https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64366#M6506 Just encrypt the disks… then if they get stolen… <span class="lia-unicode-emoji" title=":face_with_tongue:">😛</span> Wed, 08 Nov 2023 13:17:01 GMT Early_Adopter 2023-11-08T13:17:01Z https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64464#M6500 <P>HI All</P><P>&nbsp;</P><P>Lawmakers in Europe are expected to adopt digital identity rules that civil society groups say will make the internet less secure and open up citizens to online surveillance.</P><P>The legislation, referred to as eIDAS (electronic IDentification, Authentication and trust Services) 2.0, has been described as an attempt to modernize an initial version of the digital identity and trust service rules. The rules cover things like electronic signatures, time stamps, registered delivery services, and certificates for website authentication.</P><P>But one of the requirements of <A href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG" target="_blank" rel="nofollow noopener">eIDAS 2.0</A> is that browser makers trust government-approved Certificate Authorities (CA) and do not implement security controls beyond those specified by the European Telecommunications Standards Institute (ETSI).</P><P>&nbsp;</P><P><A href="https://www.theregister.com/2023/11/08/europe_eidas_browser/" target="_blank">https://www.theregister.com/2023/11/08/europe_eidas_browser/</A></P><P>&nbsp;</P><P>If this is true, you have a complete surveillance state - 1984 reigns.</P><P>&nbsp;</P><P>Or is it scaremongering?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 12 Nov 2023 21:19:13 GMT https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64464#M6500 Caute_cautim 2023-11-12T21:19:13Z https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64341#M6503 <P><SPAN>The EFF has issued a warning that the EU is about to introduce a new law that will enable EU/national governments to secretly eavesdrop on all web communications among their own citizens.</SPAN></P><P>&nbsp;</P><P><A href="https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years" target="_blank">https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years</A></P><P>&nbsp;</P><P>Wondering how/what this inter-operates with GDPR and how it will affect folks in other countries that do business in the EU.</P><P>&nbsp;</P><P>Would love other folks thoughts/comments/concerns regarding this.</P><P>&nbsp;</P><P>d</P><P><BR /><SPAN>--</SPAN></P> Wed, 08 Nov 2023 00:53:30 GMT https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64341#M6503 dcontesti 2023-11-08T00:53:30Z https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64346#M6504 You pick up that sword, you just don’t want to put it down again…<BR /><BR />I’d say it’s incompatible with the GDPR as that took into account government eavesdropping- anyone not familiar with the Stasi should please down tools and go and watch the lives of others immediately.<BR /><BR />Like the Patriot Act this causes issues when trying to take the high moral ground with authoritarian regimes.<BR /><BR />I guess there is a balance to be struck, but I don’t see any extraordinary threat to offset the harm this would cause - and to any government, especially the EU which is a sort of weird overlay I’d say you created and built none of these tools - really, stop snooping and mind your own business.<BR /><BR /><BR /> Wed, 08 Nov 2023 02:04:31 GMT https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64346#M6504 Early_Adopter 2023-11-08T02:04:31Z https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64365#M6505 <P>I guess as long as the EU does a good job of encrypting the data at rest...?&nbsp;<span class="lia-unicode-emoji" title=":clown_face:">🤡</span>&nbsp;</P> Wed, 08 Nov 2023 13:14:12 GMT https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64365#M6505 ericgeater 2023-11-08T13:14:12Z https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64366#M6506 Just encrypt the disks… then if they get stolen… <span class="lia-unicode-emoji" title=":face_with_tongue:">😛</span> Wed, 08 Nov 2023 13:17:01 GMT https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64366#M6506 Early_Adopter 2023-11-08T13:17:01Z https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64471#M6501 Maybe they can fold it in with the LLM stego encoding request..? <span class="lia-unicode-emoji" title=":face_with_tongue:">😛</span><BR /><BR />Anyway this is a bad idea, unless the EU wants to weaken the security of it’s citizens and allies… Mon, 13 Nov 2023 08:05:18 GMT https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64471#M6501 Early_Adopter 2023-11-13T08:05:18Z https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64503#M6502 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/797288093">@Early_Adopter</a>&nbsp;&nbsp; At least Germany is chirping up, and complaining about, there appears a lot of group-think and sheep thinking going on at the moment.</P><P>&nbsp;</P><P>It certainly is bad.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 13 Nov 2023 19:20:48 GMT https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64503#M6502 Caute_cautim 2023-11-13T19:20:48Z https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64514#M6507 Yes the Germans are at least sensible due to East Germany and before.<BR /><BR />If find it hard to reconcile this EU with the one that was furious about patriot act, Prism and Merkle’s phone tap… do we now have a chance of the US complaining about data transfers to h the EU under the safe data privacy shield harbour Atlantean Transit Data framework? Seems a shame to make all that noise publicly and then drop all your principles…<BR /><BR /> Mon, 13 Nov 2023 23:04:17 GMT https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64514#M6507 Early_Adopter 2023-11-13T23:04:17Z https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64705#M6518 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/797288093">@Early_Adopter</a>&nbsp;&nbsp; This is okay, as a strategy, as long as they are Quantum-Resistant.....</P><P>&nbsp;</P><P>Harvest Now, Decrypt Later (HNDL)....</P><P>&nbsp;</P><P>Do you remember how long it took the payments industry to change over from SSL v3 after the POODLE attack to TLS v1.2?&nbsp;</P><P>&nbsp;</P><P>It took four years....&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 20 Nov 2023 03:07:34 GMT https://community.isc2.org/t5/Industry-News/Bad-eIDAS-Europe-ready-to-intercept-spy-on-your-encrypted-HTTPS/m-p/64705#M6518 Caute_cautim 2023-11-20T03:07:34Z