eIDAS 2.0 Revision Sparks Privacy and Security Alarm
The European Union’s revision of its digital identity law, known as eIDAS 2.0, is nearing completion and has sparked significant concern among security experts, browser providers, and privacy advocates. This proposed regulation aims to alter the current framework for web browser security and website authentication, in addition to introducing an EU-wide identification app, the EU ID Wallet. Critics argue that these changes, particularly those related to browser authentication, pose a grave threat to the security and privacy of internet users across the EU.
Article 45 of the eIDAS 2.0 has been specifically highlighted for its potential to enhance online surveillance capabilities. It mandates that EU states have the authority to issue digital certificates for website authentication, which browsers must accept without question. This shift in power from private entities to member states is seen as a dangerous precedent, potentially allowing governments to intercept internet traffic at will. The inability of browsers to reject these certificates, even in cases of suspected malicious activity, unless explicitly permitted by the member state, is a point of contention.
The implications of such a regulation extend beyond surveillance; there are concerns about increased online censorship and vulnerability to cyberattacks. Despite these significant concerns, the European Commission has only agreed to a provisional text, with final agreements expected soon. The industry’s feedback has led to some adjustments, including the addition of a recital aimed at clarifying ambiguities and granting browser providers more autonomy in ensuring web security. However, the effectiveness and legal standing of these adjustments remain uncertain.
As the EU Parliament pushes to finalize the legislative process before the upcoming European elections, the digital community awaits the outcome with bated breath. The potential for eIDAS 2.0 to reshape the landscape of internet security and privacy in Europe is substantial, raising questions about the balance between state control and individual freedoms in the digital age.
Source: EU eIDAS: VPNs won’t protect Europeans privacy if law passes, experts warn