After months of discussions, the State and the organizers of the 2024 Olympic Games in Paris have chosen to entrust Atos with the sensitive data of the Games, which were initially to be hosted by the Chinese e-commerce giant Alibaba, official sponsor of the CIO, learned AFP from concordant sources.
“We will arrive at a pragmatic and intelligent solution”, slipped to AFP Christophe Dubi, Olympic Games director for the International Olympic Committee (IOC) during a visit to Paris at the end of August.
According to industrial sources and close to the Olympic community, the choice was made to hire the French company Atos to act as a “trusted third party” and ensure the management of sensitive data, in particular personal data, on behalf of Alibaba, which will also retain direct management of all other data.
The situation was indeed quite complex and the subject of meetings for almost a year at the highest level of the State, in particular with the National Authority for the Security and Defense of Information Systems (Anssi).
It was planned that Alibaba, as one of the IOC’s “top sponsors”, would notably house the file of accredited members of the Paris 2024 Olympic and Paralympic Games in its “cloud”.
But on discovering that this file, which includes tens of thousands of contact details (guests, public authorities, media, etc.) was the responsibility of this Chinese company, the French State, in particular the Ministry of the Interior, had been seriously crumpled. , had reported to AFP in the fall of 2021 several sources.
– “Risks of exfiltration” –
Can we leave personal data of French police officers in a file hosted by a Chinese company, these sources then protested.
This fear is relayed in a provisional report by the Court of Auditors on security submitted this summer: the accredited file will process “a large volume of personal data and state data. This data is particularly sensitive and incompatible with hosting by Alibaba”. , writes the Court. And to note “the risks of exfiltration of the databases of the Olympic information systems for strategic purposes or economic espionage, of exploitation of the interconnections between the Olympic information systems and those of the various State services , or even pre-positioning to carry out subsequent actions, or even cutting off the operation of infrastructures in the event of international tensions”.
She concludes by asking for “an arbitration as soon as possible”.
– Servers in France –
Asked by AFP about this arbitration, the Paris Olympics organizing committee (Cojo) explained this week that it was seeking to “guarantee the best standards in terms of data protection” and is working with its partners to “ensure data protection during the Games in compliance with European GDPR rules”, the European General Data Protection Regulation and “will share the result of its work soon”.
For its part, Alibaba, questioned by AFP, indicated that it did not comment on “rumors” or “speculations”.
It must be said that this sporting-diplomatic-technical-economic affair takes place largely behind the scenes. Along the way, the Commission Informatique et Libertés (Cnil) was also put in the loop and played its advisory role.
Important point: Alibaba will pay Atos for this role of “trusted third party” and the hosting of this sensitive data, which will also be physically hosted in France, we also learned from concordant sources.
An industrial source also told AFP that the Atos cloud that will be used is the one dedicated to its military and security contracts with the State. As for the data in transit to this infrastructure, they will be encrypted, it was further specified from the same sources, so that there is a perfect seal.
According to these sources, the Paris Olympics organizing committee will not have any additional expenses related to this operation, at a time when it examines each line of its budget due to a budget revision at the end of the year. year that will lead him to find savings.