Bad eIDAS: Europe ready to intercept, spy on your ...

Caute_cautim · ‎11-12-2023

HI All

Lawmakers in Europe are expected to adopt digital identity rules that civil society groups say will make the internet less secure and open up citizens to online surveillance.

The legislation, referred to as eIDAS (electronic IDentification, Authentication and trust Services) 2.0, has been described as an attempt to modernize an initial version of the digital identity and trust service rules. The rules cover things like electronic signatures, time stamps, registered delivery services, and certificates for website authentication.

But one of the requirements of eIDAS 2.0 is that browser makers trust government-approved Certificate Authorities (CA) and do not implement security controls beyond those specified by the European Telecommunications Standards Institute (ETSI).

https://www.theregister.com/2023/11/08/europe_eidas_browser/

If this is true, you have a complete surveillance state - 1984 reigns.

Or is it scaremongering?

Regards

Caute_Cautim

dcontesti · ‎11-07-2023

The EFF has issued a warning that the EU is about to introduce a new law that will enable EU/national governments to secretly eavesdrop on all web communications among their own citizens.

https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years

Wondering how/what this inter-operates with GDPR and how it will affect folks in other countries that do business in the EU.

Would love other folks thoughts/comments/concerns regarding this.

d

--

Early_Adopter · ‎11-07-2023

You pick up that sword, you just don’t want to put it down again…

I’d say it’s incompatible with the GDPR as that took into account government eavesdropping- anyone not familiar with the Stasi should please down tools and go and watch the lives of others immediately.

Like the Patriot Act this causes issues when trying to take the high moral ground with authoritarian regimes.

I guess there is a balance to be struck, but I don’t see any extraordinary threat to offset the harm this would cause - and to any government, especially the EU which is a sort of weird overlay I’d say you created and built none of these tools - really, stop snooping and mind your own business.

ericgeater · ‎11-08-2023

I guess as long as the EU does a good job of encrypting the data at rest...? 🤡

-----------
A claim is as good as its veracity.

Early_Adopter · ‎11-08-2023

Just encrypt the disks… then if they get stolen… 😛

Early_Adopter · ‎11-13-2023

Maybe they can fold it in with the LLM stego encoding request..? 😛

Anyway this is a bad idea, unless the EU wants to weaken the security of it’s citizens and allies…

Caute_cautim · ‎11-13-2023

@Early_Adopter At least Germany is chirping up, and complaining about, there appears a lot of group-think and sheep thinking going on at the moment.

It certainly is bad.

Regards

Caute_Cautim

Early_Adopter · ‎11-13-2023

Yes the Germans are at least sensible due to East Germany and before.

If find it hard to reconcile this EU with the one that was furious about patriot act, Prism and Merkle’s phone tap… do we now have a chance of the US complaining about data transfers to h the EU under the safe data privacy shield harbour Atlantean Transit Data framework? Seems a shame to make all that noise publicly and then drop all your principles…

Caute_cautim · ‎11-19-2023

@Early_Adopter This is okay, as a strategy, as long as they are Quantum-Resistant.....

Harvest Now, Decrypt Later (HNDL)....

Do you remember how long it took the payments industry to change over from SSL v3 after the POODLE attack to TLS v1.2?

It took four years....

Regards

Caute_Cautim

Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections