Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections : europe

[+] TheLurker@lemmy.world 79 points 1 year ago* (last edited 11 months ago)

[deleted]

[-] kbal@fedia.io 19 points 1 year ago* (last edited 1 year ago)

Considering that this has been in the works for ~~a year~~ two years already and there haven't been any reports of banks and insurance agencies objecting, your version of "it can't happen here" seems less than fully convincing.

[-] Vincent@kbin.social 14 points 1 year ago

Mozilla says that it's fairly close to passing though: https://last-chance-for-eidas.org/

[-] Mixel@feddit.de 7 points 1 year ago

I can only hope that this is what is going to happen. It's a stupid idea and I have no clue why noone things about the consequences and evaluates if it's for the better or worse..

[-] Cannacheques@slrpnk.net 3 points 1 year ago

Agreed. PwC, big banks and the internet as a whole would stand against such policy, giving institutions the power to destroy the very basis of internet trust is simply asking for the entire system to become discredited

[-] bedrooms@kbin.social 44 points 1 year ago

Sorry, but this is on the level where I'll never trust EU... I rather liked this organization but this makes no sense.

Like, which children to protect are going to be manufactured this time?

[-] jman6495@lemmy.ml 24 points 1 year ago

If it is any reassurance, not even the EU trusts the EU to control internet security: Parliament voted this down in its position, but member states are trying to bring it back. MEPs are fighting to ensure control remains with browsers.

[-] Vincent@kbin.social 6 points 1 year ago

I think the EP voted down Chat Control for now, but this is a different thing.

[-] jman6495@lemmy.ml 4 points 1 year ago

It did, but we are also fighting against eIDAS. I'm told last night's deal supposedly solves the problem, but I'm waiting for the text myself. (I worked on eIDAS in Parliament, my committee (Legal Affairs) recommended the complete deletion of Art45.

[-] Vincent@kbin.social 3 points 1 year ago

Let's hope so, feels like orgs were able to build up a reasonable amount of pressure in such a short amount of time.

[-] Vincent@kbin.social 4 points 1 year ago

It does kinda depend on whether this manages to actually pass...

[-] autotldr 6 points 1 year ago

This is the best summary I could come up with:

Lawmakers in Europe are expected to adopt digital identity rules that civil society groups say will make the internet less secure and open up citizens to online surveillance.

Thus, using a proxy in a man-in-the-middle attack, that government can intercept and decrypt the encrypted HTTPS traffic between the website and its users, allowing the regime to monitor exactly what people are doing with that site at any time.

How that compares to today's surveillance laws and powers isn't clear right now, but that's the basically what browser makers and others are worried about: government-controlled CAs being abused to issue certificates to websites that allow for interception.

An authority purge of this sort occurred last December when Mozilla, Microsoft, Apple, and later Google removed Panama-based TrustCor from their respective lists of trusted certificate providers.

"Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government," the Electronic Frontier Foundation (EFF) warned on Tuesday.

Mozilla and a collection of some 400 cyber security experts and non-governmental organizations published an open letter last week urging EU lawmakers to clarify that Article 45 cannot be used to disallow browser trust decisions.

The original article contains 965 words, the summary contains 196 words. Saved 80%. I'm a bot and I'm open source!

[-] 0x815@feddit.de 5 points 1 year ago

https://nitter.cz/Rob_Roos/status/1722304545676497141?t=SDb1qsGpMC8CtZmNdc70mQ&s=19

The European Parliament and Member States just reached an agreement on introducing the Digital Identity, #eID.

Directly afterwards, #EU Commissioner Breton said: "Now that we have a Digital Identity Wallet, we have to put something in it...", suggesting a connection between #CBDC and eID.

They ignored all the privacy experts and security specialists. They're pushing it all through.

[-] makeasnek@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

CBDCs are one of the greatest threats to freedom and liberty over the next 50 years. People should be very skeptical about giving this much control and surveillance power over to the government.

[-] DieguiTux8623@feddit.it 2 points 1 year ago

Are we doomed? After 08/11/23, yes we are.

[-] 0x815@feddit.de 3 points 1 year ago

As far as I understand, the parliament must vote now, but it doesn't look good. You may write to your MEP.

[-] DieguiTux8623@feddit.it 3 points 1 year ago

We should organize manifestations in streets and make it visible if we don't agree. Writing an email that just gets ignored seems polite but it hasn't worked so far.

[+] tal@lemmy.today 2 points 1 year ago

[deleted]

Europe

Rules