"A Time Bomb For Civil Liberties": France Adopts a New Biometric ID Card
This post has been authored by Angela Daly, EFF international legal fellow
On Tuesday March 6, the French National Assembly (Assemblée Nationale) passed a law proposing the creation of a new biometric ID card for French citizens with the justification of combating “identity fraud”. More than 45 million individuals in France will have their fingerprints and digitized faces stored in what would be the largest biometric database in the country. The bill was immediately met with negative reactions. Yesterday more than 200 members of the French Parliament referred it to the Conseil constitutional, challenging its compatibility with Europeans' fundamental rights framework, including the right to privacy and the presumption of innocence. The Conseil will consider whether the law is contrary to the French Constitution.1
The new law compels the creation of a biometric ID card that includes a compulsory chip containing various pieces of personal information, including fingerprints, a photograph, home address, height, and eye color. Newly issued passports will also contain the biometric chip. The information on the biometric chip will be stored in a central database. A second, optional chip will be implemented for online authentication and electronic signatures, which will be used for e-government services and e-commerce.
François Pillet, a French senator, called the initiative a time bomb for civil liberties, warning that those interested in protecting civil liberties must stop the creation of a database that could be transformed into a dangerous, draconian tool.2 EFF couldn’t agree more. Last year, Privacy International, EFF, and 80 other civil liberties organizations asked the Council of Europe to study whether biometrics policies respect the fundamental rights of every European. Governments are increasingly demanding storage of their citizens’ biometric dataon chips embedded into identity cards or passports, and centrally kept on government databases, all with little regard to citizens’ civil liberties.3 France’s National Commission on IT and Freedoms (CNIL) also published a report criticizing the creation of the centralized biometric database.
France does not have a good track record of initiatives involving biometric identification. In 2009, it introduced biometric passports—which proved to be a disaster. Last year, the French Minister of the Interior admitted that 10 percent of biometric passports in circulation were fraudulently obtained. It is therefore ironic that the justification for the biometrics bill was that it is needed to combat identity fraud.
Biometric databases posed a mission-creep threat since the data can be used for reasons beyond identity fraud. The French legislation lists certain crimes in which authorities could use the biometric databases to identify suspects. History has shown that databases in France created for one purpose have been used for others: In 1998 for example, France created a national DNA database of sex offenders, but its scope was expanded to include data from those convicted of other serious violent criminal offences and terrorism. 4 The database was later expanded to include the data of those who committed a wide range of offenses. 5 Anyone suspected of any crime is now compelled to submit a DNA sample as well.
Moreover, the measure is non-proportionate, given that there are less than 10,000 annual instances of fraudulent identity documents reported in France. It is difficult to argue that this justifies fingerprinting and face digitization of an estimated 45 million individuals and storing this information in a central biometric database.
Disturbingly, it seems that there may be other motives behind this bill, besides the prevention of identity fraud. Several documents suggest that French smart cards and biometrics companies, such as Morpho, Oberthur, Thalès, and Gemalto, have been lobbying heavily for the creation of a national biometric identity card as a means of creating domestic market opportunities for French smart card and biometrics companies. Senator Jean-René Lecerf, who introduced the bill, bluntly noted that while French companies are leaders in biometrics technologies, they do not sell anything domestically. He claims that this creates an export disadvantage compared to competitors based in the United States.
EFF urges the Conseil constitutionnel to consider the negative implications of the new law on the rights and freedoms of French citizens, and especially noting the vast disproportionality to its aims. Furthermore, France’s poor track record on biometric passports and databases expanded far beyond their original purpose does not bode well for the success of this new law. This invasive law brings undue interference into citizens’ private lives. The Conseil constitutionnel should reject it as unconstitutional.
Some notable tweets about the bill:
(In German) https://twitter.com/#!/unwatched/statuses/177773053789470720
(In French) https://twitter.com/#!/Skhaen/statuses/177843296327045120
- 1. The Conseil is the main authority to rule on whether or not laws that are challenged are in fact unconstitutional.
- 2. Direct quote (in French): "Monsieur le ministre, nous ne pouvons pas, élus et Gouvernement, en démocrates soucieux des droits protégeant les libertés publiques, laisser derrière nous – bien sûr, en cet instant, je n’ai aucune crainte, en particulier parce que c’est vous qui êtes en fonction – un fichier que d’autres, dans l’avenir, au fil d’une histoire dont nous ne serons plus les écrivains, pourraient transformer en un outil dangereux, liberticide."
- 3. Other countries with compulsory biometric ID cards or cards that contain a chip with identifying information about the holder in Europe include Albania, Portugal and Spain, with various other countries considering their implementation.
- 4. As a result of the enactment of Article 56 of the LOI no 2001-1062 du 15 novembre 2001 relative à la sécurité quotidienne.
- 5. As a result of the enactment of Article 29 of the Loi n° 2003-239 du 18 mars 2003 pour la sécurité intérieure.
Recent DeepLinks Posts
Aug 28, 2015
Aug 28, 2015
Aug 28, 2015
Aug 28, 2015
Aug 28, 2015
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Defending Digital Voices
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2015 Copyright Review Process
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games