Controversial Digital Identity Rules Poised for Adoption in EU

The European Union legislative bodies are on the brink of enacting a new set of digital identity rules, known as eIDAS 2.0, amid concern from civil society groups.

The legislation allegedly aims to modernize existing digital identity and trust service rules, encompassing electronic signatures, time stamps, and website authentication certificates.

Mandated Trust in Government CAs

A contentious requirement of eIDAS 2.0 is that web browser makers trust government-approved Certificate Authorities (CAs) and refrain from enforcing additional security controls not specified by the European Telecommunications Standards Institute (ETSI). Critics argue this could lead to a less secure internet and increased potential for state surveillance.

The Browser Security Dilemma

Under the new regulations, should browser makers detect any misuse, such as traffic interception, by these government-endorsed CAs, they would be prohibited from taking countermeasures such as distrusting the certificates or removing the CA from their list of trusted entities.

This blatantly contrasts current practices, where browsers play a crucial role in maintaining web security by vetting CAs and intervening when certificates are misused.

Mozilla's Open Letter

Mozilla adamantly opposes these changes, stating, "This enables the government of any EU member state to issue website certificates for interception and surveillance which can be used against every EU citizen."

They, along with over 400 cybersecurity experts and non-governmental organizations, have signed an open letter pressing EU lawmakers for a clarification that would prevent Article 45 from disallowing browser trust decisions.

The final decision on eIDAS 2.0 is expected to be made behind closed doors in Brussels, with the potential for far-reaching implications on privacy and security online.

Safeguarding Your Online Privacy

In light of these developments, here are recommendations to help ensure your data remains private and secure while you're connected to the internet:

1. Use Encrypted Communication Tools: Opt for messaging and email services that offer end-to-end encryption.
2. Enable Two-Factor Authentication: This adds an extra layer of protection to your online accounts.
3. Avoid Oversharing Personal Information: Be wary of personal data and other sensitive details you might share on social media and online platforms.
4. Use Privacy-Focused Browsers: Consider browsers dedicated to privacy that do not track your activities or limit data collection as much as possible.
5. Use a Virtual Private Network (VPN): Specialized tools such as Bitdefender VPN can encrypt your internet traffic and protect your privacy online.