In the era of digital identities, does the individual remain in control of his own identity?

2023-06-02 06:00:00

Identity theft is an old phenomenon, but today, with the proliferation of digital networks and online platforms and services, it has really taken a new turn. Indeed, many hackers are finding new and sophisticated ways to scam their victims and impersonate them. This disturbing phenomenon affects individuals but also businesses.

With digital, identity fraud is changing scale

The pandemic has been a real ” bargain “ for cybercriminals. In 2019, the Central Directorate of Border Police (DCPAF) thus detected 3,510 cases of identity fraud linked to the fraudulent use of a document, an increase of 27% compared to 2018. In 2019, 8,881 bearers of false documents were arrested by the PAF for 16,194 false documents.

Another disturbing phenomenon has emerged: fraudsters are more organized and use more sophisticated techniques, based on identity theft, with errors that are more difficult to detect (photo quality, font error, etc.). .). In addition to individuals, companies are also increasingly victims of this phenomenon. The criminal group Cosmic Lynx, thanks to a sophisticated tactic of identity theft by compromising professional emails, has trapped more than 200 organizations in 46 countries.

Identity fraud affects many areas such as taxes, banking and credit, insurance, fines and reports, health, etc… This phenomenon is intensifying and remains difficult to control, at such to the extent that Interpol is concerned about it, particularly for the links with organized crime and the financing of terrorism.

However, nowadays, a user must justify his civil identity or his digital profile to the public authorities, an administration or an online platform a number « incalculable » times, which is not without risk. An identity hosted by one of the GAFAMs (Google, Amazon, Facebook, Apple and Microsoft) is certainly very useful, but having it stolen creates very serious problems and interferes with civil identity. You have to read the testimonies of people who had their identities stolen to understand the extent of the ordeal experienced.

In the 21st century, in the era of the information economy, identity takes on a very high market value and comes at a high price. Whoever has personal data thus exercises real power and becomes considerably richer. With digital technology, identity theft has really taken on another level.

A phenomenon that is difficult to quantify

The phenomenon of identity theft or theft is difficult to measure because it is multifaceted and cross-border. In France, the state 4001 [1] exclusively counts the facts, presumed crimes or offences, brought to the attention of the police services and gendarmerie units for the first time and recorded in a procedure transmitted to the judicial authority. It comprises three categories: false identity documents, false documents concerning the circulation of vehicles, other false administrative documents. Between them, for 20 years, these categories total between 14,000 and 16,000 procedures per year.

A procedure can relate to multiple identity frauds but we assume that many cases are not the subject of a procedure. A Credoc investigation [2] of 2009 estimated that more than 210,000 people are victims of this crime each year in France, and that the consequences of the problem are “Widely underestimated by the authorities”. Identity theft is not an offense in itself under French law. It can only be associated with another crime, such as theft. The penal code punishes “taking the name of a third party” only if the victim incurs a criminal conviction as a result of the acts committed by the usurper. [3]

An ancient phenomenon

Identity theft is not a new phenomenon. The Martin Guerre case is one of the first legal cases of identity theft judged in Toulouse in 1560, and therefore documented. Martin Guerre, who had left his family and his village, filed a complaint against Arnaud du Tilh who usurped his identity for three years, even cheating on his wife [4]. At this time, it is the memory of physical appearance and memories of past events that provide proof of identity.

Since Antiquity, knowing the identity of their citizens or their subjects has allowed the Greek cities and the Roman Empire (census), the monarchy (ordinance of Villers-Cotterêts in 1539, ordinance of Saint-Germain-en -Laye in 1667) or the French Republic (decree of the Legislative Assembly of 1792 formalizing civil status, establishment of the family record book under the Third Republic in 1871) to control, govern, affirm and exercise power.

Identity has therefore passed through several stages: biological by inheritance of DNA transmitted by the parents; by the census; through civil registration; digital with the use of a username and password.

Towards a self-sovereign digital identity

So, in the age of digital networks and the proliferation of online platforms and services, who can you trust, if not yourself? This is the credo of the proponents of self-sovereign identity, a digital identity management model in which an individual or a company, in control of their identity, has the exclusive ability to control their accounts and personal data, without the intervention of a third administrative authority.

The European Union wants to develop a European digital identity wallet along these lines. The dematerialization of services, the digitization of exchanges and teleworking amplify the need for authentication and verification of remote identities. In this context, companies and organizations face three challenges: secure operations and fight against fraud, offer the best user experience (simplicity, speed, efficiency) and comply with regulations.

This question of the European portfolio is also debated in trilogue by the European Commission, the European Parliament and the Council of the European Union prior to the vote on a new version of the IDAS regulations. [5], which applies to electronic identification, trust services and electronic documents. For the time being, the increasingly secure titles become almost unforgeable when the issuing process is infallible, but they cannot be used online. The new European regulation thus aims to establish an interoperability framework for the various systems set up within the Member States in order to promote the development of a sovereign digital trust market.

The new version of eIDAS is ambitious because it provides for the creation of a secure digital market for individuals who will then be able to access digital services with the same level of security and recognition, everywhere in Europe. User experiences will also be simpler and more efficient for citizens who will retain control over their personal data. Finally, companies and organizations will be able to secure their exchanges with their customers and partners while reducing the risk of fraud. This is a new digital revolution for Europe, as much as a sovereignty and leadership issue.


[1] “The 4001 statement is an administrative document, useful for the functioning of the services of the Ministry of the Interior. In terms of transparency on its activity, it must be made available to the public.. It is available in open data here

[2] Research center for the study and observation of living conditions.


[4] This incredible story was the subject of a film made in 1982 with Gérard Depardieu and Nathalie Baye.

[5] Electronic IDentification Authentication and trust Services.