>France says the ID system won’t be used to keep tabs on residents. Unlike in China and Singapore, the country won’t be integrating the facial recognition biometric into citizens’ identity databases
That's what they all say but once the systems exists the temptation is there to use it and each successive bunch of authoritarians will use it a little bit more. They don't even need to be more than a small minority of government to do it so long as they do it in small incremental steps (integrating it with more and more government functions).
> That's what they all say but once the systems exists the temptation is there to use it and each successive bunch of authoritarians will use it a little bit more.
Couldn't agree more. Just look at the Aadhaar system of India. As an Indian we are witnessing exact what you just said. It was created to stop leakage in Public Distribution System. But over the years it is made (not literally but still)mandatory for everywhere. If one google, they will find plenty of news where resident were denied access to basic services such as school/college admission, Hospital etc.
Don't see why this is getting downvoted. The list of examples is just too long. Germany recently changed their laws to allow easier access to registered information.
It went from "we'll only use it for those pedo-bio-nuclear-terrorism cases that we keep telling you about" to "well but also for organized crime" to now supposedly "well or copyright infringement or petty theft".
> Saying it wants to make the state more efficient,
That is bold. Normally when governments want to destroy your privacy they claim they want to combat terrorism or something more horrible. They are going with making their processes more efficient?
I think the goal, as explained by other comments, is to allow to do thing remotely with your smartphone, instead of having to go to the city hall/administration building.
My favorite author in that genre is Daniel Suarez, who makes some scarily accurate thrillers. It's not all 100% realistic, but as someone who is often annoyed at the deus ex machina[1] of other (science) fiction, this is really great. The author is a former software engineer, so I guess they know quite well how technology works in general.
That is one of my favourites as well, World of Warcraft meets the Real World in a way that, while not necessarily believable, did not cause retinae detachment from extreme eye-rolling.
According to the French government's page on this system [1] (in French):
The system is an app that generates login details to allow online access to (public?) services.
You install the app on your smartphone. It uses NFC (I suppose) to read your picture (also other details?) from your passport's chip, and stores it locally on the phone. It then uses this to perform facial recognition using the phone camera in order to identify the phone's user. No biometric data leave the phone according to [1].
The stated aim is to allow people to conduct administrative tasks (forms, applications) fully online where it is not currently possible because a "hard ID check" is required. It will not be compulsory.
It sounds a bit like Apple's Face ID but backed by official documents (passports) and with the government's seal of approval, some sort of passport check performed by your smartphone.
As an aside comment, in France most people have a passport, and everyone has an ID card, which requires having photo and fingerprints taken. So this does not give the government anything that they don't already have (or could have) and it seems that they took precautions to avoid unnecessary transmissions of biometric data.
In fairness most people already have pictures of themselves on their phones, and ID pictures stored in passports can be read by anyone (who is near enough).
So you’re telling me the possible ways to commit fraud in a system that uses NFC-like photo-to-face recognition, on device, for official document validation is even worse. It’s like installing a vinegar factory right next door to the baking soda stock yards.
It seems like you meant yo suggest that since “people already have this type of data on their phones” it makes it less risky? I definitely don’t understand that.
I'm french, I've heard of this biometric thing, and so far it doesn't seem people are really scared of this, so... yeah, it sounds click-baity.
French people are very sensitive to their rights and liberties, and are very quick to organize protests. Many steps were taken to monitor potential terrorists since the Paris attacks, and those were not well received, but politically it was hard to not implement those measures.
I might be a little patriot, but generally the french state does a good job, mainly because french citizens and voters are forcing the government to have pretty high standards.
Don't you think there would be more outrage if more people were aware both that it's happening and of its implications and possibilities? I think there's a large ignorance (and I can't really blame people) here. The interview subjects in the articles from across the spectrum are all concerned.
It seems there's contention inside the government as well.
What increased surveillance? Outside of increased security measures (which most which have winded down now) due to the terrorist attacks, I can't really see what you are talking about.
Anything to substantiate your claim would be useful...
1. Attacker reads the photo form the passport
2. Attacker prints out the photo, perhaps with some perspective correction
3. Attacker tricks the phone into recognizing the print as the subject
Am I wrong? My knowledge of the flow is entirely based on the comment above.
That's the problem with any biometric data being used for authentication: once an attacker gets a copy, it's game over.
Biometric passports are a means of identification, not authentication, with the biometric data being signed by a trusted third party, but not considered a secret. The only protection they include is a password printed inside the passport to thwart silent NFC data access.
> Indeed, "biometrics are usernames, not passwords".
Biometrics are neither. They are a completely separate factor in authenticating a person, and used in different scenario's.
Biometrics have advantages and disadvantages based on your threat model. For example, unlocking your laptop with a fingerprint while working on a train or plane might be preferable to a username/password because the risk of a shoulder-surfer may be higher than the risk of someone lifting your fingerprint.
It's the non-invasive nature of facial recognition that presents a problem. If you install a camera above the entrance of a community center, then record everyone coming and going, you can identify who is attending what meeting and when. Perhaps someone walks in to a far right or a far left meeting group. Maybe an environmental action group. With that, 20 years later, you can destroy their career. They didn't sign anything, they didn't do anything, they were just witnessed going in and out. That's enough.
Since the community center belongs to the government, it's just a matter of connecting things they already own, so it does not give the government anything it doesn't already have (or could have.) The problem is that people don't think that way. Nobody expects your movements to be associated with something undesirable in a decade or two, but it's happened before.
Android only? I’m sure it’ll get an iOS version too, but what about people who don’t have smartphones? In Denmark we’re seeing more and more public services move to Apps. It used to be that there was an offline version, like in the case of our “NemID”, but now we’re talking about digital only drivers licenses and social security cards.
The private sector had long embraced mobile apps, and it’s really hard to buy tickets, do banking and so on without a smartphone, but now we’re truly locking people into their mobile devices. And these devices aren’t free, I mean, it’s not just going to be “Android” only, it’s going to be “google play” or “Apple store” only. I’m not sure that’s very democratic.
Don’t get me wrong, I’ll absolutely use these things and I currently use most of the available ones with great satisfaction, but it does concern me if we’re locking public services into privately owned ecosystems.
The information at [1] (in French) clearly states that alternative methods remain available.
Here is the translation of an excerpt:
"Creating an Alicem account is not mandatory. Users remain free of using available alternatives:
- account creation on the specific service [Translator's note: this identification method is destined at the national SSO that is only one way of logging in the various public services]
- other electronic identification methods on FranceConnect [Translator's note: FranceConnect is the name of this SSO. This includes at least fiscal number + password and social security number + password and maybe other methods]
- traditional physical administrative procedures"
I am not necessarily a fan of this identification method and for myself I consider it less secure than a sufficiently strong, properly stored and regularly updates password. Still, the argument of locking the users or making the smartphone mandatory does not stand.
As for the collected biometric data, it is collected from the passport's chip, so technically the administration is already in possession of this data, there is nothing new here.
I see this as completely independent from facial recognition surveillance (hence mandatory), which in my opinion we must fight against.
Can we give french citizens the benefit of the doubt here. Living there I can tell you the resident are much quicker to point out these new systems as fascist than, say, Americans.
Even in Paris, the number of surveillance cameras was dramatically lower than London. The police would tout the crime fighting advantages of having these cameras in certain areas, someone would write an opinion on Nazi occupied Paris, the camera talk would go dormant for a few more years. New director arrives and wants to install cameras in certain areas...
Agreed. Although it may not sound politically correct to say this, actions must be interpreted in light of the quality of the humans who performed them.
First, I think the argument is not against how French citizens deal with this, but how the government is pushing this stuff to begin with.
Second, I'd like to agree with you, I really would.
BUT: After the charlie hebdo and bataclan attacks, seeing...
* completely unopposed état "d'urgence" being prolonged for TWO YEARS when the real urgency was over within a few days
* the way that it was abused [1], and largely not discussed let alone really opposed in public or by my relatively tech savvy colleagues and friends in private conversation
* how some of the most outrageous parts have been made into regular law now
* how we still have military patrolling everywhere
* bag checks at university lecture halls (seen yesterday)
* the vigipirate logo (which looks like straight out of a dystopian scifi comic [2]) plastered all over town
* the kindergarden on my way to work still being surrounded with concrete barriers blocking the parking, to ostensibly (and practically completely irrelevantly, given the geometry of the place) block a car from driving through the fence
after all of that, I have little to no confidence that France is any less prone to a slide into totalitarianism than any other country. :(
I don't know much about infosec but I know enough to see that this tool is not ready. It's really scary.
Also the fact that it's not discussed much, here in France. It's the first time I've heard of it. From a country that has had a government agency for protecting digital liberties since 1978 (which made laws about what data you can and cannot keep as a software provider) it's a big change of direction.
What is scary about it, though? It's really just adding a new way of authenticating on government websites. I like the idea of how it works, but I don't find it very secure, compared to Belgium's chip and pin system for example (this application is the equivalent to Belgium's itsme, which I use often enough).
However it's probably the best we can do in France since we don't want to have a centralised citizens database.
itsme has me really scared about it's security, especially since they are so handwavy about it. I browsed their site for a long time before enrolling, but didn't find anything useful.
These things always start with an innocuous purpose.
The French national DNA database initially was a sexual assault database, to be able to identify rapists. Now your DNA is collected even if you are arrested in a demonstration and never charged.
It is like laws. When a new law is on the table, the question is never about the reasonable use of that law, it is all about how it can be abused in the worst possible case, because that always ends up happening sooner or later.
This system reads the data from your passport (which the government collected when you applied for one and stored there) and store them on your phone. Software then uses facial recognition to check that the person holding the phone matches the picture from your passport.
If you build a system you can query for any face and get the identity, it will not take very long for someone asking for it to be used to identify violent criminals. Then terrorists at airport gates. Then demonstrators. etc.
The "system" (an NFC passport) is already used at airport gates, though.
Violent criminals and demonstrators are rarely identified through their passports because these events don't make it easy to check people's passports, but ID documents are sometimes used, the photo is just checked by policemen rather than an app on the user's phone.
This app doesn't provide the government any new information (it uses ID the government already issue) nor invent any new technology (face recognition already exists). If French government - or any government for that matter - wished to do what you described then this app wouldn't be the proverbial gateway drug to that point. In fact, the entire point of passports is to identify people at airport gates and other national borders.
> This app doesn't provide the government any new information
> wished to do what you described then this app wouldn't be the proverbial gateway drug to that point.
It's not about "gateway drug" - it's about taking small, incremental steps to get from point A to point B such that you don't realize it, and each action is a small change from the previous. This is widely known as Salami Slicing[0], though I like to call it "slow boiling a frog."
This is the same tactic I use to slowly bring errant teams and projects up-to-code at work, start off slow with a build server, add in pass-fail rules, add in style rules, add in test requirements, add in code review to ensure these things are up to snuff and before you know it we have a nice compliant project, whereas if I walked in on Day 0 and laid down the law there is guaranteed revolt.
Anything can change later, even removing a procedure could be a prelude to adding a new, more invasive one.
An incremental step requires an increment. Nothing gets incremented here. The French government already had this data, and already used it to biometrically identify people. The only thing this inches toward is to a reduction in the number of public functionaries. This is the automated checkout system for State services, nothing more.
> Anyone can shoot any idea down by reducing it to a simple, innocuous sounding concept to make the other look ridiculous.
Just as anyone can argue that any change to process is salami slicing even when nothing of any real value is being incremented.
I do understand your concern and I think healthy skepticism is a good thing. I’m just not convinced your so arguments are consistent with the facts being presented.
> If you build a system you can query for any face and get the identity
True, but you can't. Facebook can't. That's (one of the reasons) they suggest tagging amongst your friends, not amongst all of FB people.
You can identify one person (with a certain degree of certainty) against a certain range of candidates.
Or you can search for one person on a small sample of images (100s or 1000s of images).
So yes you can have a db of "persons of interest" and that will be searchable when someone appears at an airport. But if the number of people in that DB increases you're going to have more false positives and lower confidence.
Yes, the analogy is valid. Hence why fingerprints are "good"/"very good" at making sure the person presenting the fingerprint is who they claim they are, but for other purposes, not so much.
But they be better than face recognition at "search at a DB" tasks (especially if you have multiple fingers)
The current system is that a human being looks at you then at your passport/ID card, and then concludes that the document is genuine and that you are the same person as in the picture.
So the question is: how good at this is a facial recognition system compared to a human being?
you can always be the target to border or airport controls regardless of how much technology is involved, and policing was no less crude before we introduced facial recognition checks.
I've been checked at airports before and I have no problem with airport security either. Terrorism or crime are real threats and police without technology is just as biased if not more so then machine aided ones.
The minority report fears every time technology is introduced to policing is an abstract and slightly silly complaint given that most police brutality and abuse of power occurs in impoverished, low tech areas, where if anything police has fewer tools and force available than in public airports and surveilled neighbourhoods.
The problem is that these kind of automated system give governments more leverage than policing using people, and it enables them to do systemic oppression. Also, people have a moral compass that can prevent them from doing bad things, while machines don't. But everything is fine as long as the government is ok. I come from one of the eastern EU states which were under communist rule, and I am naturally more skeptical towards these systems.
edit: I understand that in this particular example the data is stored only on the phones, so your face is used only used to generate a unique signature, which I don't find that bad. But it's important that this is kept in check and that the system is not extended later to centralise all this data.
> that this is kept in check and that the system is not extended later to centralise all this data.
As already explained the data come from passports. All of the data in passports (and ID cards since this is in France), including pictures, is already centralised in a government database. After all you gave the picture to the government when you applied for a passport...
This is also why this new system is completely neutral.
Yes, but this data isn't available to (most) administrations. I guess that the risk is that the access might slowly be granted to more and more of them ?
>The problem is that these kind of automated system give governments more leverage than policing using people,
they also take power away from arbitrary police action because cameras work both ways. Surveillance doesn't just discipline citizens, it also disciplines authorities. If you're in a room alone with a police officer, do you prefer the cameras to be on or off?
Automated systems can have bias just like people, but at least with a digital system the data is catalogued, we can reason about why they make the decisions they make and document abuse and fix them accordingly. Try fixing corrupt police in a small town without papertrails.
That the Soviet Union was so good at oppressing people without any automated surveillance actually proves the point. Oppressive systems function just fine with people all the way down.
The narrative of surveillance as just a tool for oppression is one-sided. Citizens would be wise to use this point in time when the laws are still being drawn to use it as a tool to hold authority accountable.
That’s only a problem if you are a terrorist. Or have been classed by the government as someone to catch, in which case that is the step you want to avoid. Trying to throw away every chair or step a child drags towards the countertop is silly when all you need to do is keep the knife off the surface and safely hidden away.
>Or have been classed by the government as someone to catch, in which case that is the step you want to avoid.
This chilling effect is the exact purpose, the true goal. When every terrorist and criminal can be instantly, systematically caught in the all-encompassing web of a total police state, then so can anybody else. And that means you always have to watch what you say, weigh the consequences of protest, think twice about associating with fringe ideas or people.
Terrorists are a conveniently indefensible target, but the measures against them are nonetheless a threat toward everybody else. This Can Happen To You Too. But it's okay, you have nothing to fear, just avoid being classed as a dissident. Shut up, keep your head down, and toe the line.
>Or have been classed by the government as someone to catch, in which case that is the step you want to avoid.
This is more difficult than it may sound. Guilt by association is alive and well in most governments, and you don't always get to choose who you are associated with.
Imagine the mucky world of politics; somebody is advocating or willing to consider almost any crazy idea. So any state of law is usually a balance between forces that want to move regulation in some new direction.
If the pro-liberty forces don't have the numbers to quell that sort of law when it is proposed; the question becomes where is the line that it starts to become an issue? Because the pro-safety, pro-conformance factions will keep pushing as far as they can. If they've got the power to start reducing liberty then they are going to keep at it until there is a well supported line that has been crossed. Not a line that an unusually intelligent, educated and thoughtful person would identify a concern but a line where ordinary people start to vote differently.
It is very hard to justify liberty to a disinterested observer until the authoritarians actually start taking power; and by then it doesn't really help. It becomes too hard to organise.
Le fichier Fnaeg, créé en 1998, conserve les empreintes génétiques des personnes condamnées ou « mises en cause » dans la plupart des crimes et délits relatifs aux atteintes aux biens et aux personnes, du crime contre l’humanité aux simples violences, en passant par le trafic de drogue et le proxénétisme.
Translation: The Fnaeg database, created in 1998, stores DNA profiles of people sentenced or questioned, in most of the crimes and offenses related to goods or people, from crime against humanity to a simple violence, including drug trafficking or procuring.
Neither that article nor the actual law put the threshold as low as 'questioned' for DNA to be stored in that database though DNA may indeed be collected to be matched against it.
Giorgos, militant anarchiste, avait été placé en garde à vue lors d’une manifestation à Montpellier en octobre 2010. Il avait été accusé par les policiers d'avoir, avec d'autres manifestants, renversé des poubelles. Une poursuite classée sans suite pour cause d’« infraction insuffisamment caractérisée ». Mais il avait eu le tort de refuser qu’on lui prélève ses empreintes génétiques et a été condamné en première instance à un mois de prison avec sursis par le tribunal correctionnel de Montpellier.
Translation: Giorgos, an anarchist militant, was arrested during a demonstration in Montpellier in Oct 2010. He was accused by the police, along with other demonstrators, to have knocked over bins. The case was dismissed because the offense "was insufficiently characterized". But his fault was to refuse to have his DNA taken and was sentenced for that to a month of suspended jail term by the Montpellier court.
Well it was initially but its scope was progressively extended to include pretty much all offenses now. And is used to also solve any offense, like a robbery.
We have this in Poland and it works great - as a contractor I have to send certain tax documents every month and I only ever authenticate via my bank and associated 2FA.
The other method stopped working after I lost the password and discovered that reset didn't actually send an email like it should have.
Turns out there's no guarantee that any particular private bank has to offer you their service, so there are some people who simply don't have a bank account.
If you're gonna do anything to do with official papers, you have to be at 100% (not 99.999...%) coverage. Which IMHO is just one more reason why this kind of thing is dead on arrival, given that it requires a smartphone.
It's not stated clearly in the official publication but it seems that their medium term goal, beyond using this on government websites, is to also allow private companies access to the tool.
It'd be pretty useful as a way to standardize the way various companies do identity verification online.
I'm honestly pleasantly surprised to see such a thing coming directly from our government, as it can be sometimes quite outdated.
No, the app just compare the face in front of the camera with the photo saved in the NFC chip in your passport. So that the government agrees that the user of the phone and the passport are the same person. Once this is done, the photo is destroyed as well as the comparaison. It's an app that does what every custom officer do when you cross a border.
> "It took a hacker just over an hour to break into a “secure” government messaging app this year, raising concerns about the state’s security standards."
Can stop reading right there, considering that the messaging app was in beta, and the fix was quickly rolled out - so everything worked as designed, for once - this is the equivalent of
> "It took a hacker just over an hour to break into a computer, raising concerns about the security standards of people that use computers."
96 comments
[ 4.4 ms ] story [ 133 ms ] threadThat's what they all say but once the systems exists the temptation is there to use it and each successive bunch of authoritarians will use it a little bit more. They don't even need to be more than a small minority of government to do it so long as they do it in small incremental steps (integrating it with more and more government functions).
Couldn't agree more. Just look at the Aadhaar system of India. As an Indian we are witnessing exact what you just said. It was created to stop leakage in Public Distribution System. But over the years it is made (not literally but still)mandatory for everywhere. If one google, they will find plenty of news where resident were denied access to basic services such as school/college admission, Hospital etc.
That is bold. Normally when governments want to destroy your privacy they claim they want to combat terrorism or something more horrible. They are going with making their processes more efficient?
[1] https://en.wikipedia.org/wiki/Deus_ex_machina
"The god of machine-logic was overthrown by the masses and a new concept was raised..."
According to the French government's page on this system [1] (in French):
The system is an app that generates login details to allow online access to (public?) services.
You install the app on your smartphone. It uses NFC (I suppose) to read your picture (also other details?) from your passport's chip, and stores it locally on the phone. It then uses this to perform facial recognition using the phone camera in order to identify the phone's user. No biometric data leave the phone according to [1].
The stated aim is to allow people to conduct administrative tasks (forms, applications) fully online where it is not currently possible because a "hard ID check" is required. It will not be compulsory.
It sounds a bit like Apple's Face ID but backed by official documents (passports) and with the government's seal of approval, some sort of passport check performed by your smartphone.
[1] https://www.interieur.gouv.fr/Actualites/L-actu-du-Ministere...
As an aside comment, in France most people have a passport, and everyone has an ID card, which requires having photo and fingerprints taken. So this does not give the government anything that they don't already have (or could have) and it seems that they took precautions to avoid unnecessary transmissions of biometric data.
It seems like you meant yo suggest that since “people already have this type of data on their phones” it makes it less risky? I definitely don’t understand that.
French people are very sensitive to their rights and liberties, and are very quick to organize protests. Many steps were taken to monitor potential terrorists since the Paris attacks, and those were not well received, but politically it was hard to not implement those measures.
I might be a little patriot, but generally the french state does a good job, mainly because french citizens and voters are forcing the government to have pretty high standards.
It seems there's contention inside the government as well.
How many protests over the several laws that have continually reduced those rights since for at least the last ten years ?
Oh really, like the non-existing demonstrations against the increase of surveillance in the past 10 years?
Anything to substantiate your claim would be useful...
Biometric passports are a means of identification, not authentication, with the biometric data being signed by a trusted third party, but not considered a secret. The only protection they include is a password printed inside the passport to thwart silent NFC data access.
It reminds me of an old thread :
http://blog.dustinkirkland.com/2013/10/fingerprints-are-user...
HN discussion : https://news.ycombinator.com/item?id=11549536
Biometrics are neither. They are a completely separate factor in authenticating a person, and used in different scenario's.
Biometrics have advantages and disadvantages based on your threat model. For example, unlocking your laptop with a fingerprint while working on a train or plane might be preferable to a username/password because the risk of a shoulder-surfer may be higher than the risk of someone lifting your fingerprint.
It's Bloomberg. They get almost everything tech related wrong.
Since the community center belongs to the government, it's just a matter of connecting things they already own, so it does not give the government anything it doesn't already have (or could have.) The problem is that people don't think that way. Nobody expects your movements to be associated with something undesirable in a decade or two, but it's happened before.
The private sector had long embraced mobile apps, and it’s really hard to buy tickets, do banking and so on without a smartphone, but now we’re truly locking people into their mobile devices. And these devices aren’t free, I mean, it’s not just going to be “Android” only, it’s going to be “google play” or “Apple store” only. I’m not sure that’s very democratic.
Don’t get me wrong, I’ll absolutely use these things and I currently use most of the available ones with great satisfaction, but it does concern me if we’re locking public services into privately owned ecosystems.
[1] https://gototags.com/blog/apple-expands-nfc-on-iphone-in-ios...
"Creating an Alicem account is not mandatory. Users remain free of using available alternatives: - account creation on the specific service [Translator's note: this identification method is destined at the national SSO that is only one way of logging in the various public services] - other electronic identification methods on FranceConnect [Translator's note: FranceConnect is the name of this SSO. This includes at least fiscal number + password and social security number + password and maybe other methods] - traditional physical administrative procedures"
I am not necessarily a fan of this identification method and for myself I consider it less secure than a sufficiently strong, properly stored and regularly updates password. Still, the argument of locking the users or making the smartphone mandatory does not stand.
As for the collected biometric data, it is collected from the passport's chip, so technically the administration is already in possession of this data, there is nothing new here.
I see this as completely independent from facial recognition surveillance (hence mandatory), which in my opinion we must fight against.
[1] https://www.interieur.gouv.fr/Actualites/L-actu-du-Ministere...
Even in Paris, the number of surveillance cameras was dramatically lower than London. The police would tout the crime fighting advantages of having these cameras in certain areas, someone would write an opinion on Nazi occupied Paris, the camera talk would go dormant for a few more years. New director arrives and wants to install cameras in certain areas...
Second, I'd like to agree with you, I really would. BUT: After the charlie hebdo and bataclan attacks, seeing...
* completely unopposed état "d'urgence" being prolonged for TWO YEARS when the real urgency was over within a few days * the way that it was abused [1], and largely not discussed let alone really opposed in public or by my relatively tech savvy colleagues and friends in private conversation * how some of the most outrageous parts have been made into regular law now * how we still have military patrolling everywhere * bag checks at university lecture halls (seen yesterday) * the vigipirate logo (which looks like straight out of a dystopian scifi comic [2]) plastered all over town * the kindergarden on my way to work still being surrounded with concrete barriers blocking the parking, to ostensibly (and practically completely irrelevantly, given the geometry of the place) block a car from driving through the fence
after all of that, I have little to no confidence that France is any less prone to a slide into totalitarianism than any other country. :(
[1]: https://wiki.laquadrature.net/%C3%89tat_urgence/Recensement [2]: https://en.wikipedia.org/wiki/Vigipirate#/media/File:Vigipir...
However it's probably the best we can do in France since we don't want to have a centralised citizens database.
The French national DNA database initially was a sexual assault database, to be able to identify rapists. Now your DNA is collected even if you are arrested in a demonstration and never charged.
It is like laws. When a new law is on the table, the question is never about the reasonable use of that law, it is all about how it can be abused in the worst possible case, because that always ends up happening sooner or later.
Hardly 1984...
Violent criminals and demonstrators are rarely identified through their passports because these events don't make it easy to check people's passports, but ID documents are sometimes used, the photo is just checked by policemen rather than an app on the user's phone.
> wished to do what you described then this app wouldn't be the proverbial gateway drug to that point.
It's not about "gateway drug" - it's about taking small, incremental steps to get from point A to point B such that you don't realize it, and each action is a small change from the previous. This is widely known as Salami Slicing[0], though I like to call it "slow boiling a frog."
This is the same tactic I use to slowly bring errant teams and projects up-to-code at work, start off slow with a build server, add in pass-fail rules, add in style rules, add in test requirements, add in code review to ensure these things are up to snuff and before you know it we have a nice compliant project, whereas if I walked in on Day 0 and laid down the law there is guaranteed revolt.
[0] - https://en.wikipedia.org/wiki/Salami_slicing
Yes, it is a new, small, incremental step!
This is introducing a new procedure, a procedure they can change later to move the needle forward.
This is the whole point, doing small incremental steps. Each of which appears rather banal and unobjectionable.
That you don't care is proof it works!
An incremental step requires an increment. Nothing gets incremented here. The French government already had this data, and already used it to biometrically identify people. The only thing this inches toward is to a reduction in the number of public functionaries. This is the automated checkout system for State services, nothing more.
People's expectations and willingnesses are moved forward. Overton Window.
> This is the automated checkout system for State services, nothing more.
Look beyond the superficial, at larger issues.
Anyone can shoot any idea down by reducing it to a simple, innocuous sounding concept to make the other look ridiculous.
Claiming "there's nothing here" is wrong, saying "I recognize the potential for bad, but choose to accept that risk" is a different story.
No, they aren't.
> Look beyond the superficial, at larger issues.
I'm looking at the larger issues. I just disagree with you. I don't think you have made your case.
Just as anyone can argue that any change to process is salami slicing even when nothing of any real value is being incremented.
I do understand your concern and I think healthy skepticism is a good thing. I’m just not convinced your so arguments are consistent with the facts being presented.
True, but you can't. Facebook can't. That's (one of the reasons) they suggest tagging amongst your friends, not amongst all of FB people.
You can identify one person (with a certain degree of certainty) against a certain range of candidates.
Or you can search for one person on a small sample of images (100s or 1000s of images).
So yes you can have a db of "persons of interest" and that will be searchable when someone appears at an airport. But if the number of people in that DB increases you're going to have more false positives and lower confidence.
But they be better than face recognition at "search at a DB" tasks (especially if you have multiple fingers)
So the question is: how good at this is a facial recognition system compared to a human being?
I've been checked at airports before and I have no problem with airport security either. Terrorism or crime are real threats and police without technology is just as biased if not more so then machine aided ones.
The minority report fears every time technology is introduced to policing is an abstract and slightly silly complaint given that most police brutality and abuse of power occurs in impoverished, low tech areas, where if anything police has fewer tools and force available than in public airports and surveilled neighbourhoods.
edit: I understand that in this particular example the data is stored only on the phones, so your face is used only used to generate a unique signature, which I don't find that bad. But it's important that this is kept in check and that the system is not extended later to centralise all this data.
As already explained the data come from passports. All of the data in passports (and ID cards since this is in France), including pictures, is already centralised in a government database. After all you gave the picture to the government when you applied for a passport...
This is also why this new system is completely neutral.
That it is neutral today does not mean it will remain so.
they also take power away from arbitrary police action because cameras work both ways. Surveillance doesn't just discipline citizens, it also disciplines authorities. If you're in a room alone with a police officer, do you prefer the cameras to be on or off?
Automated systems can have bias just like people, but at least with a digital system the data is catalogued, we can reason about why they make the decisions they make and document abuse and fix them accordingly. Try fixing corrupt police in a small town without papertrails.
That the Soviet Union was so good at oppressing people without any automated surveillance actually proves the point. Oppressive systems function just fine with people all the way down.
The narrative of surveillance as just a tool for oppression is one-sided. Citizens would be wise to use this point in time when the laws are still being drawn to use it as a tool to hold authority accountable.
This chilling effect is the exact purpose, the true goal. When every terrorist and criminal can be instantly, systematically caught in the all-encompassing web of a total police state, then so can anybody else. And that means you always have to watch what you say, weigh the consequences of protest, think twice about associating with fringe ideas or people.
Terrorists are a conveniently indefensible target, but the measures against them are nonetheless a threat toward everybody else. This Can Happen To You Too. But it's okay, you have nothing to fear, just avoid being classed as a dissident. Shut up, keep your head down, and toe the line.
And I did not speak out
Because I was not a Communist
Then they came for the Socialists
And I did not speak out
Because I was not a Socialist
Then they came for the trade unionists
And I did not speak out
Because I was not a trade unionist
Then they came for the Jews
And I did not speak out
Because I was not a Jew
Then they came for me
And there was no one left
To speak out for me
Martin Niemoller (https://en.wikipedia.org/wiki/First_they_came_...)
This is more difficult than it may sound. Guilt by association is alive and well in most governments, and you don't always get to choose who you are associated with.
If the pro-liberty forces don't have the numbers to quell that sort of law when it is proposed; the question becomes where is the line that it starts to become an issue? Because the pro-safety, pro-conformance factions will keep pushing as far as they can. If they've got the power to start reducing liberty then they are going to keep at it until there is a well supported line that has been crossed. Not a line that an unusually intelligent, educated and thoughtful person would identify a concern but a line where ordinary people start to vote differently.
It is very hard to justify liberty to a disinterested observer until the authoritarians actually start taking power; and by then it doesn't really help. It becomes too hard to organise.
Do you have any (reliable) source confirming that ?
Le fichier Fnaeg, créé en 1998, conserve les empreintes génétiques des personnes condamnées ou « mises en cause » dans la plupart des crimes et délits relatifs aux atteintes aux biens et aux personnes, du crime contre l’humanité aux simples violences, en passant par le trafic de drogue et le proxénétisme.
Translation: The Fnaeg database, created in 1998, stores DNA profiles of people sentenced or questioned, in most of the crimes and offenses related to goods or people, from crime against humanity to a simple violence, including drug trafficking or procuring.
https://crabgrass.riseup.net/assets/138965/120313+manifestan...
Giorgos, militant anarchiste, avait été placé en garde à vue lors d’une manifestation à Montpellier en octobre 2010. Il avait été accusé par les policiers d'avoir, avec d'autres manifestants, renversé des poubelles. Une poursuite classée sans suite pour cause d’« infraction insuffisamment caractérisée ». Mais il avait eu le tort de refuser qu’on lui prélève ses empreintes génétiques et a été condamné en première instance à un mois de prison avec sursis par le tribunal correctionnel de Montpellier.
Translation: Giorgos, an anarchist militant, was arrested during a demonstration in Montpellier in Oct 2010. He was accused by the police, along with other demonstrators, to have knocked over bins. The case was dismissed because the offense "was insufficiently characterized". But his fault was to refuse to have his DNA taken and was sentenced for that to a month of suspended jail term by the Montpellier court.
I read similar stories in other demonstrations.
This story is about someone refusing collection, which is an offence.
He was not entitled to refuse DNA collection but his DNA could not have been stored in the database unless the case met the legal threshold.
/s (but no so sarcastic either)
But maybe we could suggest them to pick, say... Steria? Louvois was such a success[^1]
Reminds me of https://projectfailures.wordpress.com/2008/06/24/project-fro...
[1]: http://en.rfi.fr/africa/20140404-faulty-software-robs-french...
We have this in Poland and it works great - as a contractor I have to send certain tax documents every month and I only ever authenticate via my bank and associated 2FA.
The other method stopped working after I lost the password and discovered that reset didn't actually send an email like it should have.
It'd be pretty useful as a way to standardize the way various companies do identity verification online.
I'm honestly pleasantly surprised to see such a thing coming directly from our government, as it can be sometimes quite outdated.
https://www.gov.uk/government/publications/introducing-govuk...
Can stop reading right there, considering that the messaging app was in beta, and the fix was quickly rolled out - so everything worked as designed, for once - this is the equivalent of
> "It took a hacker just over an hour to break into a computer, raising concerns about the security standards of people that use computers."