The health pass of the President of the Republic had been circulating for 48 hours on social networks: it was finally reported as “fraudulent”, as was the case for that of Jean Castex a few days ago. The Élysée says it has identified those responsible for this leak.
The QR Code which provides access to Emmanuel Macron’s original health pass has been circulating since September 20, 2021 on several social networks, as echoed by several French media the following day. In just a few seconds, it is possible to find another screenshot online, Numerama was able to verify. Europe 1 also obtained confirmation that it was indeed the pass of the French president.
The administration was quick to react by putting this QR Code on a sort of virtual “blacklist”: now, if we scan the code in the TousAntiCovid application, a message is displayed: “ This certificate appears to be used fraudulently. If this certificate does not belong to you, you risk a fine of 45,000 euros and 3 years imprisonment. “
However, it remains technically usable, and we see the president’s date of birth, the date of his last injection and with what type of vaccine (in this case, Pfizer).
A similar warning is displayed if a person scans the code with TousAntiCovid-Verif, the application that checks that a person has a valid health pass (i.e. a vaccination certificate). , either a recent negative PCR test or a certificate of recovery): ” Please note: the health pass you just scanned has been reported as fraudulent! Can we read in red.
This necessarily means that one or more people have had access to the QR Code that leads to Emmanuel Macron’s health pass (in this case, a vaccination certificate), and shared it even though they did not. were not allowed to. How do we know where the leak could have come from?
How did Emmanuel Macron’s health pass leak?
The reasons for such a leak could have been multiple, especially when its owner is such a well-known public figure. It is even possible that there was not just one vanishing point, but several. This is what seems to have happened.
During the past 48 hours there was some doubt as to how this QR Code had leaked, but the government finally cleared things up with Agence France Presse on September 22. He announced that officials (plural) had ” been identified “. ” Health professionals who have had irregular access [au QR code du chef de l’Etat], in violation of the code of ethics which is binding on them, were identified by the National Health Insurance Fund (Cnam) in the Covid Vaccine database », We can read.
This hypothesis was one of the most probable. Since the start of the vaccination campaign in France, some members of the nursing and paramedical staff (doctors, pharmacists, etc.) have access to a database that allows you to consult the status of all people vaccinated, by simply entering their number. social security in the search engine. They can get their hands on ” the QR Code, the date of vaccination, the vaccinating doctor and the type of vaccine », Explained to us a person having access to this file. This is also how some were able to look at the vaccination date of Emmanuel Macron (who also had an entry error) in the summer of 2021.
However, be aware that when an aggregate professional consults this database, his virtual visit is recorded and logged virtually. It is therefore possible to know who opened the file concerning Emmanuel Macron’s vaccination status, and when. It is therefore for this reason that the Élysée was able to communicate the fact that they had supposedly identified the people responsible for the leak, who would have acted ” either by negligence or by wrongdoing According to the government.
A question arises, however: have the authorities succeeded in targeting exactly the people who leaked the president’s health pass, or have they just, for the moment, listed the number of professionals who have consulted his “file” ( knowing that it is possible that some have allowed themselves to take a look at the president’s file, out of curiosity, without sharing it afterwards)?
QR Codes are never 100% secure
Another possibility could have been that Emmanuel Macron’s QR Code was recorded by a malicious person during a scan at the entrance of a place where they are mandatory. Normally, the managers of establishments open to the public and their employees must use the TousAntiCovid-Verif application to scan the codes at the entrance. The app, despite some limitations, is rather well done: it does not allow the person to take a screenshot of the QR Code, or even the personal information to which it is attached.
On the other hand, if someone uses another (unofficial) application than TousAntiCovid-Verif to scan a code, they could potentially take a screenshot of the Code, or even just take a snapshot of it discreetly before using TousAntiCovid. -Verif in stride. This hypothesis had been formulated by Eric Bothorel, LREM deputy interviewed by Checknews de Liberation, who considered it probable that the leak would come ” from a malicious person who would have registered the President’s health pass instead of scanning it, using an application other than TousAntiCovid Verif. “
This is obviously not what happened in the case of Emmanuel Macron this time, but this risk is very real and it should be kept in mind when you have your health pass scanned by a third party. anybody.
Jean Castex’s health pass was leaked a few days ago
A few days earlier, it was the Prime Minister’s health pass that had been reported as potentially fraudulent. The reasons for the leak of Jean Castex’s QR Code (more precisely, of the 2D-DOC) were more easily identifiable: the minister had shown his pass in his smartphone during a trip on September 13 in a Clamart nursing home, and a photographer had immortalized the scene.
Unfortunately, Jean Castex’s code had not been blurred before the photo was used by the media, who also failed to anonymize him. Result: anyone with access to the original photo could zoom in and scan the 2D-DOC in the TousAntiCovid application, and thus retrieve the QR Code of the Prime Minister’s health pass.
Moral of the story: under no circumstances should the QR Code of a health pass be shared on social networks or elsewhere. If you have any doubts about the security of your pass, you can generate a new code since September 21, 2021 by going to the Ameli.fr website. Clicking on ” my vaccination certificate ”, You generate a PDF on which the code is modified each time.