A French state watchdog has called for the suspension of a database that could end up holding the biometric details of 60 million people.
The aim of a single “mega-database” is to fight identity fraud and improve efficiency. But, as Paul Kirby explains, there are fears the database could be abused not only by hackers but by state intelligence too,
What’s the database for?
The single database would not be used in judicial investigations, ministers insist. Rather, it would help tackle identity fraud by comparing one set of digital fingerprints with another.
France’s interior ministry wants the Secure Electronic Documents (TES) to collect all the information on an individual held on two separate databases that have details of people’s passports and national ID cards. Only children under 12 would be exempt.
It would include an individual’s name, address, marital status, eye colour, weight, photograph and fingerprints.
It’s merely an administrative register, argues Justice Minister Jean-Jacques Urvoas. Its only legal use would be when data need to be requisitioned.
What’s the problem with it?
First of all, there are very real security concerns. A centralised database of that magnitude, in the words of France’s CNNum digital watchdog, would create a “target of inestimable value” in a data world where no system is impregnable.
Then there’s privacy, a highly sensitive issue across Europe, particularly as it is enshrined in the European Convention on Human Rights.
One centre-right senator spoke of a “time bomb for public freedoms” and the digital watchdog warned that democracy was on the retreat in Europe and the US.
France’s Socialists objected to an earlier database on grounds of privacy when the centre-right government suggested one in 2012. That database would have been used to investigate crime. It was eventually slapped down by the constitutional court because it did not protect against “arbitrary use”.
Now the Socialist government has steered through a revamped database by government decree, during a holiday weekend, without the agreement of France’s National Assembly.
Is France the only country to want a single database?
Every country is having to balance privacy and security, especially in Europe. Earlier this year, the European Parliament backed a joint system on airline passenger data on flights in and out of the EU and there’s a push for greater information sharing across police forces.
For Joe McNamee of European digital rights group Edri it’s becoming “an ideology rather than a tool”.
“You’re creating a specific privacy risk for the individual vis-a-vis the state. We’re getting to a stage where the question is how much bang for a buck are you getting.”
In Denmark, a personal ID number works across all the public service databases and campaigners worry that safeguards are insufficient.
For some countries, such as Germany and Spain which suffered decades of state surveillance in the 20th Century, personal privacy is seen as essential.
The UK is due to pass by the end of 2016 the Investigatory Powers Bill which will allow security agencies to access databases held by private and public organisations. Critics have dubbed the law a “snooper’s charter” but the House of Lords has inserted an amendment emphasising privacy as a fundamental priority.
How serious is the threat of being hacked?
It is real and it has happened before:
- Earlier this year the personal details of some 50 million people in Turkey were reportedly leaked
- Hackers stole some 5.6 million fingerprint records after breaching US government networks in 2015
- French experts point to a hack involving the theft of millions of people’s data in Israel in 2011
If the French database does get off the ground, an estimated 10,000 staff would have access to it, raising further questions about the system’s inherent security.
Is there an alternative to the French proposal?
It would cost more, but there was a plan for an electronic chip to be inserted on the ID card with details of the holder’s biometric data.
Either way, the database was set to be launched as a pilot scheme on Tuesday despite the controversy. The Socialist minister responsible for digital affairs, Axelle Lemaire, said she was appalled at the secrecy behind the government’s decree.