Overview of the French project and the debate in France

lundi 27 juin 2005, par Source externe
An excerpt from LSE Report ("The Identity Project") - Chapter 7, France section, pp.66-70.

France

The French have a long history of identity documents, numbers, and markings. In 1832,
the French stopped branding criminals, but the following year they implemented a
central store of information on repeat offenders. In the 1800s all movement within the
country was monitored through the use of internal passports, permitting police to follow
the travels of migrants. Eventually this was abandoned on grounds of civil liberties in
the 3rd Republic. But at the same time, the new Government invented a new identity
card with a fingerprint and central records storage, implemented in the 1920s, though
only in one French Department (Seine). This system was not implemented across the
entire country due to strong resistance, mainly from the French Human Rights League,
the CGT Union. [1] This changed under the Vichy regime. The system was then
generalized and complemented by an identification number, together with the
mandatory declaration of any change of residence address. [2]

In response to the fall of the Vichy regime, the card was changed in 1955 to remove
reference to religious belief (particularly the tag ‘Juif’). The central records-file was
also abolished. In 1974 the Government decided to phase out the collection of the
fingerprint, and began moving towards an optional card, where the holder’s address had only an indicative value. This gradual reduction in the regime represents a stronger
regard for civil liberties in the face of identity cards.

A first attempt to introduce a digitized ID card (originally promised to combat illegal
immigration, terrorism, and identity theft) was halted in 1981 after a change of
Government, but 1987 saw the introduction of a new identity card, made of plastic and
designated as ‘secure’. [3] This is the form of the current national ID card. It is not
mandatory and, while a fingerprint is taken, it is not digitized and does not appear on the card. It is stored securely, and only on paper. While it can be accessed by a judge, in a specific case where the police already have a suspect, conditions for access are tightly
regulated. [4]

A central database has been introduced, but it is limited only to the delivery of the card
system. The information on the database is kept to a minimum, and apart from the
information on the card, it includes information on the history of the card, though no
audit trail of its use is generated. This information may only be accessed by those
responsible for the management of the card system. Although the police may access
information in the database, they are limited to accessing the name, sex, birth date, and
card number, only in circumstances involving an offence. [5] The linking of one file with any other is disallowed. There are also strict rules regarding the reading of the cards : when read electronically, the card information cannot be stored unless it is for card management purposes. Contact with the central register is only permitted to verify
whether the card has been stolen. [6] To this day, in France there are continued negative responses to the centralisation of personal information. [7]

Currently, there are two separate innovations planned for the French card. One is
emerging from the Ministry of State Reform, the other from the Interior Ministry.

France I : E-Government Strategic Plan

The French Minister for State Reform is overseeing the implementation of a strategic
plan to provide services to citizens, the private sector, and the public sector supported
by e-government initiatives. [8] The plans emphasises the need for user-friendly and
accessible solutions that create a climate of trust.

In its plan to enhance e-government, the French Ministry of State Reform aims for a
user-oriented system, allowing for multiple forms of identification. The emphasis is on
simplicity and proportionality, and the amount of information collected will be
minimised to increase the confidence of users. The French Ministry of State Reform
acknowledges that e-government gives rise to two contradictory requirements :

 simplifying registration and personal data management for the users would entail
breaking down the barriers between government departments, making exchanges
flow more smoothly without the user being systematically asked repeatedly for
documents, for example, which he has already supplied ;
 upholding the protection of personal data, which may in fact restrict the
interconnections between government departments.

The French Ministry of State Reform is clear on how to resolve this conflict :

“Government guidelines are clear : do not authorise uncontrolled
generalised exchanges between departments. However, the development of e-government must grant citizens more transparency
in the monitoring of their administrative papers and better control of
their personal details (confidentiality, right to access and correct data
regarding them).” [9]

To enable this, the Government intends to provide tools and services “which will enable
[citizens and professionals] to exercise their rights more simply and completely.” These
tools and services include :

Decentralised Storage of Data

The French Ministry of State Reform is aware that there are several options available,
including centralising all the data of every user, but notes that, “This solution is not
implemented in any country, for obvious reasons of individual freedoms and near
technical impossibility.” The French Government proposes instead that all data will
remain decentralised within each department.

Distributed Identifiers
The French strategy acknowledges that the easiest solution would be to call for a unique universal identifier for all citizens, but the French designers have foremost in mind that privacy law was created to prevent a situation such as this. They further note that the Germans consider such an approach to be an unconstitutional practice. The French Government position states :

“It should be remembered that, with regard to e-government, the State
must take a stance as guarantor (of individual freedoms, the
authenticity and enforceability of dematerialised procedures and
actions, the security of actions carried out by public servants, etc.) and
the Government wishes to confirm this position clearly both in the
formulation of the decisions taken and in their methods of
application.”

As a result, French authorities do not see the need for anything more than sectoral
identifiers to preserve rights. They also admit that a solution such as the national
registry in the UK, that would include a listing of all relevant identifiers, “would
probably not go down too well in our country” [10]. Instead the French Ministry of State Reform calls for the creation of an ‘identity federator’ :

“the most successful solution consists of creating an identity federator,
enabling the user to use the single identifier to access each of the
services of his or her choice without either the government databases
or the identity federator itself being able to make the link between the
different identifiers.”

Further proposals include an on-line environment where the user can verify all the usage of her personal information, and give consent if information needs to be shared between departments. At the same time, the French Ministry of State Reform wishes to preserve the ability of users to not identify themselves to government departments.

The French Ministry of State Reform has chosen to follow a proportionate path to
identification and data management. Their systems will, at a technological level, be less
complicated, and will be more resilient to attack and failures. The Government sees the
benefits of e-government, but understands and resists the temptation to coalesce or link all personal information held by government departments. In order to ensure user trust and adaptability of current and future systems there will therefore be no central registry, no single identifier, nor a centralised list of identifiers.

France II : The Ministry of Interior Proposal

The interior ministry is at the same time proposing a completely different card. The
project is entitled ‘Identité national électronique sécurisée’, or ‘INES’ project. It was
officially announced in February 2005.

This system in many ways mirrors the UK’s Identity Card Bill. The card will contain
facial and fingerprint biometrics (2 fingerprints, among the 6 taken). These biometrics
will be stored in a central database. As in the UK, the French Government asserts that
this is inevitable because of international requirements from the ICAO to adopt a
biometric passport, and adds that it should comply with the EU Council decision of
December 13, 2004, which applies to countries party to the Schengen agreement.

There will also be a few variations on the UK proposal. The chip on the card is
predicted to be a contact-less card, allowing card-readers to ascertain the information at a distance. The card will also be programmable, as the Government wishes it to become an electronic wallet. The Government is clear that it wishes this card to be made mandatory. [11]

Civil liberties groups have voiced numerous concerns regarding the proposal, [12] asking for clarification of the nature of the ‘international requirements’, and recalling imagery from the Vichy regime. [13]

Identity theft and fraud, particularly by terrorists, is given as one of the principal reasons for the new card system ; however, a coalition of civil liberties groups, among them unions of attorneys and of magistrates, has pointed out that the French Ministry of Interior itself recognizes that France has no statistics to evaluate the scope and the
nature of the identity theft phenomenon. The French Government relies only upon the
statistics from the US and the UK.

The coalition also considers the argument that the cards would aid in combating
terrorism to be merely ‘an alibi’, and points out that, in almost all of the most violent attacks in France, the terrorists used their own identities. A similar conclusion was
reached by the President of the French National Observatory of Delinquency, who
considers that identity fraud : “remains quantitatively marginal in criminal matters, while
it is increasing in the commercial sector”. [14]

The proposal is likely to face significant scrutiny. When the Government first
introduced this project, it opened up a consultation session. However, during this
consultation process, it was announced that the policy had already been decided. A draft law was released and is under review by the CNIL, the equivalent to the UK
Information Commissioner (although with far greater powers).

In June 2005 a consultative report was released by the Forum for Civil Liberties on the
Internet (“Le Forum des droits sur l’internet”). [15] This NGO was asked by then-Minister of the Interior Dominique de Villepin to conduct a consultation on the proposed scheme.

The report found that the plans were overly vague, and therefore called for :
 better studies on identity fraud
 the decoupling of the project from the passport system
 studies on the risks of using a single identifier
 the responsibility for the project be shifted to the privacy commission
 the creation of a new social contract between the citizen and the state
 studies on the contact-less nature of the chip
 a clear statement from the Government on whether the card will be required for
commercial transaction
 assurances that the card would be free at enrolment (though individuals could be
charged for renewal or loss)
 a clear Parliamentary debate on the obligatory nature of the card.

A law implementing the system is likely to be introduced into the French Parliament in
September 2005.

The full report is available on the LSE ID card project webpage