defense software costs. This software also takes an inordinate amount of time to develop due to the plague of the defense industry called “concurrent development”, so when it’s finally fielded, it’s generally obsolete already and needs an expensive update.

    France’s defense industry is mostly a shady business, often reminiscent of the Hughes defense conglomerate in the 50’s and 60’s: you have no idea where the private sector ends and the State begins.
    To make matters worse in France anything defense-related tends to belong to the “we don’t like answers” category.
    The Socialists have been every bit as enthusiastic as Les Republicaines in guarding the status-quo, but now the pie is shrinking, as France belongs to that group of countries where real economic growth is zero, costs continue to increase and unemployment is shooting upwards.
    The pie will have to shrink for the defense complex as well, whether the next French government (remember elections are around the corner) likes it or not.

  6. Tom Kauser says:

    Not even a half a thank you for Mr. Johnson!
    Maybe he could brush up on people places or things next time. And keep his almost 4 million votes next election?
    All this backslapping and Johnson did more for trump than trump did for himself.

  7. crying french lamb says:

    Nazi have dreamed of it, Holland socialist made it happen.

  8. Tom Welsh says:

    Another big sales win for Oracle…

  9. Petunia says:

    There is no such thing as a secure database. Even if you discount the possibility of hacking, which is very likely in any govt agency, you have the possibility of physical degradation of data.

    What this amounts to is that even if you have a system so secure that only one person has access to it, with no possible outside access, you still have the possibility of storage device failure. Most data storage devices have what is called a useful life, a time frame before they start to wear out, that degradation can change the data, as can temperature or just an inferior device.

    So what happens when the record with your information looses a few bits? Maybe your name changes, or your age, or your id number. Then who or what will decide who you really are? Is the backup right? Is the current record right?

    The more likely scenario is a hacker creating identities for fun and profit. Good luck.

    • Bill says:

      Your comment reminds me of the movie Brazil where an actual bug changed a byte of a record and mahem ensued.

  10. Ishkabibble says:

    If Trump, hopefully, turns out to be a sheep in “wolf’s” clothing, and he makes peace with the world instead of war on the world, perhaps the waves of refugees from the war-torn middle east that are flooding into Europe will, like a wave that has crashed onto a beach, recede back to homes and native lands.

    If Trump can miraculously stop the “Global War on Terror” (US wars to maintain USD hegemony and force other nations to accept fiat USD for real goods to follow US diktat), the US vassal states that make up “the world community” might be able to get rid of all of the, for lack of a better way of putting it, post-9/11 security apparatus such as the one mentioned in this article.

    But, no doubt about it, “the people” are going to have to demand that from their reluctant politicians. I say “reluctant” because Lockheed Martin is not going to be giving money to any peacenik candidates, domestic or foreign, for “public” office either. LM and all the rest of the war corporations only have eyes for sure-fire warmongers.

  11. Steve C. says:

    Scary news indeed, for those living in France. Topical too, in the Wikileaks showing the “leverage” they had to enforce the pact that Bernie had to play nice with Clinton. I have no doubt this criminal cabal has been using NSA data to get leverage on all their political adversaries.

  12. Bill says:

    What? No DNA sequence? Slackers.

  13. Charles says:

    Singapore operates a similar database on all its citizens and residents for decades, no issues so far.
    Anyway fingerprints are about as good as a 4-digits PIN and anyone’s face is recorded countless times on Facebook : one shouldn’t use it as the main gate for sensitive information, a real random pass phrase stored in the brain is the ONLY way to go.
    Fighting against the existence of databases is a rear guard action. It is much more important to be aware of its existence and able to access the content : imagine a world where Apple, Facebook, Google, Amazon, Microsoft and whoever is FORCED to send you regularly a report with all the data they have on you. I would love that…

  14. Gary Gate says:

    How about the decades old Population Information System in Finland ( ) or the similar system in Sweden? Have there been any problems or hacking over there?

Comments are closed.