A few days ago, I had the opportunity to write an article on “TousAntoCovid and TousAntiCovid Vérif, are these applications protective of your personal data?”, in which I raised a number of questions. Given the elements at my disposal and shared in this article, I had the opportunity to file a complaint with the CNIL. The speed of their response astonished me…
“TousAntiCovid Verification” following the complaint to the CNIL…
I must say that the #CNIL was very quick to respond, shouldn’t I say, too quick? I’ll stop making you wonder; my complaint was judged inadmissible… The explanation given for its inadmissibility is that the problem raised in the Cyberwatch Blog is one of fraudulent use…
If I understand the reasoning that led to this decision, it still poses real problems regarding the security of our data. Indeed, if you are not proactive, and do not make sure by yourself that the person who checks you, uses the right application, it could be that your QR Code is recovered, with your personal data concerning your vaccination status…
Compte tenu du nombre de personnes impliqués dans ce contrôle de masse, qui ne sera pas nécessairement au fait des risques de mauvaises manipulations, cela pose un réel problème de sécurité sur vos données.
Par ailleurs, il s’agit aussi d’une voie royale, pour utiliser un QR Code valide et qui ne serait pas le vôtre. Mais dans ce cas-là, nous sommes bien dans le cadre d’une utilisation frauduleuse, beaucoup plus facile à mettre en œuvre que la recherche de faux #passesanitaire…
So what does this health crisis tell us?
This situation shows our degree of unpreparedness in the use of digital tools, in activities or fields where security should be the major concern of public actors.
When I speak of security, I am thinking first of course of the security by design of the applications made available to the public. Would we accept an application from the Ministry of Finance that would allow such security holes in our tax data? No, I don’t think so, so would your health data be less questionable?
But security does not stop at securing applications, if possible by design, and at well-understood cybersecurity issues. The legal security of our personal data is also at stake, whether it is health data or other data… However, when the state chooses to host data subject to American extraterritorial laws, once again, we can ask ourselves about the competence of our governing elites in the digital domain. This lack of understanding of the different dimensions of digital technology (legal, technical, industrial, intellectual property and cultural) is reflected in the decisions taken in haste, poorly weighed and above all under the influence of powerful lobbies and essentially led by the #gafam…
The striking examples of this inconsistency can be found in the choice of Microsoft Azure for the hosting of our health data (Health Data Hub), or in the management of important economic data such as the PGE (State Guaranteed Loan) set up during this crisis, and whose elements will be hosted by Amazon (AWS), no you are not dreaming, no questioning on the fact that data on the health of our companies can be recovered by the American intelligence services very easily… Or, still within the framework of this pandemic, that the site where you recover your certificates of vaccination or PCR tests, finds itself pointing towards an American location…
What this crisis highlights is not new elements, but rather severe gaps in our level of understanding of the impacts of digitization on entire areas of our daily lives. This lack of understanding affects not only a large percentage of the general population, but also, and this is much more worrying, the vast majority of our ruling elites, whether they are from the political or business world…
Conclusions
I know that for the most part, this information will not raise many questions or concerns, however all this data that will be collected on your health, can be exploited later when you apply for loans from your banks or online banks, or when you want to take out an insurance policy. We cannot exclude that some ill-intentioned employers will use these data for a pre-selection step before hiring… These risks may seem remote, or too abstract, however, if we let these infringements, these abandonments of sovereignty, go by, we could be in for a rude awakening…
We must not forget that behind the #gafam, these digital giants that are becoming giant trusts and multi-sectoral quasi-monopolistic, are hidden leaders who promote an ideology that is transhumanism, and this is far from anecdotal. And that their current and serious competitors, the #BATX have behind them the Chinese government, which has absolutely not the same values and which sets up through them already in China an Orwellian world, with the famous social rating …
Are you really seduced by one of these two alternatives?