(by André Viau, co-founder of the ID Forum)
It is to be hoped that, in a few months’ time, the French Government will announce the measures it intends to adopt to provide citizens with a sovereign digital identity.
In light of the experience gained, the preparatory work and the initiatives taken—from France Connect to Alicem—it is likely that these decisions will put an end to the series of failures that our country has been deploring for several decades in the field of identity.
They will most certainly be in line with the guidelines laid down by the European Union (prominent place given to sovereign identity, digital single market, interoperability, electronic identification scheme under the control of the Member States, protection of personal data) and therefore in accordance with our legal traditions.
In the meantime, devices from the English-speaking world have developed at great speed, shaping a completely different landscape:
- the collection and trade of data, including personal data, is flourishing;
- many companies provide authentication and identification services;
- companies have specialised in the provision of qualitative data relating to clients of financial institutions in the context of their obligations, in particular in the fight against money laundering and the financing of organised crime or terrorism;
- identification is mainly based on the use of personal data collected on the Internet;
- GAFA plays a leading role in this process, even rescuing the State (it should be reminded that the US administration asks visitors applying for a visa to indicate which social networks they use and their access code).
All this is made possible thanks to the extraordinary dynamism of the US digital economy, but also to legal foundations that are in many ways opposed to ours:
- A man’s house is his castle: from the outset, the American constituent set itself the essential objective of protecting the citizen—and in the first place his or her home—against the intrusions of the State, in particular the Federal State. It strives to drastically limit this latter’s powers. Thus, it was not until the trauma of 9/11 that the Department of Homeland Security, a Federal Ministry of the Interior in the European sense of the term, was established. It is not surprising that, at the federal level, no civil status has ever been established, that there is no identity document comparable to our national identity card, and that the introduction of a digital identity has never been seriously considered.
- The combination of the principles of freedom of speech (1stamendment), property rights and freedom of trade greatly promotes the trade of personal data. Indeed, while US law protects privacy from violations by the State, this has not been the case for threats made by other private individuals.
The right to privacy, which appeared at the end of the 19th century, corrected this gap by creating a rich and progressive jurisprudence. Of course, privacy no longer concerns only the home but the individuals themselves. However, this new right, while in some cases providing for compensation, has not served as a basis for an effective limitation on data trade, since data are first and foremost the property of the person who holds them.
In this context, GAFA was able to collect—initially without major difficulties—an extraordinarily large volume of personal data, trade it and establish, on a behavioural basis, a kind of impressive global civil status.
The two systems (European-inspired on the one hand and American-inspired on the other) are therefore in competition, and Europe, which must deal with the different sensitivities of its Member States—particularly France—has fallen behind. This could leave little room for optimism on our continent.
However, there are some signs that the game is not over.
- While the GDPR may have appeared to some American lawyers as the latest whim of bureaucratic Europe, the excesses of the NSA revealed by the Snowden affair, the Cambridge Analytica scandal and the long-standing public debate on metadata have led some lawyers, politicians or business leaders to consider a kind of American GDPR, certainly less ambitious but bringing concerns from both sides of the Atlantic closer together. Especially since the application of the privacy shield leads to bilateral reflection. It should be noted that, to overcome the constraints of jurisprudence, specific legislative measures to protect privacy have been put in place with regard to children, health and credit.
- Without abandoning its basic orientations and while giving the private sector its full place, the US administration is currently re-launching President Obama’s initiative to organize federal identification devices (NSTIC).
- The measures taken under the Patriot Act of October 2001 undermine, to say the least, even the most restrictive concept of citizen protection and privacy. They provoke strong reactions and require consistency.
- Finally, the power of GAFA, the sovereign prerogatives they acquire or even claim—going so far as to consider the creation of a currency after they have seized digital identity—led some to talk about the enforcement of anti-trust laws against them.
In short, the series Identity: Europe vs. the United States has neither reached its last episode nor its last season.
André Viau co-created the ID Forum, the first event entirely devoted to digital identity, to be held on January 28, 2020 in Lille, parallel to the FIC.
Biography: Regional Prefect (h). ENA. DESS Economics, Bachelor of Sociology.
Officer of the Légion d’Honneur and the Ordre national du Mérite.
André Viau began his career as an engineer at the National Center for Scientific Research. He joined the Ministry of the Interior in 1980. Sub-prefect in the Charente Maritime, Ille et Vilaine, Puy de Dome, Cote d ‘Or and Nord, he was appointed Prefect in 1995. As such, he serves in Haute Corse, Yonne, Pyrénées-Atlantiques, Centre region, Midi Pyrénées region (2007).
He will also be deputy director of the cabinet of the Minister of the Interior (2006/2007), adviser to the Prime Minister’s Office (2002/2004), director of the Minister of Defense (2007/2009).
He was CEO of Sofired (2009/2014), Chairman of the Aeronautical Investment Management Company (SOGEPA) (2009/2012).
Since 2016, he has been President of Ares Audit, Senior Adviser at Lysios Public Affairs and Honorary President (Founder) of the International Technology and Security Forum.
It conducts study missions (in the field of defense and security) and conciliation.
- EncroChat: Deciphering of the End-to-End Encryption Service Used by Criminals Cybercrime
- Preserving Digital Footprints and Cyber Resilience: Training the Swiss Police Cybercrime
- Ransomware in Six Questions (by the Ministerial Delegation to the Security Industries and the Fight Against Cyberthreats, French Ministry of the Interior) Cybercrime