On social networks, this app which wants to help fight against the abstention of 18-30 year olds is facing a wave of criticism concerning computer flaws and the use of data.
With more than a million downloads in just two weeks, the Elyze application is a hit with young people. The principle is simple, justswipe” the proposals of the candidates on the right or on the left for the algorithm to determine which “matchwith the user. The goal is to avoid the abstention of 18-30 year olds in the next presidential election. The application created by two students, Grégoire Cazcarra and François Mari, aims to be “free, non-partisan and ad-free“.
But since last week, Elyze has been under fire from critics, especially on Twitter, even attracting the attention of the National Commission for Computing and Liberties (CNIL). In question ? Computer flaws, mostly resolved, assure its creators. It all starts with a tweet from Jean-Luc Mélenchon. The candidate of France Insoumise reports that despite the approval of all the proposals, it is Emmanuel Macron, Anne Hidalgo and Yannick Jadot who respectively finish first, second and third in the ranking.
Discovered flaws out of curiosity »
Mathis Hammel, cybersecurity expert, then became interested in the platform’s computer code, “just out of curiosity“. In case of equality of candidates, he observes that the algorithm displays the original order in which the names were entered by the developers, thus creating an artificial podium. “From now on, it is the alphabetical order that prevails when a tie is detected between several candidates», indicates Grégoire Cazcarra.
Another loophole allowed Mathis Hammel to modify one of the proposals affiliated with Emmanuel Macron. He erased one to replace it with “Fire Jean Castex and appoint Mathis Hammel in his place“. If he only left her for a few minutes, the expert was worried about the “risk of being able to manipulate electoral programs“. He immediately contacted the developers of the application who solved the problem overnight.
“I could have found this flaw much faster if the code had been released as open source», That is to say publicly, mentions Mathis Hammel. He adds that “this allows a certain algorithmic transparency and reinforces the confidence of users“. The two co-founders specify that “their team is actively working on it to share it as soon as possible possible”.
Concerns over the resale of data
In addition to these flaws, many concerns turn to the use of user data. As soon as Elyze is launched, they are invited to indicate their gender, date of birth, postal code, but also the name of the candidate for whom they voted in 2017 and their voting intention for 2022. Mathis Hammel points to a study , where the American expert Latanya Sweeney found in 1998 that 87% of the American population could be identified via “three indirect identifierswhat are gender, date of birth and postal code. For his part, Grégoire Cazcarra points out that “this information is optional and that Elyze works the same way with or without this data“.
Some also wonder about a possible resale of usage data to third parties. This is the case of François Malaussena, political commentator on Twitch, who underlines the “risk that two unsupervised strangers have in their hands one of the probably most powerful databases in French political history. That parties would pay dearly to have.»
Read alsoSmartphone, battery level or chat duration… WhatsApp clarifies its collection of personal data
Once again, Grégoire Cazcarra defends himself: “The data will never be communicated to a campaign team, a political party or a partisan formation”. But he does not exclude that they can be used for “to create reports on the political opinion of young people via think tanks or polling institutes. If we do, we will inform users in advance and in a transparent manner“.
The CNIL is looking into the subject
Faced with these criticisms, the CNIL decided to take an additional interest in it, indicating to AFP on Monday that it was going to check that the application complies with the regulations on the “sensitive data”. The French policeman of personal data “cannot comment on the compliance of this application as it stands” corn “we have been alerted and (…) we are examining its operation”, he assures, reserving the possibility of “use its powers of repression” in the event of a breach of the General Data Protection Regulation (GDPR). “In general, this type of application must provide strong guarantees to protect the data of its users”, explains the regulator “Compliance with these obligations is particularly necessary when sensitive data (data that reveals political opinions) is processed”, he adds, pointing out that “the collection of this data is in principle prohibited, except in exceptional cases, for example if the explicit consent of the people is collected”.
In order to avoid new controversies, the Elyze team, which had expressed its desire to get closer to the CNIL, has set up an email address to report any “criticism, remark or suggestion», entitled [email protected]. The co-founders also report that they consult specialist lawyers to comply with the GDPR.