France is creating – and speeding up the rollout of – a nationwide program using facial recognition to create legal digital identities for its citizens.
The program is called Alicem – an acronym for “certified online authentification on mobile”. It was developed jointly by the Ministry of the Interior and the National Security Title Agency (ANTS), which maintain that it’s going to a) simplify getting online services while b) fighting identity theft, c) keeping the biometric data safe on the phone, making it disappear after validating identity, and d) not letting third parties get at the data.
France had planned to launch the Android-only app by Christmas. But now, it’s greasing the wheels and plans to have it up and running in November 2019, Bloomberg reports.
Privacy watchdogs are not pleased
The country’s privacy regulator, CNIL, says the program breaches the EU’s rule of consent. Europe’s General Data Protection Regulation (GDPR) mandates free choice. Bloomberg spoke to Emilie Seruga-Cau, the head of law enforcement at CNIL, who said that the independent regulator has made its concerns “very clear.”
The publication, which was able to check out the app, reports that Alicem will be the only way for French citizens to create a legal digital ID, and facial recognition will be the only way to do it.
It will require that residents use an Android app to take one-time selfie videos that capture their expressions and movements at different angles, to compare with photos of themselves stored in their biometric passports.
Meanwhile, the French privacy rights group La Quadrature du Net (LQDN) has filed a lawsuit over the program in France’s highest administrative court.
LQDN lawyer Martin Drago told the Telegraph that the government is rushing people into using Alicem and facial recognition:
The government wants to funnel people to use Alicem and facial recognition. We’re heading into mass usage of facial recognition. [There’s] little interest in the importance of consent and choice.
Security claims questioned
As Bloomberg points out, we might have just cause to question the Interior Ministry’s assurances that it can be trusted to guard the biometric data it plans to collect.
On 17 April 2019, the French Government launched a secure encrypted messaging app called Tchap that was hailed as being more secure than Telegram or WhatsApp, to be accessed only by officials and politicians with email accounts associated with email from government domains.
Two days later, it took 75 minutes for French security researcher Robert Baptiste – better known by his Twitter username, Elliot Alderson – to find a security loophole that allowed anyone to sign up an account with the Tchap app and access groups and channels without requiring an official email address.
The French government has promised that the security of Alicem is of the highest “state level” – a promise that doesn’t ease Baptiste’s concerns over its being rushed into use. Bloomberg quotes the researcher:
The government shouldn’t boast that its system is secure, but accept to be challenged. They could open a bug bounty before starting, because it would be serious if flaws were discovered after people start using it, or worse if the app gets hacked during enrollment, when the facial recognition data is collected.
France has promised not to use facial recognition to keep tabs on citizens, as is done in China and Singapore. The biometric data won’t be integrated into citizen identity databases as in those countries, it says. Rather, the data will disappear after validation occurs, they say. (Because the promise of ephemeral data has turned out so well for Snapchat and WhatsApp, et al., yes?)
But critics say that rushing to embrace the technology is a “major risk” at this point given that there are still questions about how it will eventually be used. Bloomberg quoted Didier Baichere, a governing-party lawmaker who sits on the Parliament’s “future technologies” commission and who authored a recent report on the subject.
He called it “ludicrous” to put facial recognition into mass use without first putting in place checks and balances.
France might be the first EU country to use a nationwide facial recognition ID app, but it’s far from alone in embracing the technology. According to a report from the Carnegie Endowment for International Peace, the use of AI surveillance technologies – including facial recognition – is spreading faster, to a wider range of countries, than experts have commonly understood.
The report found that at least 75 out of 176 countries globally are actively using AI technologies for surveillance purposes, including smart city/safe city platforms, now in use by 56 countries; facial recognition systems, being used by 64 countries; and smart policing, now used by law enforcement in 52 countries.