Sites Inria

Version française

Data Protection

Laurence Goussu - 15/02/2017

Secure electronic documents: is the centralisation of biometric data really inevitable?

Serveurs © Inria / Photo Kaksonen Inria / Photo Kaksonen

The decree of 28 October 2016 authorising the creation of a centralised file of "secure electronic documents" (TES) has raised a certain number of questions and concerns. The main aim put forward by the French government is the fight against identity fraud. However, the text of the decree also authorises certain accesses to the database by officers of the national police, national Gendarmerie and intelligence. Many voices have been raised to highlight the risks that such a centralised file could represent with regard to individual freedom, and particularly the invasion of citizens' privacy. Here, Inria gives its objective analysis and its recommendations in order to ensure the protection of privacy.

This report, produced by Claude Castelluccia and Daniel Le Métayer, aims to widen the debate through the analysis of architectures and alternative solutions. Its purpose is also to provide a supplementary perspective on the protection of personal data.

The strengthening of the means to fight fraud (and, more generally, criminality) and the requirement to protect privacy are not necessarily antinomic. However, in order to be able to reach a decision on the advantages and disadvantages of a management system for electronic documents, it seemed necessary to:

  • Clearly define the desired functionalities and the advantages that can be expected from them, in particular with respect to the current situation and other solutions.
  • Describe the technical solution chosen in a sufficiently precise way to enable its analysis.
  • Rigorously analyse the risks of an invasion of privacy with regard to the expected benefits.

This document does not claim to be exhaustive or to propose definitive analyses or solutions, but it proposes a framework to address these questions in a rigorous manner.

Keywords: Data protection Security Privacy & Data Protection TES