EU eIDAS regulation: The devil is in the detail

The adoption of standards for electronic identification across the EU should normally be a source of joy. But the discussion of this reform in its corridors of the Commission has caused concern among experts in cyberspace.

But why is giving Europeans a harmonized digital identity so controversial? The devil is in the detail.

eidas

At issue is the eIDAS regulation, a system which according to its website:

"ensures that people and businesses will be able to use their own national electronic identification systems (eIDs) to access public services available in in other EU countries" and thus will "create a European internal market for trust services by ensuring that they operate cross-border and have the same legal status as traditional counterparts".

The European Commission has evaluated the existing regulatory framework by launching an open consultation. The objective of the consultation was to collect observations on the drivers and barriers to the development and adoption of trust and electronic identification services in Europe.

Based on this open public consultation (from 24 July to 2 October 2020), targeted surveys and in-depth interviews with key stakeholders of the eIDAS ecosystem, the Commission assessed to what extent the eIDAS framework remains fit for purpose , achieving the intended results, outcomes and impact.

According to the website describing eIDAS:

With eIDAS, the EU managed to lay the right foundations and a clear legal framework for citizens, businesses and public administrations to securely access services and transact online with just one click. Indeed, the development of eIDAS means greater security and greater convenience for any online activity, such as filing tax returns, enrolling in a foreign university, opening a bank account remotely, s in another member state, the verification of identity for online bidding, online bidding and more.

But what worries experts is the implementation of the new system on websites.

The European Union wants to ensure that all Europeans can digitally verify the businesses and people they do business with. This will include websites. The EU therefore wants to introduce a provision that allows countries to issue their own trusted root certificates.

What does this mean;

In short, this would enable government agencies to spy on all encrypted internet traffic, which would compromise the security of all of us.

So, legalization of surveillance for Europeans, with states holding the keys to encryption.

A group of 309 cybersecurity experts, researchers and scientists from 31 countries around the world has already called on the European Union to reconsider proposals to reform the Electronic Identification, Authentication and Trust Services (eIDAS) regulations, saying that “as proposed in its current form, this legislation will not lead to adequate technological safeguards for citizens and businesses as intended. In fact, it is very likely to lead to less safety for everyone."

https://nce.mpi-sp.org/index.php/s/cG88cptFdaDNyRr

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).