France is having plenty of problems when it comes to their vaccine passports, and not just anyone's vaccine passport, but that of President Emmanuel Macron and Prime Minister Jean Castex. Their QR codes were both shared to social media, including Twitter and Snapchat.
???? ALERTE - Le QR code du #PassSanitaire d’Emmanuel #Macron a fuité sur internet. (réseaux sociaux) #QRcodeMacron pic.twitter.com/9ryT9dXdoZ
— Mediavenir (@Mediavenir) September 21, 2021
Kurt Zindulka has been covering such breaches for Breitbart. As he wrote on Wednesday:
The government at the Élysée confirmed to BMF TV that the pass, which correctly displayed his name and date of birth, was indeed the personal QR code for [Macron]. Prior to it being disabled, the QR code also contained information on when Macron was vaccinated and with which brand of vaccine.
“This system works, but there has been an ethical flaw on the part of one or more health professionals. Someone made an impression of the QR code and circulated it voluntarily or by negligence,” the government said.
The privacy breach comes just days after French Prime Minister Jean Castex also had his vaccine passport leaked online after a press photographer snapped a picture of Castex with the code visible on his smartphone. Using the picture, several people were able to insert the QR code into their coronavirus app in order to gain access to Castex’s profile.
A research director at the french cybersecurity firm Sogeti, Mathis Hammel posted a picture of Castex’s pass on his social media account.
“Game over, I have the Prime Minister’s vaccination QR code,” Hammel wrote, adding: “Promise I got it legally and I won’t do anything with it, call me if you want a helping hand in cybersecurity.”
Hammel tweeted on Sunday that the tweet showing the QR code was "quickly deleted."
Voilà c'était tout con ??
— Mathis Hammel (@MathisHammel) September 19, 2021
L'original a été rapidement supprimé (et je crois que le QR de J. Castex est ajouté aux listes noires de TAC Vérif) https://t.co/LdSfu4x5Zw
Ellie Fullalove reported for The Connexion that those QR codes have since been invalidated. Yet one may have to wait for full reassurance, for as Fullalove also wrote:
Both QR codes have now been invalidated and anyone who attempts to use them risks a fine of €45,000 and three years in prison.
...
The issue of replacement QR codes
Currently, the process of replacing your QR code does not allow the holder to invalidate their old QR code. This means that technically, both the old one and the new one can still be used.
However, work is now underway to remedy this, with a new tool being rolled out to prevent fraudulent use of old QR codes (where people use others’ codes to get access to venues in which they would not otherwise be allowed).
Some people, including journalists, have already had access to this new tool, because (for example) they used their original code to illustrate articles about how the codes work.
But the tool will now be rolled out more widely, a ministerial source told BFMTV.
How will the tool work?
This has not yet been confirmed, but it is likely that it will include an online form or app on which users can invalidate their old pass.
It may also be a simple link on the website attestation-vaccin.ameli.fr, through which users could generate a new QR code, which would automatically invalidate and cancel the old one.
There's also concern because health care workers are suspected of having caused the breach of Macron's QR code:
Recommended
In the case of President Macron, it is believed the data leaked must have come from a health professional. This has been considered more worrying, especially for someone whose security is supposed to be the highest in the country.
Whether the leak was accidental or deliberate has yet to be determined, but the Caisse Nationale de l'Assurance Maladie (CNAM) has now referred the matter to the French Medical Authority, the Conseil de l'Ordre des Médecins.
People have had security concerns since vaccine passports were first announced. In the United States, this was in the form of the Excelsior Pass out of New York, back in March.
Zindulka covered another incident to do with Macron and vaccine passports, which ought to make all Americans feel relieved that we have First Amendment rights. Michel-Ange Flori was sued by Macron and ordered to pay 10,000 Euros for billboards depicting Macron as Adolph Hitler and as Philippe Pétain, the former marshal of France who was convicted of treason for working with the Nazis.
The details are somewhat complicated, which makes the incident all the more concerning:
Despite France removing the crime of “insulting the President of the Republic ” in 2013, the French president is still allowed to sue fellow citizens for public defamation or injury.
Though rarely enforced, a court in Toulon agreed with Mr Macron that the billboards represented “an obvious desire to harm” and therefore ordered Mr Flori to pay the French leader 10,000 euros (£8,500/$12,000).
Flori intends to appeal.
