Digital identity is a tool used to codify the unique attributes of an individual, while digital technology enables a person to prove his identity. There are 3 different categories of digital identity: declarative, calculated, and acting identity. The declarative identity is what the user declares about himself, such as a username and password used when subscribing to on-line applications and which can be modified. There is also what the others can see and deduct from someone’s digital interactions. This is the calculated identity, which uses algorithms automatically generated by the system (number of friends, groups, messages…), and the acting identity which builds a profile of the person based on his connections, and his clicks… Digital identity can recognize a person in what is most specific an unique to her, and can prove this identity using digital technology.
Digital Identity Guarantee Service (“SGIN”)
The French government has just signed a decree authorizing the creation of a “Digital Identity Guarantee Service (SGIN), currently presented as free and not compulsory. This decree also formally put an end to a former project to create on line identification on mobiles, the Alicem project, which had been tested since June 2019 and was based on facial recognition tools.
The new service claims it will facilitate digital life on a daily basis, enabling citizens to authenticate their identity in a secure manner with a single digital tool.
The SGIN is inserted in the chip of the new French electronic ID cards (CNIe) used since August 2nd 2021. The chip contains two types of data: civil registration and biometrics (photograph and fingerprints), and the digital identity program which only contains civil registration data without biometrics (photo and fingerprints).
The application is presented on the website France digital identity, and a test version will be available this month. The user’s identity is verified via his smartphone and the data from his digital national identity card (CNIe) and the identity proof is generated. In France, the regulator of personal data is known as the National Commission for Information Technology and Civil Liberties or the “CNIL”. Previously, the CNIL was wary about Alicem, but last December the commission gave its approval to the new SGIN project, but stressed that it should not be compulsory, and should be user-friendly “for the general public, including those unfamiliar with digital technology”. The commission also pointed out that, unlike Alicem, the application does not make it necessary to record more information than the one used to create an identity card.
Facial Recognition and Gabor’s Law
At the same time, the Senate’s Law Commission recently released a report on “biometric recognition in public areas”. Technological developments and AI in particular have contributed to the on-going spread of facial recognition technology. According to the report “there are many issues raised by the use of facial recognition”. These issues are dealing with “two interdependent topics: civil liberties and France’s digital sovereignty”.
Digital technology facilitates storing, analyzing, centralizing, and transmitting data on a massive scale. Nonetheless, this technology does not guarantee that data will not be leaked, lost or hacked. Nor does it guarantee that the data will not be used in ways that jeopardize individual freedom and private life.
As a leader in facial recognition, China’s use of AI to control the population is regularly mentioned in the media, especially in the context of its’ social credit“ system, reminiscent of George Orwell’s fictional character “Big Brother”, in his dystopian novel, “1984”.
To “avoid the risk of being under constant surveillance”, the Senate’s Law Commission has proposed 4 bans:
- No social ratings,
- No categorization of individuals (according to sex, opinions, ethnic origin…),
- No emotion analytics,
- No real-time remote biometric monitoring
This Commission has also indicated 3 principles to be upheld: subsidiarity, systematic controls carried out by humans, and transparency. These 3 principles combined with the 4 bans set the “red lines” to protect against the risk of turning into a surveillance society. Regulated experimental methods would be used to “debate and define how biometric recognition is to be used” and would include input from the public and independent assessments. Information will be published for the general public to provide a better understanding of the issues. A third set of propositions in the report states that the “red lines” and the supervising experimental methodology are to be controlled a priori and a posteriori. In theory, this sets limits to the State in its’ use of technology to control people. In an interview, the bill’s rapporteur Marc-Philippe Daubresse compares the red lines not to be crossed for facial recognition to “the red lines set for bioethics“. Indeed, the parallel with bioethics can be observed in the report’s summary on pages 2 and 3.
Thus, regarding the ban on categorization, there is an exception which says “except for scientific research and subject to appropriate safeguards”. Likewise, emotion analytics would be allowed “for health or scientific research purposes and subject to appropriate safeguards”. Finally, the ban on “real-time remote biometric surveillance in public areas” includes a clause specifying it would be allowable “with very limited exceptions for the benefit of security forces”; in particular “during demonstrations on a public thoroughfare and in the vicinity of places of worship”.
Although “Gabor’s law” is only an adage and not an inevitable physical law, it states that “if it’s technically feasible, it will necessarily be done”. In bioethics and politics, as well as in many other fields, a solid reasoning on the limits to be set is urgently needed.