New French Mandate Will Use Facial Recognition App To Create 'Secure Digital IDs'

from the downloadable-panopticon-portal dept

Facial recognition tech is considered at least mildly controversial in the United States. Certain federal agencies (like the DHS) are pushing for widespread deployment even as Congress members are raising questions about the tech's accuracy and reliability. Meanwhile, facial recognition bans are being introduced and enacted at the city and state level, showing there's no nationwide consensus that the tech is trustworthy, useful, or non-invasive.

Citizens and privacy groups have similar concerns in France, but the French government apparently doesn't care. In the name of "security," the government is adding facial recognition tech to its national ID program, as Helene Fouquet reports for Bloomberg.

France is poised to become the first European country to use facial recognition technology to give citizens a secure digital identity -- whether they want it or not.

Saying it wants to make the state more efficient, President Emmanuel Macron’s government is pushing through plans to roll out an ID program, dubbed Alicem, in November, earlier than an initial Christmas target.

This move by the Interior Ministry is already being challenged in court by privacy group La Quadrature du Net. Unfortunately, this challenge isn't preventing the rollout of the French government's Android app, which will be the only way for residents to create a digital ID that can be used to access government services.

An ID will be created through a one-time enrollment that works by comparing a user’s photo in their biometric passport to a selfie video taken on the app that will capture expressions, movements and angles. The phone and the passport will communicate through their embedded chips.

Because this digital ID is a mandatory possession, opponents have pointed out it violates consensual data collection provisions put in force by the GDPR. But that's far from the only problem. Facial recognition tech still doesn't work as well as its proponents claim, which is going to result in residents either being unable to create an ID the government will accept or possibly find themselves accused of ID fraud if the government side of the tech thinks they're someone else.

And then there's the security of the program itself. It's supposed to make French citizens more "secure," but the government hasn't impressed anyone with its claims of "highest, state level" security. Its own encrypted messaging platform was compromised in less than two hours by a security researcher, allowing the researcher to create accounts at will and harvest sensitive data from existing accounts. A bug bounty was rolled out shortly after that. There has been no offer of a bug bounty or any invitation to stress test the "state level" security of the government's latest app -- one that will be used by roughly 100% of the country's residents.

Potential damage will be mitigated by the catch-and-release nature of the data collection. Once an ID is created, the government will apparently delete the data it has collected and everything stored locally by the app on the user's device will vanish after the enrollment is complete and the app has been deleted. But some data is still being stored somewhere so citizens can use their new digital IDs to access government services, although the government insists biometric info from Alicem won't make its way to other government databases.

Even if everything the government claims is true, this rollout -- one that occurred without public comment and does not give residents any way to opt out -- will make it easier for the government to introduce more intrusive facial recognition programs. If this digital ID program runs smoothly and does what's advertised, it will lower resistance to government use of biometric scanning and tracking in the future. After all, if something worked well once during a minimal, controlled rollout, it might work again when there's more at stake and fewer controls on collection and retention of biometric info. Surveillance creep is still a thing. And it always has a starting point few people find objectionable.

Filed Under: facial recognition, france, id, privacy, secure digital ids


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 10 Oct 2019 @ 1:00pm

    false entertainment

    I can't wait to see what generates the more 'entertaining' stories... the cases where a person is able to use someone else's 'secure identity' or when a person is no longer able to access their own 'secure identity'...
    Either way, I look forward to reading about it

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Oct 2019 @ 6:29am

      Re: false entertainment

      That is some security you got there mister ... LOL.
      Where did you get that, from a bubblegum machine?
      Are they just short sighted or do they not care?
      Maybe it is intentional that their secure id not be all that secure.

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 10 Oct 2019 @ 1:14pm

    https://itd.idaho.gov/StarCard/acceptable-documents.html
    from my state, but started about 2005, and supposed to happen by 2020(?)..

    https://southcentral.edu/Department-of-Information-Technology/starid.html
    Seems a college is using it for ID..

    So..
    I can go get a Cheap no contract phone, and then use the program and declare myself to be any name I want???
    They SAY, its for federal use, but I DONT THINK that will last long, before every bank/credit agency has it. Then Stores will integrate it with Credit cards..

    STAR ID REQUIREMENT:
    Valid, unexpired United States Passport
    Certified Birth Certificate
    Consular Report of Birth Abroad (Form FS-240, DS-1350, or FS-545)
    Valid, unexpired Permanent Resident Card (Form I-551) issued by Department of Homeland Security or Immigration and Naturalization Service
    Unexpired employment authorization document (EAD) issued by DHS (Form I-766 or Form I-688B)
    Unexpired Foreign Passport with a valid, unexpired U.S. Visa affixed, accompanied by the approved I-94 form documenting the applicant’s most recent admittance into the U.S.
    Certificate of Naturalization issued by DHS (Form N-550 or N-570)
    Certificate of Citizenship issued by DHS (Form N-560 or N-561)

    Social Security card
    United States Military Form DD 214
    Medicare/Medicaid Identification Card (if Social Security Number is followed by the letter A)
    W-2 Tax Form

    Voter Registration Card
    Residential mortgage control
    Current lease or rental agreement for housing
    Proof of payment of residential property tax (homestead)
    Previous year tax returns bearing applicants address
    Vehicle registration bearing applicants name and address
    Utility bill (water, gas or electric) less than 90 days old
    Any state or federal court documents indicating residence address
    School enrollment documentation
    Defense Department Form 214 (Report of Separation)
    Sex offender registration documents
    Current homeowners insurance policy with name and address
    Social Security benefits statements/summary mailed to physical address
    U.S. or state government check or other document mailed to applicants physical address
    Military orders documenting duty station and place of residence.

    In the end there is a problem with all this.
    The info has to be inserted into a computer system that is allowed FEDERALLY.. so they are going to use your DMV. Even with a Passport I would think they want another ID..

    reply to this | link to this | view in chronology ]

  • icon
    127.0.0.1 (profile), 10 Oct 2019 @ 1:21pm

    French ... ?

    There is no Malice in Alicem.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Oct 2019 @ 1:23pm

    Just a few issues

    First, it requires you have a smart phone. They'll drag you into the century of the fruitbat kicking and screaming if necessary. Oh, I do hope you aren't so poor you don't have a phone.

    Second, it requires an android phone. Sorry, iPhone users!

    Third, it assumes your face will never change. Did they get this policy from Peter Pan, or what?

    ... let alone injury, weight gain/loss, etc.

    ... let alone having enough useful data points to be truly unique among the population of the world. (Extra points for accuracy... see incidental changes, above.)

    Fourth, if said "lack of change" assumption is true, see all the arguments about "being unable to change your biometrics".

    So, let's hear it for the Faceless Masses, eh?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Oct 2019 @ 2:22pm

      Re: Just a few issues

      Couple more issues you didn't mention:
      To install any app from the Google Play Store you also need to agree to the Google Play terms of service (https://play.google.com/about/play-terms/index.html) and the Google terms of service (https://policies.google.com/terms).

      That also means that violating a 3rd party terms of use (Google's) can get you permanently banned from the play store and thus not be allowed to get a federally mandated ID because of a contractual violation of a private agreement between you and a commercial entity.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Oct 2019 @ 2:49pm

        Re: Re: Just a few issues

        and piss poor accuracy

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Oct 2019 @ 3:42pm

        Re: Re: Just a few issues

        So the French government is effectively mandating Google's term of services for all it's citizens.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 11 Oct 2019 @ 9:16am

        Re: Re: Just a few issues

        That also means that violating a 3rd party terms of use (Google's) can get you permanently banned from the play store and thus not be allowed to get a federally mandated ID

        Is that not already the case with existing government services? E.g., if you want to get a driver's license and the government office is in a mall that you're banned from, and no other office is reachable by public transit or walking, is there a solution?

        (Panhandling is one reason people get banned, meaning this could disproportionately affect the poor—much like requiring a smartphone.)

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Oct 2019 @ 5:04pm

      Re: Just a few issues

      Their face never changes: it's made out of granite.

      reply to this | link to this | view in chronology ]

  • identicon
    A Guy, 10 Oct 2019 @ 1:57pm

    Future Headline:

    France becomes the first country to have their entire populations facial id scans uploaded to both the Russian and Chinese governments in single data breach.

    France beats China in race to having all their citizens catalogued by the Chinese government.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Oct 2019 @ 2:24pm

    What I read

    Presidential office of France available to first individual able to sufficently break new French ID software.

    reply to this | link to this | view in chronology ]

  • icon
    JoeCool (profile), 10 Oct 2019 @ 3:28pm

    Won't last long

    Given the rates of misidentification, even for the very best facial ID systems, there will be many tens of thousands of people who wind up in limbo as "their" face is already registered to someone else. Maybe hundreds of thousands.

    This whole thing stinks of cronyism - someone in France's government works for a facial recognition system on the side and wanted government money lining their end-of-year figures.

    reply to this | link to this | view in chronology ]

  • icon
    Get off my cyber-lawn! (profile), 10 Oct 2019 @ 3:42pm

    Program shares name of evil CPU in "Resident Evil" series

    what could go wrong?

    reply to this | link to this | view in chronology ]

  • icon
    TheResidentSkeptic (profile), 10 Oct 2019 @ 4:35pm

    If only...

    ... every set of identical twins would show up at their door on day one - dressed alike, coiffed alike, made up alike - and demanded their "face recognition" individual IDs...

    reply to this | link to this | view in chronology ]

  • icon
    tom (profile), 10 Oct 2019 @ 9:40pm

    It doesn't take much searching to find a long list of security breaches where the account names + passwords (or hash files) were stolen. The same will eventually happen with this biometric system. How long before someone figures out how to feed a stolen biometric file into an app that is supposed to scan a face and instead feeds the stolen file into the comparison part of the security system? At that point, the real account holder is screwed as they can't just change their face like they can a stolen password.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Oct 2019 @ 6:35am

      Re:

      This coupled with the prolific contamination of our judicial system with the third party liability doctrine, will result in a huge boon within the private prison industry.
      Forced arbitration will be the icing on the cake that the people will be allowed to eat.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Oct 2019 @ 2:30am

    Distopia

    This is just batshit crazy.

    Who would trade a national database filled with biometric data (a super target) for a "more efficient" govt?

    WTF is "more efficient" anyway?

    reply to this | link to this | view in chronology ]

  • icon
    Wyrm (profile), 11 Oct 2019 @ 8:35am

    litmus test

    First things first: can this be tricked using a photo?
    If so, drop the whole project as useless.
    Next, or at the same time, you can start looking into the other points others here and in France have already raised.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.