(Mis)Uses of Technology

 

from the downloadable-panopticon-portal dept

Facial recognition tech is considered at least mildly controversial in the United States. Certain federal agencies (like the DHS) are pushing for widespread deployment even as Congress members are raising questions about the tech's accuracy and reliability. Meanwhile, facial recognition bans are being introduced and enacted at the city and state level, showing there's no nationwide consensus that the tech is trustworthy, useful, or non-invasive.

Citizens and privacy groups have similar concerns in France, but the French government apparently doesn't care. In the name of "security," the government is adding facial recognition tech to its national ID program, as Helene Fouquet reports for Bloomberg.

France is poised to become the first European country to use facial recognition technology to give citizens a secure digital identity -- whether they want it or not.

Saying it wants to make the state more efficient, President Emmanuel Macron’s government is pushing through plans to roll out an ID program, dubbed Alicem, in November, earlier than an initial Christmas target.

This move by the Interior Ministry is already being challenged in court by privacy group La Quadrature du Net. Unfortunately, this challenge isn't preventing the rollout of the French government's Android app, which will be the only way for residents to create a digital ID that can be used to access government services.

An ID will be created through a one-time enrollment that works by comparing a user’s photo in their biometric passport to a selfie video taken on the app that will capture expressions, movements and angles. The phone and the passport will communicate through their embedded chips.

Because this digital ID is a mandatory possession, opponents have pointed out it violates consensual data collection provisions put in force by the GDPR. But that's far from the only problem. Facial recognition tech still doesn't work as well as its proponents claim, which is going to result in residents either being unable to create an ID the government will accept or possibly find themselves accused of ID fraud if the government side of the tech thinks they're someone else.

And then there's the security of the program itself. It's supposed to make French citizens more "secure," but the government hasn't impressed anyone with its claims of "highest, state level" security. Its own encrypted messaging platform was compromised in less than two hours by a security researcher, allowing the researcher to create accounts at will and harvest sensitive data from existing accounts. A bug bounty was rolled out shortly after that. There has been no offer of a bug bounty or any invitation to stress test the "state level" security of the government's latest app -- one that will be used by roughly 100% of the country's residents.

Potential damage will be mitigated by the catch-and-release nature of the data collection. Once an ID is created, the government will apparently delete the data it has collected and everything stored locally by the app on the user's device will vanish after the enrollment is complete and the app has been deleted. But some data is still being stored somewhere so citizens can use their new digital IDs to access government services, although the government insists biometric info from Alicem won't make its way to other government databases.

Even if everything the government claims is true, this rollout -- one that occurred without public comment and does not give residents any way to opt out -- will make it easier for the government to introduce more intrusive facial recognition programs. If this digital ID program runs smoothly and does what's advertised, it will lower resistance to government use of biometric scanning and tracking in the future. After all, if something worked well once during a minimal, controlled rollout, it might work again when there's more at stake and fewer controls on collection and retention of biometric info. Surveillance creep is still a thing. And it always has a starting point few people find objectionable.