France is poised to adopt a massive new biometric registry, managed by the interior ministry, centralising the personal details of up to 60 million French people. The data bank will be created with the introduction of a new, high-tech identity card, which the government says is designed to combat fast-increasing identity fraud.
While opponents dismiss the move as the disguised creation of an investigation tool for police, with inherent dangers of abusive use, the French electronics industry is lobbying for the new cards as an opportunity to become leader in the field of identity management.
The card is the object of the Identity Protection Bill which was adopted on February 1st by an almost-empty lower house, the National Assembly. The bill must now go back to the Senate, then return to the Assembly which, barring unforeseen events, will adopt a final version.
This "registry of honest folk" as it is dubbed by François Pillet, the bill's rapporteur for the ruling UMP in the Senate, has been the object of a struggle since May 2011 between the ruling Right in the National Assembly and the Senate, which, after recent elections, has a Left majority.
The bill creates a national identity card with two microchips embedded inside. One of these is a mandatory one with biometric data such as last name, first name, gender, date and place of birth, current address, height, eye colour, fingerprints and photo. The other will be optional and will allow internet users to identify themselves online to government or commercial sites, through an electronic signature.
In a major change from current data management methods of the paper files kept by each police administration, the data collected under the bill would be centralised within an electronic database that already exists for passports, called TES (titres électroniques sécurisés).
Enlargement : Illustration 1
The Ministry of the Interior argues that the bill is needed to fight against identity theft, of which there are 210,000 cases each year. But this figure may be overestimated, according to independent news media site Owni which points out that ONDRP, the National Observatory on Deliquence, found only 6,342 cases of identity theft in 2010, a 24 per cent drop since 2005. The ONDRP was created in 2003 by then-interior minister and now president, Nicolas Sarkozy.
The Left opposition suspects the ruling UMP party of using the fight against identity theft in order to use the registry for criminal investigations. "You are taking advantage of a punishable offence, Monsieur le Ministre, to realise an old dream of the [ministry's]: the creation of a huge biometric registry of several million French people," Socialist Party MP Serge Blisko told the interior minister on February 1st, 2012.
Following a decision by the Council of State, France's highest administrative court, and comments from the data protection watchdog, the National Council for Data Processing and Freedom (CNIL), the ruling UMP was forced to water-down its project. Only two fingerprints are to be included instead of eight; facial recognition was abandoned, and cross-referencing of the data base with other registries is banned. But the registry still allows a person to be identified by their fingerprints. That makes it similar to a police registry such as that collecting automated fingerprints.
The proposed bill, however, limits use of the registry to three cases: for verifications when issuing or renewing identity cards; to identify victims of accidents or of natural disasters and finally, in certain cases of identity theft, when monitored by a public prosecutor within the framework of investigations in flagrante delicto; in preliminary investigations or when a warrant is issued.
High hopes for the electronics industry
The bill lists some 15 criminal investigations for which it can be used, ranging from identity theft (as defined by the Loppsi Bill of March 14th, 2011) to forgery and use of forged documents. It also includes interfering with the intelligence services and giving a wrong address or identity to sworn transport officials. "This is rather wide-reaching because it can include foreigners who work with false documents or even people who jump the turnstile in the metro and give a false address to the controller," Serge Blisko notes.
Nothing guarantees that the scope of its use won't get longer as time passes. "The enlargement of the use of registries is a constant in the practice of government," says Socialist Party MP Jean-Jacques Urvoas. An example of this is the National DNA Registry, created in 1998 to register perpetrators of sexual offences. It now covers a large number of the offences in the penal code, and trade unionists involved in vigorous protests and environmental activists who mowed down genetically-modified corn have been tried for refusing to submit DNA samples to the registry.
François Pillet, the UMP rapporteur in the Senate, has described this as a potential “time bomb”, and suggests the adoption of what's called the weak link solution, which can establish identity theft without establishing a lasting link between fingerprints and identity. "We, elected and government officials, cannot, as democrats concerned with protecting the public's privacy, leave behind us a registry that could be transformed, in the future, into a dangerous, liberticidal tool by others following the thread of a story of which we will no long be the authors," Pillet said on December 13th, 2011.
For the senators this is a bone of contention with the majority MPs who favour a solution with a strong link between fingerprints and identity.
A strong link approach is also favoured by the GIXEL, a lobbying group for French electronic components and systems industries, which was closely consulted. "No fewer than 14 representatives of industries that are members of GIXEL filed through the office of bill's rapporteur in the Senate," reported media site Owni.
GIXEL deplored that the "absence of projects in France, the country that invented the microchip and which is the champion in this field, does not foster the international promotion of a French model of identity management". And it adds that success for French firms "internationally would be greater, faced with German or US competition, if it were supported by a concrete domestic project".
For the lobby, there is no question of developing a weak link system because that is not what sells abroad. That explains why Morpho (formerly Sagem), which patented the weak link system, is back-tracking. "The company that invented the weak link, itself, has doubts about its security and recognises that it isn't operational," interior minister Claude Guéant argued on February 1st.
"In fact," notes Serge Blisko, "these firms have a vested interest in the establishment of an intrusive system in France to act as a showcase for other countries, such as India, that are reorganising their civil registries. You don't sell abroad with privacy protection issues, but with high-security flagship products."
Meanwhile, most of those European countries which have adopted an electronic identity card system have not found it necessary to include biometric data, and, except for Spain, none have found it useful to have a centralised database. The United Kingdom and the Netherlands recently abandoned biometric projects on the basis of their lack of reliability.
-------------------------
English version: Patricia Brett
(Editing by Graham Tearse)