You are here: Main > ProjectDocs > NationalProfiles > FrenchProfile

National profile for eGovernment IDM initiatives in France

General status and most significant systems

The Agency for the Development of Electronic Administration (ADAE) plays a central role in French ICT policy and eGovernment organisation. This agency has a leading position in any eGovernment related initiative.

From an IDM perspective, France has traditionally relied on a (paper) ID card, which is issued to all citizens and the detention of which is mandatory. A number of initiatives have been introduced in recent years to modernise these cards.

the electronic health insurance ID card, Vitale, was introduced as early as 1998. The card is currently being revised for modernisation, and the new updated cards will be rolled out in 2006, in parallel with the eID card.
so-called Daily Life Cards (Carte de la Vie Quotidienne) were introduced in 2003. It concerns an entire category of cards whose common elements are that they are locally delivered and intended solely for the identification and authentication of users for services within the applicable region (which can conceivably span departments or be limited to a specific municipality).
plans for an eID card by the name of CNIE (Carte Nationale d'Identité Electronique) were first announced in 2003, as a part of the INES programme (Identification Nationale Electronique Sécurisée). The roll-out phase is expected in to begin in 2006, although the card is somewhat controversial for its use of biometric characteristics, incorporating a digital picture and fingerprint scans.

History, Scope and Goals

France has a long history in ICT related legislation, including through the establishment in 1978 of the national data protection commission, CNIL (Commission Nationale de l'informatique et des Libertés; http://www.cnil.fr), the introduction and widespread use of the Minitel network in 1984 (http://www.minitel.com/), and the creation in 2003 of the Agency for the Development of Electronic Administration (ADAE, http://www.adae.gouv.fr/), which functions as a general coordinator of national ICT policy and the development of eGovernment services. ADAE functions under the authority of the Prime Minister.

The ‘Vitale’ electronic health insurance card was introduced in 1998, and is currently being redesigned to reinforce the security of health insurance operations and reduce fraud. The next-generation cards will include a photograph of the holder in order to fight fraudulent use. The current version is used approximately 200.000 times per day by health care professionals (source: http://www.adae.gouv.fr/rubrique.php3?id_rubrique=76).

The smart card is distributed to all persons registered with the social security and entitled to health insurance. Its chip contains only administrative and entitlement information about the holder and the insured person. Together with the electronic card for health professionals, it enables reimbursement claims to be transmitted electronically between health professionals and social security institutions over a secure closed network.

In 2000, the e-government service portal Service-Public.fr was launched, providing a single and convenient access point to public services online. A second portal that focuses more on localised services, http://www.servicepubliclocal.net/, was established in 2002.

In that same year the French government also published the first version of the French e-government interoperability framework (Cadre Commun d’Interoperabilité, http://www.adae.gouv.fr/rubrique.php3?id_rubrique=41). This framework examines the need for increased interoperability between information systems across the public sector and makes a number of recommendations in order to reach this goal. The framework was last updated in September 2003.

The "Daily Life Card" project was launched in 2003. Daily Life Cards are smart cards which are locally delivered and administered. Their scope is linked to the provision of services within a specific region only, and thus also to a limited service set. Their main advantage is the high degree of flexibility, allowing public administrations to provide the exact services which are locally required. The cards can be used for identification, authentication and even payment of services to a variety of public services, regardless of the actual service provider (local authorities, central government, or private companies delivering public services). Pilot projects are currently underway, supported by ADAE.

In 2004, the French government launched the ADELE e-government strategic plan and action plan. Spanning the period between 2004-2007, it provides a detailed framework for future e-government developments. It's main goals are:

to simplify administrative procedures in order to make life easier for citizens, businesses and local authorities;
to guarantee data security and confidentiality through the use of secure user identification systems and the possibility for citizens to control the use of their personal data by public bodies; and
to contribute to the modernisation of public administration.

Finally, plans for an eID card by the name of CNIE (Carte Nationale d'Identité Electronique) were first announced in 2003 by the French Ministry of the Interior, as a part of the INES programme (Identification Nationale Electronique Sécurisée). The INES programme aims to:

Harmonise and simplify the procedures for requesting passports and national ID cards, and to improve the security of these procedures;
Improve the management of these documents using new applications;
Deliver highly secure documents in compliance with international demands;
Offer citizens the means to prove their identity through the internet and to sign documents electronically, in order to encourage the development of electronic administration.

The roll-out phase of the CNIE is expected in to begin in 2006, although the card is somewhat controversial for its use of biometric characteristics, incorporating a digital picture and fingerprint scans. The public debate regarding the introduction of the CNIE was kicked off in 2004 through the Internet Forum (http://www.foruminternet.org/carte_identite/), resulting in a critical report requesting that the scheme would be revised in order to address privacy and security issues.

Technology

The next-generation Vitale cards, to be introduced in 2006, will include a photograph of the holder in order to fight fraudulent use. They will have a built-in crypto-processor featuring cryptographic mechanisms based on public keys, which will considerably reinforce the security of operations such as electronic authentication and signatures. The chip will have a capacity of 32 KB - eight times more than the 4 KB memory of the current cards - which will allow for storing a greater quantity of information. The cards will comply with the new IAS (Identification, Authentication and Signature) standards, thereby meeting the new requirements of the health and welfare field. There are currently no plans to merge Vitale and the planned eID card, CNIE.

The CNIE, also to be introduced in 2006, will not be visually very different from the current ID card, incorporating mostly the same information: basic card holder identification (name, first name, address, ...), signature, and card number. However, the electronic information is somewhat more extensive.

The digital information stored on the card's chip is subdivided into multiple blocks, which use different encryption methods. Currently, the following blocks are planned:

an Identity Block: the same card holder's information as above, with the noteworthy addition of a digital photo and two digital fingerprints. Due to its sensitive nature, this data will be most strongly encrypted, and only accessible to authorised officials.
an Authentication Block, which only contains an anonymous card authentication mechanism. This will allow officials to check the authenticity of the card, without necessarily processing personal data.
a Certified Identification Block, which allows the holder to identify him/herself using a PIN-code. This could conceivably allow access to any number of applications, including e.g. electronic banking services.
an eSignature Block, allowing the user to sign documents electronically
a Personal Portfolio Block, allowing the user to store any information that he/she would like to carry around and be able to re-use in other systems.

Accessing data in the Identity Block can be done without contact (although it does require certain data printed on the card), whereas other information requires the use of a reader.

Applications

Information sources:

http://www.service-public.fr/ (federal portal, in French)
http://www.sesam-vitale.fr/index.asp (federal portal, in French; only basic information in English)
http://www.adae.gouv.fr/ (federal portal, in French; only basic information in English)
http://www.foruminternet.org/carte_identite/ (federal portal, in French; only basic information in English)

Existing issues

The French approach raises a few issues, which can be summarised as follows:

Multiple cards have already been issued, and it remains to be seen if there is an actual need for several ID cards per person, and whether or not the French population will in time embrace this variety.
Certain specific characteristics of the CNIE (notably contactless accessibility of data and the inclusion of biometrics such as fingerprints
Certain parties have forwarded the criticism that the INES programme has unduly linked the issues regarding passports and national ID cards. While these documents clearly show some similarity, their different scope, purpose and application would suggest that they are sufficiently different to merit separate treatment. A perception exists that the design of the CNIE has largely and unnecessarily been influenced by requirements imposed on the passport.

Analysis: successes, failures and lessons learned

Both the INES and Vitale cards are still in the roll-out phase. However, some preliminary conclusions can already be formulated, summarized as follows:

The controversy and continued debate surrounding certain key characteristics (most notably the use of biometrics and contactless access technology) of the CNIE suggests that the general population is not yet convinced of the design of this card. Whether this doubt is a result of genuine design flaws or a lack of sufficient knowledge of the technology used is open to debate, but the current status of the debate suggests an insufficient consensus.
The French government consciously chose to keep the general eID card separated from the Vitale card for data protection reasons, i.e. to avoid health data being included on the eID card. This decision is generally supported as a privacy enhancing policy.
The introduction of Daily Life Cards allows local administrations to provide the services required by their constituency, and thus closes any possible gap between national administrations and local needs. However, there is also the risk of creating an excess of ID cards and of implementing localised services in an excessively diverse manner, thus confusing card holders.

Expected future developments

Both the INES and Vitale cards are still in the roll-out phase, and 2006 is likely to be a breakthrough year for both.

-- Main.grauxh - 02 Jan 2006
to top

End of topic
Skip to action links | Back to top

Copyright © 2005-2024 by the Modinis-IDM consortium. All material is the property of the contributing authors. Reproduction is authorised, provided the source (eGovernment Unit, DG Information Society,European Commission) is clearly acknowledged, save where otherwise stated.