BEST OF THE WEB

Controversial EU digital identity laws spark privacy concerns

EU lawmakers are expected to approve digital identity rules that could weaken internet security and enable surveillance, according to civil society groups and tech companies.

The rules, known as eIDAS 2.0, would require browser makers to trust government-approved Certificate Authorities (CAs). This would give governments the ability to issue certificates to websites that allow them to intercept and decrypt encrypted HTTPS traffic.

Browser makers are concerned that this could be used to spy on EU citizens and others. They have urged EU lawmakers to clarify that Article 45 of the eIDAS 2.0 rules cannot be used to disallow browser trust decisions.

Google and Mozilla have also raised concerns about how Article 45 might be interpreted. They argue that it could be used to enable governments to issue certificates to websites that are used for illegal activities, such as phishing or malware distribution.

The EFF says that the latest regulatory language on Article 45 is still problematic. The organization is calling on EU lawmakers to revise the language to ensure that browser makers can continue to protect the security and privacy of their users.

The legislative text is subject to approval behind closed doors in Brussels on November 8.

The sources for this piece include an article in TheRegister.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web