87
Last chance to fix eIDAS: Secret EU law threatens Internet security (last-chance-for-eidas.org)
submitted 1 year ago by 0x815@feddit.de to c/europe@feddit.de
5 comments fedilink hide all child comments

New legislative articles, introduced in recent closed-door meetings and not yet public, envision that all web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments.

The near-final text of the eIDAS (electronic identification, authentication, and trust services) will be presented to the public and parliament for a rubber stamp before the end of the year.

It enables the government of any EU member state to issue website certificates for interception and surveillance which can be used against every EU citizen, even those not resident in or connected to the issuing member state. There is no independent check or balance on the decisions made by member states with respect to the keys they authorize and the use they put them to.

This is particularly troubling given that adherence to the rule of law has not been uniform across all member states, with documented instances of coercion by secret police for political purposes.

all 6 comments
sorted by: hot top controversial new old
[-] Sigmatics@lemmy.ca -2 points 1 year ago

Honestly right now we're basically trusting a bunch of American companies to do the same job. What's different about this

[-] letmesleep@feddit.de 7 points 1 year ago* (last edited 1 year ago)

Honestly right now we’re basically trusting a bunch of American companies to do the same job. What’s different about this

That we can ditch them with relative ease. Besides, Mozilla isn't a company, it's a non-profit. And the root CAs it includes aren't all American. So there's already better alternatives than this. I'm all for the EU creating alternatives. But if those are good they'll be used without anyone having to be forced.

[-] 0x815@feddit.de 5 points 1 year ago* (last edited 1 year ago)

@Sigmatics

This forced browsers to accept certificates set by public authorities, banned additional security checks on certificates (such as Certificate Transparency) unless the EU agrees to them (and with the ongoing lobbying work we see in Brussels there's not much trust if I may say so), it stopped innovation, destroyed years of work in encryption, and created an environment prone to Man-In-The-Middle-Attacks.

[-] Microw@lemm.ee -4 points 1 year ago

They should include a system to independently check these approved/recommended certificate issuers.

But the calls to revert the whole process come from US companies who have their own interests.

[-] spacedout@lemmy.ml 9 points 1 year ago

First of, this is not a call to revert the process but to adhere to what was publicly announced, and not some last-minute backroom deal for authoritarian control. Second, those companies are mostly European, in addition to the hundreds of European cybersecurity experts who are signatories. Third, your solution is horrible.

this post was submitted on 02 Nov 2023
87 points (96.8% liked)

Europe

8324 readers
1 users here now

News/Interesting Stories/Beautiful Pictures from Europe 🇪🇺

(Current banner: Thunder mountain, Germany, 🇩🇪 ) Feel free to post submissions for banner pictures

Rules

(This list is obviously incomplete, but it will get expanded when necessary)

  1. Be nice to each other (e.g. No direct insults against each other);
  2. No racism, antisemitism, dehumanisation of minorities or glorification of National Socialism allowed;
  3. No posts linking to mis-information funded by foreign states or billionaires.

Also check out !yurop@lemm.ee

founded 1 year ago
MODERATORS
poVoq@slrpnk.net