New French Mandate Will Use Facial Recognition App To Create 'Secure Digital IDs'

from the downloadable-panopticon-portal dept

Facial recognition tech is considered at least mildly controversial in the United States. Certain federal agencies (like the DHS) are pushing for widespread deployment even as Congress members are raising questions about the tech’s accuracy and reliability. Meanwhile, facial recognition bans are being introduced and enacted at the city and state level, showing there’s no nationwide consensus that the tech is trustworthy, useful, or non-invasive.

Citizens and privacy groups have similar concerns in France, but the French government apparently doesn’t care. In the name of “security,” the government is adding facial recognition tech to its national ID program, as Helene Fouquet reports for Bloomberg.

France is poised to become the first European country to use facial recognition technology to give citizens a secure digital identity — whether they want it or not.

Saying it wants to make the state more efficient, President Emmanuel Macron’s government is pushing through plans to roll out an ID program, dubbed Alicem, in November, earlier than an initial Christmas target.

This move by the Interior Ministry is already being challenged in court by privacy group La Quadrature du Net. Unfortunately, this challenge isn’t preventing the rollout of the French government’s Android app, which will be the only way for residents to create a digital ID that can be used to access government services.

An ID will be created through a one-time enrollment that works by comparing a user’s photo in their biometric passport to a selfie video taken on the app that will capture expressions, movements and angles. The phone and the passport will communicate through their embedded chips.

Because this digital ID is a mandatory possession, opponents have pointed out it violates consensual data collection provisions put in force by the GDPR. But that’s far from the only problem. Facial recognition tech still doesn’t work as well as its proponents claim, which is going to result in residents either being unable to create an ID the government will accept or possibly find themselves accused of ID fraud if the government side of the tech thinks they’re someone else.

And then there’s the security of the program itself. It’s supposed to make French citizens more “secure,” but the government hasn’t impressed anyone with its claims of “highest, state level” security. Its own encrypted messaging platform was compromised in less than two hours by a security researcher, allowing the researcher to create accounts at will and harvest sensitive data from existing accounts. A bug bounty was rolled out shortly after that. There has been no offer of a bug bounty or any invitation to stress test the “state level” security of the government’s latest app — one that will be used by roughly 100% of the country’s residents.

Potential damage will be mitigated by the catch-and-release nature of the data collection. Once an ID is created, the government will apparently delete the data it has collected and everything stored locally by the app on the user’s device will vanish after the enrollment is complete and the app has been deleted. But some data is still being stored somewhere so citizens can use their new digital IDs to access government services, although the government insists biometric info from Alicem won’t make its way to other government databases.

Even if everything the government claims is true, this rollout — one that occurred without public comment and does not give residents any way to opt out — will make it easier for the government to introduce more intrusive facial recognition programs. If this digital ID program runs smoothly and does what’s advertised, it will lower resistance to government use of biometric scanning and tracking in the future. After all, if something worked well once during a minimal, controlled rollout, it might work again when there’s more at stake and fewer controls on collection and retention of biometric info. Surveillance creep is still a thing. And it always has a starting point few people find objectionable.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “New French Mandate Will Use Facial Recognition App To Create 'Secure Digital IDs'”

Subscribe: RSS Leave a comment
ECA (profile) says:
from my state, but started about 2005, and supposed to happen by 2020(?)..
Seems a college is using it for ID..

I can go get a Cheap no contract phone, and then use the program and declare myself to be any name I want???
They SAY, its for federal use, but I DONT THINK that will last long, before every bank/credit agency has it. Then Stores will integrate it with Credit cards..

Valid, unexpired United States Passport
Certified Birth Certificate
Consular Report of Birth Abroad (Form FS-240, DS-1350, or FS-545)
Valid, unexpired Permanent Resident Card (Form I-551) issued by Department of Homeland Security or Immigration and Naturalization Service
Unexpired employment authorization document (EAD) issued by DHS (Form I-766 or Form I-688B)
Unexpired Foreign Passport with a valid, unexpired U.S. Visa affixed, accompanied by the approved I-94 form documenting the applicant’s most recent admittance into the U.S.
Certificate of Naturalization issued by DHS (Form N-550 or N-570)
Certificate of Citizenship issued by DHS (Form N-560 or N-561)

Social Security card
United States Military Form DD 214
Medicare/Medicaid Identification Card (if Social Security Number is followed by the letter A)
W-2 Tax Form

Voter Registration Card
Residential mortgage control
Current lease or rental agreement for housing
Proof of payment of residential property tax (homestead)
Previous year tax returns bearing applicants address
Vehicle registration bearing applicants name and address
Utility bill (water, gas or electric) less than 90 days old
Any state or federal court documents indicating residence address
School enrollment documentation
Defense Department Form 214 (Report of Separation)
Sex offender registration documents
Current homeowners insurance policy with name and address
Social Security benefits statements/summary mailed to physical address
U.S. or state government check or other document mailed to applicants physical address
Military orders documenting duty station and place of residence.

In the end there is a problem with all this.
The info has to be inserted into a computer system that is allowed FEDERALLY.. so they are going to use your DMV. Even with a Passport I would think they want another ID..

This comment has been deemed insightful by the community.
Anonymous Coward says:

Just a few issues

First, it requires you have a smart phone. They’ll drag you into the century of the fruitbat kicking and screaming if necessary. Oh, I do hope you aren’t so poor you don’t have a phone.

Second, it requires an android phone. Sorry, iPhone users!

Third, it assumes your face will never change. Did they get this policy from Peter Pan, or what?

… let alone injury, weight gain/loss, etc.

… let alone having enough useful data points to be truly unique among the population of the world. (Extra points for accuracy… see incidental changes, above.)

Fourth, if said "lack of change" assumption is true, see all the arguments about "being unable to change your biometrics".

So, let’s hear it for the Faceless Masses, eh?

This comment has been deemed insightful by the community.
Anonymous Coward says:

Re: Just a few issues

Couple more issues you didn’t mention:
To install any app from the Google Play Store you also need to agree to the Google Play terms of service ( and the Google terms of service (

That also means that violating a 3rd party terms of use (Google’s) can get you permanently banned from the play store and thus not be allowed to get a federally mandated ID because of a contractual violation of a private agreement between you and a commercial entity.

Anonymous Coward says:

Re: Re: Just a few issues

That also means that violating a 3rd party terms of use (Google’s) can get you permanently banned from the play store and thus not be allowed to get a federally mandated ID

Is that not already the case with existing government services? E.g., if you want to get a driver’s license and the government office is in a mall that you’re banned from, and no other office is reachable by public transit or walking, is there a solution?

(Panhandling is one reason people get banned, meaning this could disproportionately affect the poor—much like requiring a smartphone.)

This comment has been deemed insightful by the community.
This comment has been deemed funny by the community.
A Guy says:

Future Headline:

France becomes the first country to have their entire populations facial id scans uploaded to both the Russian and Chinese governments in single data breach.

France beats China in race to having all their citizens catalogued by the Chinese government.

JoeCool (profile) says:

Won't last long

Given the rates of misidentification, even for the very best facial ID systems, there will be many tens of thousands of people who wind up in limbo as "their" face is already registered to someone else. Maybe hundreds of thousands.

This whole thing stinks of cronyism – someone in France’s government works for a facial recognition system on the side and wanted government money lining their end-of-year figures.

tom (profile) says:

It doesn’t take much searching to find a long list of security breaches where the account names + passwords (or hash files) were stolen. The same will eventually happen with this biometric system. How long before someone figures out how to feed a stolen biometric file into an app that is supposed to scan a face and instead feeds the stolen file into the comparison part of the security system? At that point, the real account holder is screwed as they can’t just change their face like they can a stolen password.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...