New French Mandate Will Use Facial Recognition App To Create 'Secure Digital IDs'
from the downloadable-panopticon-portal dept
Facial recognition tech is considered at least mildly controversial in the United States. Certain federal agencies (like the DHS) are pushing for widespread deployment even as Congress members are raising questions about the tech's accuracy and reliability. Meanwhile, facial recognition bans are being introduced and enacted at the city and state level, showing there's no nationwide consensus that the tech is trustworthy, useful, or non-invasive.
Citizens and privacy groups have similar concerns in France, but the French government apparently doesn't care. In the name of "security," the government is adding facial recognition tech to its national ID program, as Helene Fouquet reports for Bloomberg.
France is poised to become the first European country to use facial recognition technology to give citizens a secure digital identity -- whether they want it or not.
Saying it wants to make the state more efficient, President Emmanuel Macron’s government is pushing through plans to roll out an ID program, dubbed Alicem, in November, earlier than an initial Christmas target.
This move by the Interior Ministry is already being challenged in court by privacy group La Quadrature du Net. Unfortunately, this challenge isn't preventing the rollout of the French government's Android app, which will be the only way for residents to create a digital ID that can be used to access government services.
An ID will be created through a one-time enrollment that works by comparing a user’s photo in their biometric passport to a selfie video taken on the app that will capture expressions, movements and angles. The phone and the passport will communicate through their embedded chips.
Because this digital ID is a mandatory possession, opponents have pointed out it violates consensual data collection provisions put in force by the GDPR. But that's far from the only problem. Facial recognition tech still doesn't work as well as its proponents claim, which is going to result in residents either being unable to create an ID the government will accept or possibly find themselves accused of ID fraud if the government side of the tech thinks they're someone else.
And then there's the security of the program itself. It's supposed to make French citizens more "secure," but the government hasn't impressed anyone with its claims of "highest, state level" security. Its own encrypted messaging platform was compromised in less than two hours by a security researcher, allowing the researcher to create accounts at will and harvest sensitive data from existing accounts. A bug bounty was rolled out shortly after that. There has been no offer of a bug bounty or any invitation to stress test the "state level" security of the government's latest app -- one that will be used by roughly 100% of the country's residents.
Potential damage will be mitigated by the catch-and-release nature of the data collection. Once an ID is created, the government will apparently delete the data it has collected and everything stored locally by the app on the user's device will vanish after the enrollment is complete and the app has been deleted. But some data is still being stored somewhere so citizens can use their new digital IDs to access government services, although the government insists biometric info from Alicem won't make its way to other government databases.
Even if everything the government claims is true, this rollout -- one that occurred without public comment and does not give residents any way to opt out -- will make it easier for the government to introduce more intrusive facial recognition programs. If this digital ID program runs smoothly and does what's advertised, it will lower resistance to government use of biometric scanning and tracking in the future. After all, if something worked well once during a minimal, controlled rollout, it might work again when there's more at stake and fewer controls on collection and retention of biometric info. Surveillance creep is still a thing. And it always has a starting point few people find objectionable.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: facial recognition, france, id, privacy, secure digital ids
Reader Comments
Subscribe: RSS
View by: Time | Thread
false entertainment
I can't wait to see what generates the more 'entertaining' stories... the cases where a person is able to use someone else's 'secure identity' or when a person is no longer able to access their own 'secure identity'...
Either way, I look forward to reading about it
[ link to this | view in chronology ]
Re: false entertainment
That is some security you got there mister ... LOL.
Where did you get that, from a bubblegum machine?
Are they just short sighted or do they not care?
Maybe it is intentional that their secure id not be all that secure.
[ link to this | view in chronology ]
https://itd.idaho.gov/StarCard/acceptable-documents.html
from my state, but started about 2005, and supposed to happen by 2020(?)..
https://southcentral.edu/Department-of-Information-Technology/starid.html
Seems a college is using it for ID..
So..
I can go get a Cheap no contract phone, and then use the program and declare myself to be any name I want???
They SAY, its for federal use, but I DONT THINK that will last long, before every bank/credit agency has it. Then Stores will integrate it with Credit cards..
STAR ID REQUIREMENT:
Valid, unexpired United States Passport
Certified Birth Certificate
Consular Report of Birth Abroad (Form FS-240, DS-1350, or FS-545)
Valid, unexpired Permanent Resident Card (Form I-551) issued by Department of Homeland Security or Immigration and Naturalization Service
Unexpired employment authorization document (EAD) issued by DHS (Form I-766 or Form I-688B)
Unexpired Foreign Passport with a valid, unexpired U.S. Visa affixed, accompanied by the approved I-94 form documenting the applicant’s most recent admittance into the U.S.
Certificate of Naturalization issued by DHS (Form N-550 or N-570)
Certificate of Citizenship issued by DHS (Form N-560 or N-561)
Social Security card
United States Military Form DD 214
Medicare/Medicaid Identification Card (if Social Security Number is followed by the letter A)
W-2 Tax Form
Voter Registration Card
Residential mortgage control
Current lease or rental agreement for housing
Proof of payment of residential property tax (homestead)
Previous year tax returns bearing applicants address
Vehicle registration bearing applicants name and address
Utility bill (water, gas or electric) less than 90 days old
Any state or federal court documents indicating residence address
School enrollment documentation
Defense Department Form 214 (Report of Separation)
Sex offender registration documents
Current homeowners insurance policy with name and address
Social Security benefits statements/summary mailed to physical address
U.S. or state government check or other document mailed to applicants physical address
Military orders documenting duty station and place of residence.
In the end there is a problem with all this.
The info has to be inserted into a computer system that is allowed FEDERALLY.. so they are going to use your DMV. Even with a Passport I would think they want another ID..
[ link to this | view in chronology ]
Re:
Who, the south central DITs?
[ link to this | view in chronology ]
French ... ?
There is no Malice in Alicem.
[ link to this | view in chronology ]
Just a few issues
First, it requires you have a smart phone. They'll drag you into the century of the fruitbat kicking and screaming if necessary. Oh, I do hope you aren't so poor you don't have a phone.
Second, it requires an android phone. Sorry, iPhone users!
Third, it assumes your face will never change. Did they get this policy from Peter Pan, or what?
... let alone injury, weight gain/loss, etc.
... let alone having enough useful data points to be truly unique among the population of the world. (Extra points for accuracy... see incidental changes, above.)
Fourth, if said "lack of change" assumption is true, see all the arguments about "being unable to change your biometrics".
So, let's hear it for the Faceless Masses, eh?
[ link to this | view in chronology ]
Re: Just a few issues
Couple more issues you didn't mention:
To install any app from the Google Play Store you also need to agree to the Google Play terms of service (https://play.google.com/about/play-terms/index.html) and the Google terms of service (https://policies.google.com/terms).
That also means that violating a 3rd party terms of use (Google's) can get you permanently banned from the play store and thus not be allowed to get a federally mandated ID because of a contractual violation of a private agreement between you and a commercial entity.
[ link to this | view in chronology ]
Re: Re: Just a few issues
and piss poor accuracy
[ link to this | view in chronology ]
Re: Re: Just a few issues
So the French government is effectively mandating Google's term of services for all it's citizens.
[ link to this | view in chronology ]
Re: Re: Just a few issues
Is that not already the case with existing government services? E.g., if you want to get a driver's license and the government office is in a mall that you're banned from, and no other office is reachable by public transit or walking, is there a solution?
(Panhandling is one reason people get banned, meaning this could disproportionately affect the poor—much like requiring a smartphone.)
[ link to this | view in chronology ]
Re: Just a few issues
Their face never changes: it's made out of granite.
[ link to this | view in chronology ]
Future Headline:
France becomes the first country to have their entire populations facial id scans uploaded to both the Russian and Chinese governments in single data breach.
France beats China in race to having all their citizens catalogued by the Chinese government.
[ link to this | view in chronology ]
Re:
Are we sure this story is true? It seems like one of those internet hoaxes.
[ link to this | view in chronology ]
What I read
Presidential office of France available to first individual able to sufficently break new French ID software.
[ link to this | view in chronology ]
Won't last long
Given the rates of misidentification, even for the very best facial ID systems, there will be many tens of thousands of people who wind up in limbo as "their" face is already registered to someone else. Maybe hundreds of thousands.
This whole thing stinks of cronyism - someone in France's government works for a facial recognition system on the side and wanted government money lining their end-of-year figures.
[ link to this | view in chronology ]
Program shares name of evil CPU in "Resident Evil" series
what could go wrong?
[ link to this | view in chronology ]
If only...
... every set of identical twins would show up at their door on day one - dressed alike, coiffed alike, made up alike - and demanded their "face recognition" individual IDs...
[ link to this | view in chronology ]
Re: If only...
Along with the identical triplets, quads etc.?
[ link to this | view in chronology ]
Re: Re: If only...
This will be a new tool in warfare.
[ link to this | view in chronology ]
It doesn't take much searching to find a long list of security breaches where the account names + passwords (or hash files) were stolen. The same will eventually happen with this biometric system. How long before someone figures out how to feed a stolen biometric file into an app that is supposed to scan a face and instead feeds the stolen file into the comparison part of the security system? At that point, the real account holder is screwed as they can't just change their face like they can a stolen password.
[ link to this | view in chronology ]
Re:
This coupled with the prolific contamination of our judicial system with the third party liability doctrine, will result in a huge boon within the private prison industry.
Forced arbitration will be the icing on the cake that the people will be allowed to eat.
[ link to this | view in chronology ]
Distopia
This is just batshit crazy.
Who would trade a national database filled with biometric data (a super target) for a "more efficient" govt?
WTF is "more efficient" anyway?
[ link to this | view in chronology ]
litmus test
First things first: can this be tricked using a photo?
If so, drop the whole project as useless.
Next, or at the same time, you can start looking into the other points others here and in France have already raised.
[ link to this | view in chronology ]