Paris (AFP)
The health pass is based on QR code technology, a kind of two-dimensional bar code that is not completely without risks in terms of the protection of personal data, even if access to information is limited by the government in the case of controls carried out by professionals.
What is a QR code?
The QR code ("quick response code" in French) is in a way an improved version of the bar code, more and more used in everyday life, especially on restaurant tables.
Composed of squares and black geometric patterns on a white background, the QR code is used to store information and make it quickly accessible.
Simply scan it via the camera of a smartphone or tablet - with or without the help of a reader application depending on the operating system (Apple's iOS, Google's Android) of the terminal - to read the QR code and access its information.
Internet or download link, contact form, validation of a transport ticket or a cinema ticket, or even an access code to connect to a wifi network, the field of use of QR codes is infinite.
What information do professionals have access to with the health pass?
In the case of the health pass, the associated QR code, which contains information on the vaccination or immunity status of its holder as well as his identity, is scanned by TousAntiCovid Verified, the application provided by the government to professionals ( restaurateurs, traders, managers of sports or cultural establishments ...), to check its validity.
Available for free on Apple and Google's application stores, TousAntiCovid Verif allows information to be read "with a minimum level of detail", according to the government.
Concretely, TousAntiCovid Verif only makes it possible to know if the pass is valid or invalid and to know the names, first names and dates of birth of the customer, information to be compared with what is written on his national identity card, without disclosing further information. health information on the screen.
In addition, although the verification application can be used on personal phones, it does not store any data on the people screened.
"On the other hand, the manager has the obligation to keep a notebook of identification of the controllers with the names of the agents having carried out the examinations of the sanitary evidence", demands the government.
Is private data completely secure?
In its last "warning" at the end of July on the extension of the health pass, the National Commission for Informatics and Freedoms (Cnil), which watches over the private life of the French, however "asked for certain additional guarantees" from the government in the protection of personal data.
Because if, in theory, access to health data is not allowed, "it is possible, for an ill-intentioned person, to access all the personal data included in the QR codes present on the supporting documents, including including health data, "she warned in early June.
Another risk identified: the transmission of personal data via the Internet to the central server, namely the national printing house (IN Group), responsible for checking the validity of the QR code.
Considering that there is "no technical obstacle" to checking the validity of proofs "locally", that is to say from terminal to terminal without going through a server, the CNIL has invited the government "to develop the operation of the application in order to allow local control of supporting data" to limit the risks.
© 2021 AFP