The petition platform put online by La France Insoumise has several flaws and appears to take some liberties with the general data protection regulation.
:quality(50)/2024/07/04/linhlan-avatars-live-6686bd33cb2bc793646363.png){kind=avatar}
Published
Updated
Reading time: 4 min
:quality(50)/2024/09/02/000-36f47cg-66d5c88d1291f991710501.jpg)
For La France Insoumise, Emmanuel Macron must go. An impeachment procedure against the President of the Republic and a petition in support of this approach were launched on Saturday, August 31, by the left-wing party. The latter accuses the head of state of “authoritarian drift (…) unprecedented“, on the grounds that he rejected the candidacy of Lucie Castets, candidate of the New Popular Front for Matignon. On Tuesday, at 7 p.m., the counter on the website of the petition, called “Macron, dismissal!”, claimed nearly 196,000 signatories.
“Petition for Macron’s impeachment nears 200,000 signatures“rejoiced the rebellious deputy Antoine Léaument, Monday, on his X account. But this enthusiasm is being called into question. “The vote counter for the petition is fake”accused an Internet user on Sunday in a tweet shared nearly 900 times. So, what are the signatures collected by the LFI petition worth? Franceinfo takes stock with several experts.
Is the vote counter really “can” ? The Internet user who claims this is referring to a “simple hand-entered text box”. Others point out that the counter is not updated in real time. When questioned, La France Insoumise assured franceinfo that the count is “well automated” and not manually updated. “The server calculates the number [des signatures] and inserts it into the page it sends to the client [logiciel servant d’intermédiaire entre le serveur et l’utilisateur du site]“, assures the party. The displayed total is updated “regularly”according to the same source.
An explanation deemed credible by another computer engineer, specialized in development, interviewed by franceinfo: “For example, every evening the server can count the number of signers and update the page. However, it is easy to fake this number”he said, speaking on condition of anonymity.
In order to test the reliability of this counter, franceinfo tried to sign the petition twice with two different email addresses. Each time, a confirmation email of the vote was sent to us. At the time of signing, no identification code to prevent spammer robots was asked. The absence of this verification test, called “captcha”, means that “n“Anyone can automate the filling of this form, thereby artificially inflating the figure”estimates cybersecurity researcher Baptiste Robert, contacted by franceinfo.
This observation is shared by Théophile Marchand-Arvier, web developer in a start-up. “With a few lines of code”it is possible to “generate two million signatures in two hours” on this site, he assures franceinfo. “The petition system is not stupid, but each time it is poorly executed. You can provide information on anything.”he laments. Questioned by franceinfo, La France Insoumise nevertheless assures “count each email only once” and block “IP addresses [adresse unique identifiant un appareil sur Internet] who try to fill out the form multiple times, to avoid signatures by bots”. “I can assure you that they do not block the IP”disputes Théophile Marchand-Arvier.
Furthermore, to confirm participation in the petition, it is not required to click on a link received by email. This practice, which precisely limits the risk of automated signatures by robots, is used for example by the online petition site Change.org, a platform that meets the criteria of neutrality, data protection and diversity of points of view defined by the Economic, Social and Environmental Council.
When a petition is distributed online, the platform manager has an obligation to ensure that the collection of data provided by the signatories is carried out in compliance with the General Data Protection Regulation (GDPR). “The user must know what is being done with his data. We owe him the greatest transparency”explains to franceinfo Joséphine Weil, lawyer in intellectual property law and new technologies. Otherwise, the manager risks being sanctioned by the National Commission for Information Technology and Civil Liberties (CNIL).
The page hosting the petition refers to the legal notices of the La France Insoumise website, which states that the personal data collected “are exclusively reserved for use” of the party and “that they are processed for the purpose of political communication operations and fundraising”.
“This could have benefited from more precision and transparency, with the drafting of a confidentiality policy more specific to petitions.”
Joséphine Weil, intellectual property lawyerto franceinfo
The GDPR also requires the platform manager to specify how long the signatories’ data will be kept or, failing that, the criteria used to determine this duration. “It is prohibited to keep the data of a natural person for an indefinite period”recalls Joséphine Weil. However, the legal notices of LFI make no mention of this duration. For comparison, the Change.org platform mentions it in a very detailed manner on its site.
“We can see that the site was made quickly and that it is not very well done”deplores researcher Baptiste Robert, founder of the company Predicta Lab.Its sole purpose is to surf the news in order to collect emails”he says.