No stranger to controversies since its launch, the Parcoursup selection tool is making headlines again. This time, it is the security of its source code that is of concern.
It is a strange court decision which has just been published on the website of the Ministry of Education. In legal information letter No. 288 dated January 2024, rue de Grenelle takes stock of the security of the Parcoursup source code. And by the institution’s own admission, the higher education admissions platform seems relatively insecure.
A risk of attacks on “administration information systems”
Following a request from the Ouvre-Boîte association, the Commission for Access to Administrative Documents (CADA) issued a favorable opinion on the publication of the source code of the tool. The request having remained a dead letter for a long time, the association filed an appeal before the administrative court. The latter went against the grain of the CADA decision and therefore exempted the State from making the Parcoursup algorithm public.
If the transparency desired by the Code of Relations between the public and the administration takes a hit, it is above all the reasons given by the common law jurisdiction which are surprising here. As it is written in the letter from the Ministry of Education, the publication of the code would be unthinkable, because it would include “numerous vulnerabilities, the resolution of which involved carrying out work whose foreseeable duration amounted to several years“.
To put it more simply, the source code of the platform will remain secret so as not to encourage hackers to look for flaws.susceptible[s] to undermine the security of the administration’s information systems», Adds the administrative court. This decision is based in part on “the recommendations of the external cybersecurity service provider of the ministry responsible for higher education.»
Security through confidentiality
As the Public Actors site notes, the ministry assumes this position of “security through confidentiality» and even admits that “the deficiency or even obsolescence of part of the Parcoursup code makes this security measure necessary“. Enough to leave you perplexed as to the data protection provided by the platform.
This is far from the first time that Parcoursup has attracted criticism. In 2019, the site was the victim of a bug which left 67,000 registrants in trouble. Ditto in 2023, where 84,000 candidates were still without assignments at the beginning of July. Unfortunately, without publishing the source code, it is impossible to understand exactly the reasons behind these bugs.
Source : Public actors
1