France May Require Biometric ID Cards

Will Affleck-Asch writes "According to an article on Infoworld today, France may require her citizens pay for new identity cards that hold their biometric information in electronic format. The French government outlined its plan last month to replace the identity cards and passports offered to French citizens with new ones that carry a microchip containing digitized photographs and fingerprints. The plan is to introduce the passports in 2006, and the identity cards a year later. Citizens haven't been forced to carry ID cards since 1955."

ID Required in France

[American+AC+in+Paris]

Citizens haven't been forced to carry ID cards since 1955

This is misleading. While there is no "National ID Card", You're required by law to carry ID at all times in France, and the police may ask to see it at their discretion.

A less confusing way of putting it would have been, "While a national ID card hasn't existed in France since 1955, French people are required carry some form of valid ID with them."

Re:ID Required in France

[mad+flyer]

Wrong, there is a nationnal ID card in France, established by Marechal Petain during WWII. I'm living in Japan but i'm still always carrying it. Since by the european laws, as a French citizens i'm not supposed to be obliged to show a passport to enter back in my country.

Re:ID Required in France

[American+AC+in+Paris]

Le contrôle d'identité de police administrative vise toute personne se trouvant en France.

Police identity checks can be made of any person found in France.

Il est fait à titre de prévention d'une atteinte à l'ordre public.

This is to prevent disruptions to the public order.

Il a lieu dans des lieux publics: rue, gare....

This takes place in public places: on the street, in the station....

Des contrôles d'identité peuvent être pratiqués à l'égard des personnes dont un indice laisse penser qu'elles:

Identity checks may be performed on anybody whose actions suggest that:

• ont commis ou tenté de commettre une infraction,
  They have committed or attempted to commit an offence,
• se préparent à commettre un crime ou un délit,
  They are preparing to committ a crime or offence,
• sont susceptibles de fournir des renseignements sur un crime ou un délit,
  Could likely provide information pertaining to a crime or offence,
• font l'objet de recherches ordonnées par une autorité judiciaire.
  Are the subject of an search ordered by the judiciary.

[...]

Lors d'un contrôle, vous avez l'obligation de justifier de votre identité.

You are obligated to prove your identity at the time of an identification check.

La carte d'identité n'est pas obligatoire, vous pouvez justifier de votre identité par tout autre moyen:

An identity card is not obligatory, you can prove your identity by any of these other means:

• passeport ou permis de conduire,
  Passport or driver's license,
• livret de famille, livret militaire, extrait d'acte de naissance avec filiation complète, carte d'électeur ou de sécurité sociale..,
  Family record, military record, official birth record, voter card or social security card..,
• appel à témoignage.
  Call for testimony.

[...]

La police ou la gendarmerie peuvent vous retenir sur place ou dans leurs locaux pour établir votre identité.

[If you cannot prove your identity on the spot,] the police may retain you where you are or at their station to establish your identity.

...so, as evidenced by your own link, a police officer can demand ID if he thinks you might know something about a crime (and you can be sure that this equates to "at his discretion",) and if you cannot prove your identity, you can be detained for an "identity check".

Re:ID Required in France

[StefanF]

I work as a police officer in a Schengen country and spent last year working at an international airport where I did boarder control. When traveling between two Schengen countries you are required to have a valid travel ID with you. In most cases this is a passport since only a few countries have other travel ID's. People, including EU citizens, are stopped at random for an ID check at Schengen boarders. Now im working in a small town and just last weekend I asked a EU-citizen to show me his travel ID so it does happen (although rather rarely)

expectations for reaction...

[JimBobJoe]

I'm hoping (and frankly, expecting) some pretty strong negative reaction from the French citizenry. They have a bad history with ID cards (for reasons I shall respectfully not mention) and I dare say that the French are more alarmed by ID cards than citizens in anglo countries. They have a more intense concept of anonymity vis a vis the state.

Even here in North America, New Brunswick and Quebec have some of the most lenient driver's licensing laws. Unless things have changed, neither province requires the photo on the license, and Quebec is the only jurisdiction in, possibly the world, which issues a driver's license with a digital photograph and the photograph is not archived. That's a level of freedom that's been lost to most of the world's citizens in just 10-15 years.

Re:expectations for reaction...

Honnestly, beeing french I can ensure you no reaction is to be expected.

Actually national Id card allready exists, they are just not compulsory in most situation (and mine has been perempted for 5 years now ... I may or not think to renew it soon).

But we french don't like private business to get data on us, but will happily let governement play its big brother.

Check the affair of "les ecoutes de l'elysee" and see how little reaction there was....

It could be worse

[Catullus]

In the UK, it appears that, having had the government's draconian ID card plans rejected (for the time being), they're planning to start the biometric-isation process early, by adding compulsory fingerprints to our passports. However, it also appears that this doesn't need democratic consent - they can just do it whenever they feel like. Oh, and bury it halfway through a busy election campaign too.

These fingerprints will, you guessed it, be stored on a gigantic database that the police can consult whenever they feel like.

May I suggest that anyone in the UK who finds these plans... disturbing... lets someone know about it.

Re:It could be worse

[Catullus]

Indeed - they already steal fingers to steal cars... ID is much more valuable.

Re:What perfect idiots

[JimBobJoe]

Forgive me if I am missing the point, but is not the purpouse of biometrics to REMOVE potentially compromised security keys, like ID cards? Biometrics, as I understand the science, allows an individual to use their body as a form of ID.

No! No security expert worth their salt proposes that biometrics be used to ID...it's too easy to fake and you leave biometric trails everywhere. Biometrics may have some use as a second form of a password. Biometrics may also be used as ID in non-security applications (such as at my local grocery store, where employees use their fingerprint to sign in and out of the timeclock.)

Only vendors are pushing biometrics as both a form of ID and a password.

It's probably the US requiring them

[Colin+Smith]

I don't know if you've noticed but the US is now requiring biometric passports to allow entry on the Visa Waiver Program.

e.g.
http://travel.state.gov/visa/laws/telegram s/telegr ams_1393.html

So, next time the bombers will have to get visas to enter the country... Just like last time.

Re:It's probably the US requiring them

[dajak]

Exactly. We get the biometric passport in 2006 in the Netherlands, and the official reason the government gives is that you are going to need that 'extra functionality' to enter the US.

Either you give your biometric data to the Dutch authorities, or you give it to the US authorities. The Dutch government considers itself a better guardian of our privacy. The Dutch government is easily blackmailed into cooperation by the US government by threatening to revoke valuable customs privileges for cargo on ships from Rotterdam harbor. Our economy is based on transport and trading, after all.

Before 2001 a move like this would have caused an emotional uproar against 'nazi practices', but people just accept it now.

I have been able to avoid having to go to the US in recent years, but this is not good for my career. Given my line of work I will probably be waiting in line for one of those passports. I will keep it wrapped in tin foil though.

A more recent development is that you are apparently also going to need it for just flying near US airspace: a KLM plane on its way to Mexico was turned back last week because the US somehow illegally appropriated the passenger list (from Mexico?) and found two 'suspicious' people on it that are not on any blacklist communicated with the Dutch government or KLM. The Dutch government is very pissed off about this treatment of its citizens and its national carrier.

Our version is the Real ID Act of 2005 in the USA

[COredneck]

To be decided in the Senate and the House/Senate Conference Committee is the Real ID Act of 2005 sponsored by F. James Sensenbrenner. This will be a backdoor defacto National ID through your driver's license. Included is a linked database known as the Driver License Agreement as sponsored by the American Association of Motor Vehicle Administrators. States will be required to sign it in order for given state driver's license to accepted when dealing with the Federal Gov't such as boarding an airplane or train.

Included in the Driver License Agreement is sharing information not only within the US but with Canada and Mexico (pg 4, item 11 in PDF Document). Required in the database is identity theft type of information such as your Social Security number. Also the Driver License Agreement as a side "benefit" requires your state to punish you with points for a traffic offense anywhere within North America. So a speeding ticket from a vacation in Cancun, Mexico or Montreal, Quebec, Canada will tarnish your home state driving record and as an insult to injury, your insurance goes up !

There is not much time left to defeat this legislation. It is attached to HR1268 - Emergency Appropriations for Iraq, Tsunami Relief. The Senate has removed it but the House will insist on the Real ID Act of 2005 in conference committee and we need to let our Senator's know that we are against this. Information to Contact Congress web link.

Re:What perfect idiots (not insightful)

[acaspis]

Well you are definitely missing the point.

The ID card would probably contain fingerprint data and a digital signature saying that the government recognizes the fingerprint as that of one of its citizens. The fingerprint doesn't even need to be connected to the person's identity.

Without that, how could scanners at airports and other public locations decide to accept or reject a person based on her fingerprint ? Send it to a big-brother-esque central database, uh ? OK, the scanner still needs to download a list of revocated IDs from time to time.

ID + fingerprint = something you have + something you are.

Re:Can this data be one-way hashed instead of stor

[FleaPlus]

http://scholar.google.com/scholar?q=biometric+hash

First result:

Biometric hash based on statistical features of online signatures

Vielhauer, C. Steinmetz, R. Mayerhofer, A.

Abstract: Presents an approach to generating biometric hash values based on statistical features in online signature signals. Whilst the output of typical online signature verification systems are threshold-based true-false decisions, based on a comparison between test sample signals and sets of reference signals, our system responds to a signature input with a biometric hash vector, which is calculated based on an individual interval matrix. Especially for applications, which require key management strategies, hash values are of great interest, as keys can be derived directly from the hash value, whereas a verification decision can only grant or refuse access to a stored key. Further, our approach does not require storage of templates for reference signatures, thus increases the security of the system. In our prototype implementation, the generated biometric hash values are calculated on a pen-based PDA and used for key generation for a future secure data communication between a PDA and a server by encryption. First tests show that the system is actuality able to generate stable biometric hash values of the users and although the system was exposed to skilled forgeries, no test person was able to reproduce another subject's hash vector.

Parent is WRONG !

[lazy_arabica]

"While a national ID card hasn't existed in France since 1955, French people are required carry some form of valid ID with them."

A national ID card does exist in France. It's true that you are not be required to carry that card at all times, though. Here is an example of what it looks like:

Re:I'd Pay For This In The U.S.

[RealAlaskan]

Many of the 9-11 terrorists had valid ids.

It is my understanding that all of the 9/11 terrorists had valid U.S. IDs (drivers licenses, mostly) and/or valid passports which had been scrutinized at the border. These IDs were all in their own names (though perhaps not in the name under which they were wanted). So far as I know, no one has suggested that they had obtained these IDs fraudulently: they all could have gotten the new biometric IDs that so many seem to want.

We knew who they were, and some of them were on ``wanted'' or ``watch'' lists under the names on their legitimate IDs, the IDs which they used to board their planes. Identity was never a factor in the 9/11 hijackings. Therefore, obviously, what we need to make sure it never happens again is a new, improved National ID system which will further tighten the government's control over us. Yes, indeed. It kept the Jews safe in the 1930s, after all. We'll try not to think about what happened to them in the 1940s.

All this isn't to quibble with what the parent post said, but to reinforce it.

Re:Can this data be one-way hashed instead of stor

Can the biometric data be hashed and the hash used for verification instead?

No, there are biometric templates from which it *should* be difficult to recreate the biometric data. Advantage is also that these are smaller and would save time & space on the card. Problem is is that these templates are vendor specific, and may be encumbered with legal issues.

Getting someone's fingerprint or photo, as proposed for passports is not that difficult anyway.

That isn't how they work

[John+Harrison]

Most systems are implemented such that the chip doesn't contain an image of the fingerprint. Instead it has a template of your fingerprint that is generated during enrollment. This template doesn't contain all the information needed to recreate an image of your fingerprint, though some work has been done showing that some aspects of the fingerprint can be generated. These generated prints can be used to match but do look like a fingerprint to you or me. Also, some cards do an on-card match, which means that they never give the template up. Instead the verification is done by creating a second template on the spot and sending it to the card where it is compared to the original. The card then reports if there was a match.

I should also note that in many systems no server copy of the prints or templates is kept. All the information is on the card. However, I would guess that governments would tend to keep such information if given the chance.

Re:Can this data be one-way hashed instead of stor

[locofungus]

The UK government isn't going to bother with parliament anymore - they're going to bypass it: http://www.theregister.co.uk/2005/04/12/uk_passpor t_fingerprints/

FMTYEWTK about French ID checks...

[Eunuchswear]

Ok, straight from the horses mouth:

Lors d'un contrôle, vous avez l'obligation de justifier de votre identité.

So, If the police ask you who you are you are obliged to provide some proof of identity.

La carte d'identité n'est pas obligatoire, vous pouvez justifier de votre identité par tout autre moyen:

• passeport ou permis de conduire,
• livret de famille, livret militaire, extrait d'acte de naissance avec filiation complète, carte d'électeur ou de sécurité sociale..,
• appel à témoignage.

Which could include asking witnesses.

Si vous vous trouvez dans l'impossibilité de justifier de votre identité, ou si les documents produits ne paraissent pas suffisants pour établir votre identité (document sans photo), vous pouvez faire l'objet d'une vérification d'identité.

If they don't believe you they may check,

Vérification d'identité

La police ou la gendarmerie peuvent vous retenir sur place ou dans leurs locaux pour établir votre identité.

Either they hold you in place or they take you back to the station

Vous pouvez être présenté à un officier de police judiciaire.

Vous pouvez présenter de nouveaux papiers, faire appel à des témoignages.

La vérification doit durer au maximum quatre heures entre le début du contrôle d'identité et la fin de la vérification d'identité.

Vous pouvez faire prévenir le procureur de la République, votre famille ou toute personne de votre choix.

Pour un mineur:

• le représentant légal (père, mère ou tuteur) doit être averti avant toute vérification, et doit, sauf impossibilité, l'assister,
• le procureur de la République doit être averti.

You can ask anyone you want to help, bear witness, bring new papers.

If you're a minor your parents must be informed.

They can't hold you for more than 4 hours.

Ok, so it can be rather annoying, but in practice they just ask you to come to the commisariat the next day. Unless you're a young north african man of course.