Europe's eIDAS 2.0: a threat to modern web security?

A

Alfonso Maruccia

Posts: 1,003   +301
Staff
The big picture: The Council of the European Union is preparing a new set of rules for secure electronic communications and identification. eIDAS 2.0 goes backward, however, adopting a security model which has been long abandoned by modern browsers and internet platforms.

eIDAS, or "electronic IDentification, Authentication and trust Services," is the set of rules adopted in Europe to enable secure online transactions across the European single market. Every member state must adopt the eIDAS rules, and the same applies to organizations and companies that want to provide public digital services there.

The European Council – one of the two legislative bodies of the EU – has recently adopted a new revision of eIDAS, mostly regarding a European Digital Identity Wallet to store personal information about European citizens in a government-issued app. eIDAS 2.0 also contains revised rules for digital certificates, a new model that according to digital activists and non-profit organizations, is a giant step backward for modern internet security.

According to the Electronic Frontier Foundation (EFF), the gist of the issue is in Article 45.2 of the new eIDAS rules: the European Union is now proposing that web browsers and other internet ventures must support "qualified web authentication certificates" or QWAC, issued by designated Qualified Trust Service Providers (QTSP).

If Article 45.2 is approved, European member states could essentially act as Certificate Authorities (CA) with superpowers: a QWAC certificate issued this way must be trusted by web browsers no matter what, as QTSP providers are approved by EU regulation and not by the browser-making company. Even if the certificates were compromised, the browsers would be obliged to trust them anyway.

The EU is essentially proposing a return to the old model of Extended Validation (EV) certificates, EFF remarked, a security system which didn't work that well and that has been long abandoned for the current system based on HTTPS encryption with Domain Validation (DV) certificates. Browsers can choose which CA can be trusted, so that they can swiftly remove them when something fishy is going on.

Article 45.2 of the new eIDAS rules is enforcing an outdated model in an attempt to take away power from Big Tech and give it back to individuals on the web through regulation, the EFF stated. As it is now, the non-profit organization remarked, Article 45.2 makes web security "harder to achieve and enforce, making the internet a less safe place for everyone."

Permalink to story.

https://www.techspot.com/news/96936-europe-eidas-20-threat-modern-web-security.html

 
I am a bit torn, I am a proponent of a verified digital identity, a centralised ultra secure system that handles my identity privately without Zuckerbergs and Musks. But one the other hand if you are an activist, in Hungary, Poland or Italy that increasingly look like dictatorships, being ejected from the system with one click is a power that these governments shouldn't have. This is what Forbes reported .... "Ultimately, once properly set up, this form of identification system should be able to simultaneously replace everything from basic logins for everyday website access all the way to driver’s licenses and passports. Despite all being tied to one identity, it will still represent a massive step forward in privacy, security, and user control."
 
  • Like
Reactions: Pop Mihai Ioan
alexnode said:
I am a bit torn, I am a proponent of a verified digital identity, a centralised ultra secure system that handles my identity privately without Zuckerbergs and Musks. But one the other hand if you are an activist, in Hungary, Poland or Italy that increasingly look like dictatorships, being ejected from the system with one click is a power that these governments shouldn't have. This is what Forbes reported .... "Ultimately, once properly set up, this form of identification system should be able to simultaneously replace everything from basic logins for everyday website access all the way to driver’s licenses and passports. Despite all being tied to one identity, it will still represent a massive step forward in privacy, security, and user control."
Click to expand...
Italy is no longer pushing folks to unemployment for refusing the jab.
Sounds way more free to me compared to a few months before
To sum up your opinion - centralization by woke good, centralization by non-woke bad
 
  • Like
Reactions: AlaskaGuy and psycros
alexnode said:
I am a bit torn, I am a proponent of a verified digital identity, a centralised ultra secure system that handles my identity privately without Zuckerbergs and Musks. But one the other hand if you are an activist, in Hungary, Poland or Italy that increasingly look like dictatorships, being ejected from the system with one click is a power that these governments shouldn't have. This is what Forbes reported .... "Ultimately, once properly set up, this form of identification system should be able to simultaneously replace everything from basic logins for everyday website access all the way to driver’s licenses and passports. Despite all being tied to one identity, it will still represent a massive step forward in privacy, security, and user control."
Click to expand...

Poland...a dictatorship? WTF are you on about?
 
  • Like
Reactions: AlaskaGuy
Hexic said:
Disillusioned, easily influenced, and easily buyable government officials.

And they're almost as effecient as the UN Security Council!
Click to expand...
As I understand it. each member state elects their government. Then those governments in power then privately select who sits/governs the EU. Its not a great system.. It would be better to run a European general election. It would be marginally fairier and the public would have more of a say on who runs things (rather than politicians that are potentially open to corruption). BUT unless it's challenged it will never change.. unless more states decide to leave the EU (We can only hope).
 
  • Like
Reactions: Hexic and AlaskaGuy
Ravey said:
As I understand it. each member state elects their government. Then those governments in power then privately select who sits/governs the EU. Its not a great system.. It would be better to run a European general election. It would be marginally fairier and the public would have more of a say on who runs things (rather than politicians that are potentially open to corruption). BUT unless it's challenged it will never change.. unless more states decide to leave the EU (We can only hope).
Click to expand...
What are you smoking ... Alex Jones chewing gum? The European Council is made up of the heads of state or government of all EU countries, the European Council President, and the European Commission President. It is convened and chaired by its President, who is elected by the European Council itself for a once-renewable two-and-a-half-year term.
So the elected leaders gather together and elect a president.
The MPs in the European parliament are directly elected by the public at the Euro elections every 4 years.
As for Poland and Hungary there are some serious issues with the legislative branch in these countries. Part of being a member of the EU is to have a sovereign independent judicial system. Hungary and Poland turned the courts to political branches ... which in turn can result to situations like Russia and Turkey where most leaders of the opposition can end up in jail.
 
alexnode said:
What are you smoking ... Alex Jones chewing gum? The European Council is made up of the heads of state or government of all EU countries, the European Council President, and the European Commission President. It is convened and chaired by its President, who is elected by the European Council itself for a once-renewable two-and-a-half-year term.
So the elected leaders gather together and elect a president.
The MPs in the European parliament are directly elected by the public at the Euro elections every 4 years.
As for Poland and Hungary there are some serious issues with the legislative branch in these countries. Part of being a member of the EU is to have a sovereign independent judicial system. Hungary and Poland turned the courts to political branches ... which in turn can result to situations like Russia and Turkey where most leaders of the opposition can end up in jail.
Click to expand...
The European Council is a bunch of non elected losers. Get back to us when the European Council is elected by the actual voters.
 
  • Like
Reactions: Ravey
You must log in or register to reply here.

Similar threads

A
European digital identity (eID) is almost here, provisional agreement reached at EU Council
Replies
12
Views
407
Lola1
L
midian182
TikTok faces US ban if ByteDance fails to sell app
Replies
12
Views
248
Sir Sparkles
Sir Sparkles
midian182
  • Locked
Sam Bankman-Fried has been sentenced to 25 years in prison
2
Replies
33
Views
446
Squid Surprise
Squid Surprise

Latest posts

Back