The French government is teaming up with the ethical hacking group YesWeHack to help maintain the integrity of the new France Identité application. France Identité is part of the country’s ongoing digital transformation efforts, and is designed to eliminate the need to photocopy identity documents in interactions with various businesses. Instead, France Identité will give people a way to send a verified, single-use digital version of a physical ID.
YesWeHack, meanwhile, runs a Bug Bounty program that tries to find vulnerabilities in a piece of software. Clients are only asked to pay for each flaw the YesWeHack team discovers, and in return YesWeHack gives those clients the opportunity to fix major security flaws before the software goes out to the general public, or before it reaches hackers with less pure intentions.
In France’s case, the France Identité Bug Bounty program is a collaboration between YesWeHack and several French government agencies, including the Ministry of the Interior, the Ministry of Justice, the Ministry of Transformation and Public Service, and the State Secretariat for Digital Affairs. The agencies are hoping that the partnership will help uncover any glaring security problems, and allow the government to deliver an app that can protect the personal information of the French citizens who end up using it.
To that end, the actual Bug Bounty program will take place in three stages. The first private phase will kick off in June of 2022 with a smaller, hand-picked team of roughly thirty ethical hackers. YesWeHack and France Identité will gradually expand that team during phase two, before moving onto a public Bug Bounty with phase three.
The public phase of the program will continue indefinitely, which means that hackers can claim a reward any time they discover a bug. It also means that France Identité will constantly be sharing code and probing its own platform to guarantee security. YesWeHack’s own hacking network includes tens of thousands of ethical hackers from all over the world.
Of course, France Identité is not the first organization to turn to the community to demonstrate its strength. FaceTec has offered to pay out a bounty to anyone who can spoof its systems for several years, and recently upped the reward to $200,000 for a successful hack.