Health pass: The CNIL would prefer a more decentralized architecture

To support the gradual deconfinement before the summer and the opening of leisure places welcoming the public, the health pass comes into force this Wednesday, June 9, with the validation of the CNIL.

In large gatherings of more than 1,000 people and in airports, to travel to or from Corsica and the French overseas territories, everyone can now use paper proof or have digital proof, in the form of a 2D-DOC imported into the Tous Anti Covid Carnet application, to prove his state of health.

In the case of travel, “applications for reading this secure test evidence in digital form will facilitate the embarkation and disembarkation of passengers and minimize (as far as possible) the disclosure of personal health data” specifies an official document.

This device is also part of the “digital green certificate” which will be implemented at EU level from July 1, Cédric O said at a press conference on Tuesday.

What about the risk of fraud?

The State Secretary in charge of Digital assured that the CNIL had validated the device of the health pass in its deliberation made public after the conference. “I note that the CNIL, just as it had done for previous versions of the application, validates the health pass system, both for TousAntiCovid Carnet but also the operating architecture of Tous Anti Covid Verified, the application for reading and decoding the health pass “says Cédric O. He also notes that the Commission validates” the whole of the architecture as proposed by the government “.

Asked about the number of QR codes that may have been falsified to date, Cédric O does not put forward a figure but affirms that “Air France teams are confronted with several fraud attempts per week”. As Europe advances on its continent-wide “green pass” project, Cédric O observes that “everyone in Europe reports the detection of false proofs of tests, or even vaccines. “

“It is important for us to secure this element,” he underlines, noting that one of the advantages of the health pass is to “ensure that the evidence presented is tamper-proof”.

The CNIL in favor of local control during large gatherings

Tamper-proof, but secure? The health pass, which carries the holder’s last name, first name and date of birth, is not without raising some criticism. In its deliberation, the CNIL expresses doubts about the security of the data transmitted. If the Commission confirms that the pass is compliant with the GDPR, it invites the government to “study the implementation of a more decentralized version, in which the management rules could be dynamically and proactively updated by the central server, in order to to limit the sending of data to this server while guaranteeing the application of the updated rules ”.

To clearly distinguish the cases where the health pass is likely to be required, the Commission considers in particular that “the control of the validity of the supporting documents could be carried out locally for the operations of control of the health pass relating to large gatherings of people ”. Considering that there is no technical obstacle to this, she adds that “the only data that can be exchanged with the central server (is) the electronic signature of the proof. “

With TousAntiCovid Verif, the data retrieved via the QR-code goes back to a central server which performs the calculation to find out the status to be displayed. It then sends the result back to the application which displays green or red, as NextInpact explains. “The government justifies this mode of operation by the consequences for the people concerned: the control operations during travel abroad require ensuring compliance with the various rules imposed by the countries to which people go, these rules can, moreover, undergo frequent modifications ”writes the Commission.

Data kept in clear

The Commission notes, moreover, that the data are “kept in clear within the bar codes present on the supporting documents” and that the TousAntiCovid Verified application (used by the persons authorized to check the supporting documents) is “freely accessible on the mobile application stores ”. It further notes that the source code of the TousAntiCovid Verified application has not been made public to date.

The CNIL asks the government to make public this source code “redacted, if necessary, of the secrets allowing to secure the data transmissions with the central servers”. It also invites it to put in place “measures to inform people”, who are not always aware of the sensitivity of the data stored in these codes. To this, the minister’s entourage confirms: “We are going to look at how we publicize the code by removing / obscuring the parts that might endanger the application”.

The Commission says it regrets that the government has not sent it either a technical file or AIPD and recalls that “this analysis must be finalized before the effective implementation of the device”.

Back to top button