

In March, we started unveiling what is surrounding the Orwellian project “Smart City™” in Marseille. But, as it turns out, Marseille is but a tree hiding the forest, as predictive policing and police surveillance centers boosted by Big Data tools are proliferating all over France. Nice is a good illustration: The city’s mayor, security-obsessed Christian Estrosi, has partnered with Engie Inéo and Thalès — two companies competing in this thriving market — for two projects meant to give birth to the “Safe City™” in Nice. Yet, in the face of the unhindered development of these technologies meant for social control, the president of the CNIL (France’s data protection agency) seems to find it urgent to… follow the situation. Which amounts to laisser-faire.



This winter, Christian Estrosi (mayor of Nice) yet again rose to public attention, boasting about a deal between Nice and a Israeli company to distrbute a smartphone app — named Reporty at the time (now renamed Carbyne) — which aimed at turning citizens into police assistants [fr]. At the request of the City Council, the CNIL eventually opposed this measure, arguing that the use of the app lacked legal basis and that it was a “disproportionate” infringement to the right to privacy.

But this controversy masked an even more troubling fact: since last year, Nice has also been preparing its transition to the Smart City™ of the future by establishing partnerships with surveillance tech companies. And this time, it’s not just about a small Israeli startup. We’re talking about Thalès, well-known in the defence and security field, or Engie-Inéo, a Big Data subsidiary of the Engie (Suez) Group (two companies in which the French State holds respectively 26,4% and 32,76% of shares). And it’s not just about a simple “app” turning people into vigilantes either. We’re talking about full-blown control-command centres loaded with all the modern equipment to probe large numbers of databases coming from public entities or private companies, to monitor the urban space and social media in real time, and to turn “predictive policing” into a reality.

Nice, Engie Ineo’s first experiment

On the one hand, there is Engie Inéo’s project, an experiment announced in the summer of 2017 (we were probably at the beach and missed the news at the time). Allegedly, the experiment lasted until February 2018. At the time of its launch, the City of Nice presented the project in these terms:

Engie Ineo will trial in Nice a global and unprecedented security solution: a control-command center based on a tactile and tactical table « DECIDE » and the SenCity platform. The progressive development of this device aims to provide police authorities, among others, a tactical and tactile platform to ensure overall coordination in real time. (…) By relying on local resources and all the data collected by the SenCity MetaPlatform, (cameras, retractable bollards, traffic lights, warning buttons, access control of buildings) this device revolutionizes the security solutions available to decision-makers. ”

This is “totally unprecedented” according to Thierry Orosco, Director of Security Strategies at Engie Ineo. But it ressembles the dangerous system concocted at Marseille, the dangers of which we highlighted a few weeks ago. To be sure, this “revolution” marks a new step in the privatization of the security forces, as these technologies will be used to play a decisive role not only in police repression and premption, but also more generally in the “management” of police forces. As underlined by the leading union for municipal police forces in reaction to the Reporty case: “It is never morally right to delegate the public service of security to private entities”.

The Thales Team follows suit

As for Thales, the company seems to be bearing the torch at the head of a consortium proposing a new “experiment”. In June 2018, the City Council of Nice adopted an “agreement for experimentation” with a consortium led by the defense contractor, despite criticisms from parts of the opposition.

Thales also set its sights on the Paris business district La Défense, selling its solutions by boasting its experience in the field of security and digital technologies, and in particular in “smart videosurveillance”. And we are not talking about the public “National Platform for judiciary interceptions” (wiretappings) which has been, if I might add, a complete fiasco and costly failure. This time it is about “smart videosurveillance”.

When videosurveillance gets “smart”

It’s all the rage now. After having spent hundreds of millions of euros for cameras with insignificant results, the surveillance industry is now betting everything on automated image analysis. The Minister of the Interior, Gérard Collomb, was recently selling these technologies, waxing lyrical about the repression of the social movements (he was speaking about environmental activists and labor protests):

“In the field of image exploitation and identification of people, we still have room for improvement. Artificial intelligence can for instance be used to identify individuals with bizarre behavior in a crowd.”

.

We can imagine what facial recognition, once coupled with biometric databases like the French TES database, will lead to. Or we can take a look at China or the US to get an even better sense.

Towards a “Waze of security”

In Nice, as part of this new “Safe City Experimentation Project” (pdf) voted by the City in June (and which La Quadrature acquired), Thales and the consortium it leads want to go further, by creating the “Waze of Security” in Big Data way. Waze is a proposed way to help “decision-makers” through “collecting as much existing data as possible and looking for correlations and weak signals” (p. 23), “developing new analysis and correlation algorithms to better understand a situation and develop predictive capacities” (p. 24). As in Marseille, the monitoring of social networks and other “open data” is in the line of vision, especially for the “short and poorly written texts” dear to Twitter, which will be monitored by semantic analysis tools to help manage crowds, analyze rumours, and “monitor the actions of certain individuals or groups of people”. (There, the consortium specialist is GEOLSemantics).

Granted, at this point in time, this is all part of a marketing discourse intended to lure elected officials in need of creating sensationalism. These projects are indeed experiments, with apparently defined “use cases”. But they do in fact enable these large groups, with the help of Europe or the Public Investment Bank , to have their research and development financed by the French government and local authorities, and to have life-size “demonstrators” to feed their safety marketing campaigns.

Police Smart City, Industrial Real Politik?

For these large French groups and their institutional emanations such as CoFIS (the committee for the industrial security sector, organized at the level of the Ministry of the Interior), it is indeed a matter of positioning themselves in the booming market of the Smart City™, while large American multinationals such as Google or Chinese multinationals such as Huawei lie ready to ambush.

Because, of course, all of this goes far beyond security. The aim is to reach every single public service, from transportation to energy to waste management and so on. On every topic, businesses such as Thalès or Engie Inéo hope to encourage cities to dramatically increase public spending. Pierre Cunéo, Strategy and R&D manager at Thales, bemoans that “so far, there’s no city asking to interconnect everything (..). It is only focussed security. Cities’ budgets don’t allow to go further yet “. Once again, those experimental projects are meant to convince public administrations and civil servants, to convert them to their “solutions”, thereby making them dependent on private expertise. And a great deal of public contracts would then follow.

Back to law enforcement. If, in the U.S., larger and larger incursions of GAFAMs in the military complex are prone to internal oppositions , nothing is to be expected from Big Corpo’ employees, who have been long time associates to security policies (but we stand to be corrected: any whistleblower may contact us or answer the sollicitation from the Mediapart newspaper !)

In Nice, alongside the Law Enforcement Big Data, Mayor Estrosi also calls for “an economic context which would favor innovation, by reinforcing collaboration among large companies, small businesses and local start-ups, including the French Tech network, and actors of research and education”. Indeed, actors who engage in developping and promoting those surveillance tools are far too numerous. In the research sector, there should be questions about the origin and the structure of financing agreements that link security and university domains (some of the solutions suggested in Nice by Thalès are end-results of research projects financed by the EU or the National Research Agency). As for French Tech, maybe the community will express, in a not-so-far future, its will not to become a “spies’ ally”. Or maybe not.

A wait-and-see regulator

In the Southeast, we’re used to security delusions, but don’t be mistaken: everyone could soon be concerned. In Toulouse, Valenciennes, Paris, Dijon, similar initiatives have been achieved or are in progress. The Smart City wave is crashing all over France.

Last January, La Quadrature wrote to the CNIL to request a appointment to talk about the organization’s role in these particular cases, especially in Marseille’s. Last year’s work of the CNIL steering comittee and the case law concerning “Reporty” , which revealed the lack of a legal basis, foreshadow a clear conflict common to this kind of project. After several requests, we finally received a letter at the end of June, which, to say the least, crushes our expectations. Isabelle Falque Pierrotin, president of CNIL, wrote to us:

The CNIL will be very careful about the developement of these kind of devices which, clearly, could cause high risks for the rights and freedoms of individuals (…) I have sent an email to the Mayor of Marseille, emphasizing the urgent need to take into account the European Union’s new ruling related to the protection of personal data, as was issued by the [Directive (UE) 2016/680] of the European Council and the [Règlement (UE) 2016/679] of the European Parliament. As for a project aiming to exploit on a large scale data which is potentially identifying and particularly sensitive (infractions, health, social status, location, opinions, etc.) by means of an innovative technological tool oriented towards the mechanisation of combining information originating from diverse sources and collected for different purposes, involving surveillance, evaluation, and prediction, I have strongly drawn his attention to the obligation that falls upon him to procede with an analysis of the impact of the proposed treatment on privacy and the freedoms of persons concerned. The Commission will follow attentively the way in which the City has appreciated the relevance and proportionality of the data and operations on which it intends to rely, such as the compatability of purposes for reusing information with the purposes for which the collection of that information had intially been authorised. The Commission will also commit itself to overseeing that the exploitation of this data, under the proposed conditions, does not conflict with the legal provisions framing their treatment, and that the legitimate interests of individuals have been sufficiently taken into account. Finally, it will be very careful as to the technical and organisational measures taken by the city to guarantee an appropriate level of security for information.”

“Vigiance”, “Impact analysis”, “continuous tracking”. As correct as the technical diagnosis may be, so the outlined response is related to a worrying laissez-faire. For us, it is evident from the documents obtained, that, in the absence of an ad hoc legislative framework and, as emphasized in the Reporty affair by the CNIL itself , these devices are illegal. While everyone derides the entry into force of new European laws on privacy, it is in the least remarkable to witness such techniques, fundamentally contrary to the underlying principles of these laws, implemented into the core of our cities.

As for the studies of their impact on privacy, which the CNIL magically pulls out of the hat, they are not incorporated in the current projects (or merely in very vague terms). If they are finally undertaken, we have the right to believe that the chosen service providers will be asked to implement these at the very end of the experiments. The CNIL’s wait-and-see approach allows enough delay for the Ministry of the Interior to come up with a bill on “Police 3.0” fancied by Gérard Collomb, in order to legalize the whole lot .

In short, if we do not want to be confronted with the fait accompli (as with the Intelligence Act in 2015), it is not vigilance which we need, but the suspension of all these projects for Smart City policing. And what we definitely need are people in the field able to hold in check these technocrats obsessed with controlling us.