Follow TIS on Twitter: @Truth_is_Scary & Like TIS of Facebook- facebook.com/TruthisScary
On October 30, the French government announced, as quietly as possible, the creation of a massive new database that will collect and store personal information and biometric data on nearly everyone living in the country. As tends to happen whenever a government seeks to enact this type of “reforms,” the law wasn’t passed by parliament but by decree on the eve of a national holiday.
As France 24 reports, the new decree will affect 60 million people and “marks the first time the country has collected population data on such a scale since the start of the Nazi Occupation in 1940.”
The move has sparked outrage from civil rights groups as well as French media, with weekly magazine L’Observateur describing it as “terrifying,” and daily newspaper Libération dubbing it a “mega database that will do no good”. The National Digital Council (CNNum) “laments” the government’s lack of prior consultation and highlights the “many concerns” the new decree raises. “In a digital world where code is law, the existence of such a database leaves the door wide open to likely and unacceptable excesses,” it said.
The new database, known rather optimistically as Secure Electronic Documents (Titres électroniques sécurisés or TES) will store an individual’s name, date and place of birth, gender, eye color, height, address, photograph, digitized fingerprints, facial features, e-mail address, and the names, nationalities, dates and places of birth of parents. The aim — according to the government — is to make it easier to obtain and renew identity documents, and to aid in the fight against identity fraud.
Unlike a similar law proposed by Nicholas Sarkozy’s conservative government in 2012, which was shot down, the new database will only be used to authenticate individuals, not to identifythem. In other words, it will be used to confirm that someone is who he or she claims to be, not to discover, say, the identity of someone whose biometrics have been found at the scene of a crime.
However, the potential for mission creep cannot be discounted. As an article in NextInpact points out, once the database exists, it is highly likely that there will be calls for it to be used for identification purposes, simply “because it is there.” There’s also good reason to suspect that a future government “will modify the aims,” as warns Gaëtan Gorce, a French senator and member of the National Commission for Information Technology and Civil Liberties (Cnil) who likened the TES to a “sort of monster.”
According to today’s government, the biometric data stored on the database could be used to identify criminal suspects only if “violations of the fundamental interests of the Nation and acts of terrorism” are involved. But who gets to decide what constitutes a “fundamental interest of the Nation” or, for that matter, “an act of terrorism”? [That was a rhetorical question, of course].
A Hacker’s Paradise
Another major problem with centralizing biometric data to this extent is that you make it a lot easier for it to be compromised. What’s to stop an insider from copying this data onto a drive and walking out with it, as Snowden and others have, including those who took Swiss banking data to the French and German authorities for money laundering investigations? This data would then most likely be sold online, on the so-called darknet.
“No computer system is impenetrable. All databases can be hacked. It’s always just a matter of time,” thundered French left-wing politician Jean-Jacques Urvoas in a 2012 blog post against Sarkozy’s proposed biometrics super database. Urvoas is now justice minister in Hollande’s government and hence is directly involved in drawing up the new decree, which bears a striking resemblance to Sarkozy’s earlier initiative.