CNNum delivers 35 recommendations on digital identity

CNNum delivers 35 recommendations on digital identity Cybersecurity

The Digital Identities: Voting Keys to Digital Citizenship report has just been delivered by the National Digital Council, the CNNum, the result of a working group comprising 6 of its members. One hundred pages, 35 recommendations, warnings and a focus on informing citizens.

Digital identity must be raised to the rank of a full public service with the same guarantees of inclusion, accessibility and equality as other public services. This is one of the guidelines of the report on digital identities (in the plural) that the National Digital Council has just delivered over a hundred pages. In 35 recommendations and two chapters, the CNNum develops the role of this dematerialized identification in digital citizenship. And he widely underlines the importance of governance and security to create citizens’ confidence in this device, in particular on the protection of their privacy. Within the CNNum, the working group that produced the report was led by Karine Dognin-Sauze and Mohammed Boumediane, with Gilles Babinet, Olivier Clatz, Gaël Duval and Jean-Michel Mis.

“The current context requires an in-depth redefinition of the ties that unite us individually to the state, but also to others, in what constitutes our model of society and our common values,” the report’s pilots explain in their editorial. “Furthermore, we cannot ignore the impact created by the many recent media cases (Cambridge Anaytica, big data leaks, etc.) which have altered the trust that citizens have in private identity providers”, add -they. They immediately recognize that more clarity and transparency should already be brought to bear on the various projects undertaken by the state. It’s obvious. Whether it is Alicem (digital identity mobile app), CNIe (national electronic identity card) or FranceConnect, “the lack of communication easily assimilated by the greatest number still too often harms the global project ”, point out Karine Dognin-Sauze and Mohammed Boumediane.

Governance and security, essential

Digital identity must therefore be a public service in its own right. This requirement once posed immediately raises the question of shared governance and transparency. “Digital identities – and we hold to the plural – can not be done without a control body, or without involving citizens and elected officials in the governance process,” said Nathalie Bouarour, one of the document’s rapporteurs. In this regard, the working group thinks that it would be interesting to have an orientation law on digital identity. A parliamentary mission is currently working on the subject, chaired by Marietta Karamanli, with Christine Hennion and Jean-Michel Mis. She should release her report in a few months. “On shared governance, we want the entire economic ecosystem to be included,” continues Nathalie Bouarour, recalling that this ecosystem is very much awaiting government arbitration, in particular to offer complementary services to these regal digital identities. .

Beyond public service and essential governance, the rapporteur raises two other major points. First, that of security. On the technical side, she stresses the importance of having France represented in international organizations to mobilize in the construction of standards. In these efforts, “it is necessary to involve scientists”, she points out while also evoking the revision of the eIDAS regulation on which the ANSSI, the national agency for information systems security, headed by Guillaume Poupard, is working. “There are several regulations in terms of security, it is important to involve the scientific community and to set up an audit process and a governance body on shared security”, insists the rapporteur.

Beware of the risks linked to the creation of a centralized file

Finally, Nathalie Bouarour raises a 4th point just as important as the previous ones, that of education and information. “Our system has the advantage of leaving the citizen free choice. It is a public / private digital identity system, but we believe that there is training work to be done on all audiences: on computer hygiene and on data management so that citizens are able to choose the digital identity that best suits them and to forge this digital citizenship, ”she underlines.

In conclusion, the authors of the report do not forget the risks associated with this implementation. The working group thus points out “the importance of learning from the past for the protection of identity, in particular the choice of architecture preserving the risks inherent in the creation of a centralized population file”. If educational and inclusion efforts are really and properly carried out, they believe that digital identity could, in the long term, be perceived “not as the extension of a completely dematerialized administration, but rather as the reinforced link between the citizen and the State ”. A link that could guarantee and arm the citizen against the risks that everyone has already identified.

Source: www.lemondeinformatique.fr

Rate article