A proposed amendment to Article 45 in eIDAS would have a significant, negative impact on web users’ security
Leading cyber security experts, advocates and practitioners have urged EU lawmakers not to implement proposed changes for securing online transactions, which they say could jeopardise internet users’ security and privacy.
In a letter to Members of the European Parliament on 3rd March, the Electronic Frontier Foundation (EFF) and others recommended that lawmakers reject a proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS). The amendment would requires browsers to accept faulty website certificates, which could bypass the security measures modern browsers use to prevent cyber criminals from intercepting and stealing users’ data.
The EFF says requiring browsers to trust certificates issued by EU government-mandated Certificate Authorities (CAs) could impact users beyond the EU, as well. The approach would likely force the incorporation of a security-hindering feature into the internet experiences of users both inside and outside the European Union.