news & Things

Proposed Amendment Could Undo 10 Years Worth Of Internet Security

08th Mar 2022

Browsers like Google Chrome could be forced to trust government-designated third parties without requisite security guarantees, in a proposed amendment to eIDAS.

 

The proposed amendment to Article 45 in eIDAS would result in a significant, negative impact on web users’ security.

EU lawmakers have been urged by leading cyber security experts, advocates and practitioners alike, to not implement the proposed changes for securing online transactions, as there is too much jeopardy involved for the safety of internet users’ security and privacy.

In a letter to Members of the European Parliament on 3rd March, the Electronic Frontier Foundation (EFF) and others suggested that lawmakers reject a proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS). The reason for the rejection is that the amendment would require browsers to accept faulty website certificates, which could bypass the security measures modern browsers use to prevent cyber criminals from intercepting and stealing users’ data.

Among the signatories are Alexis Hancock, EFF director of engineering; David Awad, faculty instructional associate of computer science at Georgia Tech; Andrew Ayer of SSLMate; and other security experts from Canada, France, Germany, Belgium, Taiwan, the UK and the USA.

The signatories argue that the proposed changes to Article 45 would result in severely negative security consequences for millions of web users.

Google, Firefox and Safari are some of the biggest browsers out there, and they could be forced to trust government-designated third parties without the requisite security guarantees, leaving billions of web users’ vulnerable.

Browsers would be required to accept Qualified Website Authentication Certificates (QWACs), a type of EU website certificate which has been criticised in the past for its lack of effectiveness as a way of protecting users, due to implementation issues.

QWACs follow the same standards as Extended Validation (EV) certificates. They’re both digital certificates provided to domain owners, with an additional mechanism that verifies the domain owner’s identity – but the onus us squarely on the user. It’s been shown that this approach has been ineffective in the past.

The ramifications could be that, after trusting a third party who turns out to be irresponsible or unsecure, user privacy could jeopardised, personal or financial information leaked, or the user could become the target for malware.

This decision could impact web users from all over, not just those within the EU, according to the EFF. The approach to require browsers to trust certificates issued by EU government-mandated Certificate Authorities (CAs) would force the incorporation of a security-hindering feature into the web user’s experiences both inside and outside the EU.

With the letter, the signatories state that the amendment to Article 45 would undo all the work that has been done during the last decade to strengthen internet security. It would be in everyone’s best interest if it were withdrawn, and instead CAs should be urged to meet security, transparency and incident response criteria.

More news & Things

More news & Things


Chloe Smith in NonProfit

Initiatives Underway to Improve Diversity In Environmental Workforce In The UK

Steps are being taken in the UK’s sustainability and environment professions to address the lack of diversity, as it stands less than 5% of professionals in organisations within the sector identify as being from minority ethnic backgrounds. The steps involve a data drive, asking the UK’s environmental NGOs and charities to annually report on the […]


Chloe Smith in Health Sector

Billions To Be Raised By Health And Social Care Levy, Massive Reforms To Adult Social Care Underway

COVID backlogs and reforms to adult social care underway with the Health and Social Levy implemented to raise billions. The Health and Social Care Levy has commenced from Wednesday 6th April in order to raise the billions needed for the COVID backlog, as well fund reforms to routine services. In total, £39billion will be implemented […]


Chloe Smith in CENTRAL GOVERNMENT

NATO Identifies Emerging And Disruptive Technologies – UK To Headquarter The Defence Innovation Hub

NATO to implement the DIANA programme to maintain technological advantage: UK and Estonia to partner on the programme. Critical technologies will be seeing transatlantic cooperation, as the UK is set to be the host of the European HQ of the Defence Innovation Accelerator (DIANA), a programme set for NATO allies to accelerate, test, evaluate and […]


Chloe Smith in Transport

New Bus Scheme Set To Increase Public Transport Use by 10%

20% to 40% ticket price reduction on Cornish buses backed by £23.5m government grant A pilot of cut-fare prices has begun in Cornwall, allowing residents and visitors to enjoy cheaper prices around the far south-west of England. The county has benefitted from a ticket price reduction of between 20% and 40% to incentivise more people […]


Chloe Smith in NonProfit

Legal Proceedings Issued After National Lottery Licence Announcement

For the first time since The National Lottery started, Camelot will not be Preferred Applicant for the National Lottery licence.   A legal battle has been issued by National Lottery operator, Camelot, against the Gambling Commission after it was revealed that Allwyn Entertainment UK was its Preferred Applicant for the fourth National Lottery licence – […]


Chloe Smith in Tech

What Is Colocation And Why Are Datacentres Being Built On Sewage Plants?

Datacentres could be made more environmentally friendly if collocated with sewage treatment plants, suggests Tomorrow Water.   The idea is that heated water from a datacentre can be used to boost wastewater processing, and some of the treated water can then become the cooling water for the datacentre. The arrangement cuts the energy process required […]


Send us a Message






    Call cloudThing
    0121 393 4700
    DEVELOP • DYNAMICS • DEVOPS • DATA
    By pressing send you agree to our Terms & Conditions