January 13, 2021

Decentralized identifiers to fight against mass surveillance


Decentralized identifiers to fight against mass surveillance

The slow but certain authoritarian drift of the French government was confirmed by the Conseil d’État on January 5, 2021, when the latter gave a favourable opinion on the extension of the possibilities to record Internet users’ “philosophical and religious convictions”, “political opinions”, “trade union membership” as well as their medical data. Means of resistance are necessary.

The USSR dreamed of it, France did it.

In 2016, an article appeared in the french newspaper Obs in partnership with Rue 89 (1) with the title “Russia: anything you post on social networks can be held against you”. A new software called Zeus was then about to equip the Russian police services. It was supposed to make it possible to identify “all of [the user’s] ‘friends’, the theme of the posts, the presence of specific keywords, the groups to which the user subscribed, the photos and videos posted or reposted, and his or her favorite correspondents. ». At the time, Vladimir Putin made no secret of the fact that this software was supposed to make it possible to file “latent extremists,” a consensual term for “political opponents”.

With 5 years behind Russia in restricting individual liberties, France will finally be able to catch up with the progress made in the surveillance of its political opponents thanks to three decrees modifying the Code of Internal Security. (2)

Three files are impacted by these decrees: the Pasp (prevention of attacks on public security) used by the police, the Gipasp (information management and prevention of attacks on public security) used by the gendarmes, and the EASP (administrative investigations related to public security) used to obtain information prior to the recruitment of state employees. The first two were created in 2008 during the intelligence services reform, following the dropping of the Edvige file project.

At the beginning of November these files covered 60,686 people for the Pasp, 67,000 for the Gipasp and 221,711 for the EASP. However, while these files had until then only included demonstrators and hooligans who had been actually involved in violent actions, they will now be extended to include data on people who harm “the institutions of the Republic”, a notion that is sufficiently vague to pave the way for a file listing for crimes of opinion.

Just as the “S cards” are theoretically intended to be used to register people who present a threat to the security of the State, but whose purpose is diverted to register non-violent union and political activists, it is likely that the extension of filing to individuals who could harm “the institutions of the Republic” will also be used as a means of illegitimate political surveillance.

In these decrees, in addition to the registration of “philosophical and religious convictions”, “political opinions”, and “trade union membership”, medical data and in particular psychiatric history may be used. It should also be noted that the friends, family and children of the individuals on file may also be the subject of information notes.

Decentralized identifiers as a defensive instrument

The main source of data collection is of course the Internet, where most of the users’ personal information is concentrated in very few locations. The decrees thus authorize the intelligence services to record the pseudonyms used by users on the various social networks, the comments they write there and the images they publish there.

However, decentralized technologies such as the blockchain are perhaps one of the best means for users, as is already the case in many other fields, to guarantee the confidentiality of their data and to regain their independence from state control.

Decentralized IDentifiers, also called DIDs, are based on such a technology. They take the form of a unique and permanent number that will be linked to numerous files containing pieces of identity data, encrypted using one-way cryptographic functions. These will be stored in decentralized servers.

This technology will make these pieces of identity data unusable by those who would try to decrypt them, which, given the complexity of the calculations used for encryption, seems extremely unlikely. Indeed, assuming that they succeed, they would only have partial information, such as an address alone, linked to a sequence of characters in reference to a DID. The work involved in hacking these databases and then linking this information to a real person is titanic, and it is highly probable that the public authorities would not attempt to tackle such a task.

Their decentralization will also make it extremely difficult for any authority to destroy or alter the networks that will host the DIDs and the documents associated with them. These networks will in fact be maintained by a large number of people in different geographical locations. This decentralization offers a very important guarantee against hacking and thus increases network security. Indeed, to hack the blockchain and take control of the validation or modification of a block, it is necessary to dispose of 51% of the computing power contained in the blocks of the blockchain, which is, regarding the major blockchains, impossible with the current technical means.

In a context of increased state control over citizens and widespread violation of individual liberties, decentralized identifiers are likely to prove to be a precious weapon for the anonymization and protection of our personal data on the Internet.

(1) https://www.nouvelobs.com/rue89/rue89-surveillance/20160803.RUE3570/russie-tout-ce-que-vous-postez-sur-les-reseaux-sociaux-sera-retenu-contre-vous.html

(2) https://www.legifrance.gouv.fr/jorf/id/JORFTEXT000042607323

Copyright © 2020 XSL Labs – All rights reserved