EU's Digital Identity Framework Endangers Browser Security

[Gandalf_The_Grey]

Content source

https://www.eff.org/deeplinks/2021/12/eus-digital-identity-framework-endangers-browser-security

If a proposal currently before the European Parliament and Council passes, the security of HTTPS in your browser may get a lot worse. A proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS) would have major, adverse security effects on millions of users browsing the web.

The amendment would require browsers to trust third parties designated by the government, without necessary security assurances. But trusting a third party that turns out to be insecure or careless could mean compromising user privacy, leaking personal or financial information, being targeted by malware, or having one’s web traffic snooped on.

If adopted, the amendment would roll back security gains that so many worked hard to achieve in the past decade. The amendment should be dropped. Instead, these CAs should be pushed to meet requirements for transparency, security, and incident response.