As its final adoption approaches, a European law on digital identity is raising fears of problematic repercussions regarding the protection of privacy on the Internet. Explanations.
In recent years, theEuropean Union adopted significant legal texts marking a turning point in the way our private data are managed by large Tech companies, among others. We think, for example, of someone who forced the arrival of iPhones with a USB-C connectorthe Digital Services Act (DSA) or the Digital Markets Act which entails quite a few changes for Google services, Microsoft Or Apple. Not in the best way for the latter anyway.
Overall, these laws are a step in the right direction, protecting the European consumer and forcing the American giants to more transparency and openness. But there are some that make people cringe Internet privacy advocates. The one on European digital wallets is one of them. Named eIDAS 2.0it is actually a rrevision of the previous law on digital identity in force in the EU. If its main goal is to allow the dematerialization of official documents such as the identity card or the driving license, this is not its only objective.
A European law could prove disastrous for the privacy of Internet users
The eIDAS 2.0 law also wants change the way web browsers handle website security and authentication. To understand, we must first explain what is currently happening. Look up at the top of the screen and look to the left of the address bar. See the padlock symbol? It indicates that access to the Phonandroid site uses the HTTPS protocol. It means that the connection between the browser and the server that provides it is encrypted.
Read also – The European Union adopts the law on the regulation of AI after some modifications
By clicking on the padlock, you can see the message “Your connection to this site is secure” on Firefox for example. And you also see who issued the certificate allowing this to be affirmed. Still in the case of this site, it is Google Trust Services LLC. It is this precise point that wants to change article 45 of the eIDAS 2.0 law. If applied as is, the text will allow the governments of the Member States to issue these certificates themselves. Browsers will be forced to accept them as trustworthy.
This goes even further since Firefox, Google, Opera and others will not have the right to withdraw these certificates even if they notice malicious activities, unless governments allow it. For associate professor of the Federal Polytechnic School of Lausanne Carmela Tronsoco, “[la loi] changes the balance of power by shifting these security controls to member states“, what she finds”extremely dangerous“. In theory, this would allow authorities to intercept all our internet traffic.
Even a VPN could not avoid surveillance on the Internet if the European eIDAS law is not amended
The opinion of Harry Halpin, computer scientist and creator of NymVPN, is much clearer. According to him, Europe would become “a surveillance regime worse than that of China and Russia“. He thinks that “the European Parliament didn’t know what it was doing” and that he is “unbelievable that such a stupid rule is adopted“. Beyond the shocking formulas, he recalls that after application of eIDAS 2.0, VPNs will no longer be an effective solution to protect your privacy on the Web.
Read also – Netflix, Prime Video: Europe would like to lift geoblocking of streaming platforms
The government would indeed find itself “in the middle of our connection“. He explains that “VPN is at a lower level: it defends the network connection, but there is also the website or application running on top of the network. Using a VPN wouldn’t really matter because the government could intercept the traffic at the web browser level. It could legally intercept all traffic […]even if it’s encrypted, and it doesn’t want you or even Google to know about it“.
Fortunately, everything is not so dark in reality. The current version of the eIDAS 2.0 law is currently provisional. The teams of Opera browser for example, are confident and believe that it will be revised before its adoption. Experts agree that the final text will be presented in March 2024so that it is ratified before the European elections of June.
Source: TechRadar