#Alert eIDAS 2.0 (EU wants to force browsers to use potentially insecure government certificates)

zeynep at keemail.me zeynep at keemail.me
Fri Nov 10 14:54:26 PST 2023 

Hello 

I hope everyone is ok. I think this issue is important so I think all of you should read this email I wrote. 
For years, I have been immersed in the world of cryptography and have worked as a researcher in the field of digital privacy. Recently, there have been numerous developments that give cause for concern.
As a digital privacy activist, I am committed to raising awareness about the critical need for robust privacy protections in today's interconnected world. The ever-expanding digital landscape necessitates vigilant advocacy to ensure that individuals rights to privacy are upheld and respected.

“The EU's planned laws would use emerging technologies to detect new and existing child sexual abuse material (CSAM) and child grooming activities, and would give national authorities the power to oblige digital services to scan users’ communications, including encrypted messages.”  

https://www.euronews.com/my-europe/2023/10/19/planned-eu-laws-on-child-sexual-abuse-have-sparked-a-bitter-privacy-row-why

The proposed legislation mandates the implementation of a compulsory scanning protocol for communication service providers, encompassing social media platforms and instant messaging applications, which facilitate the exchange of textual, auditory, photographic, and video content inclusive of all user data.


The eIDAS 2.0 proposal, aimed at establishing a secure framework for trust services within the EU, has raised concerns due to recent undisclosed alterations made during the legislative process. These changes, allowing Member States to access encrypted data, raise alarming implications for mass surveillance. Collaborating with esteemed scientists and NGOs, an open letter has been crafted to address these critical risks and propose concrete solutions to ensure enhanced privacy protections in the eIDAS 2.0 framework.
This letter meticulously outlines the substantial risks associated with the eIDAS 2.0 proposal and offers concrete suggestions for mitigating these issues.

The letter is here:
https://nce.mpi-sp.org/index.php/s/cG88cptFdaDNyRr


As an individual deeply invested in digital  privacy and security, I find myself increasingly apprehensive about the implications of the eIDAS 2.0 proposal. While the initial intent was to establish a fortified legal framework for trust services within the EU, recent undisclosed alterations have raised significant concerns.

One of the most troubling aspects is the provision granting Member States the authority to insert their keys into browsers, enabling the interception of encrypted traffic. This opens the door to potential mass surveillance, infringing upon the fundamental right to privacy. Additionally, the restrictions on security checks for encryption keys, limited by ETSI, pose a potential roadblock to the development of innovative, higher-level protective measures.

Furthermore, the proposal's commendable effort to create a digital wallet for mobile identity is marred by a critical oversight. Citizens should have the option to employ anonymous credentials or pseudonyms to shield their online interactions. Unfortunately, the current draft makes the implementation of unlinkability optional, potentially subjecting citizens privacy to the discretion of the Member State with the weakest safeguards.

These concerns are not merely speculative, but rooted in the need to protect individual liberties in an increasingly interconnected digital landscape. It is imperative that we prioritize privacy rights and work towards a balanced framework that ensures the security of trust services without compromising personal freedoms.

In addition, most artificial intelligence systems are inherently flawed, rendering them susceptible to potential misuse under the law. Governments, under the pretext of combating child exploitation, can scan the data of a majority of users, thereby infringing upon fundamental human rights. This grants governments the power to surveil and exert control over any citizen at their discretion.

Perhaps we can discuss what we might accomplish together.

Regards 
Zeynep Aydoğan 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5321 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20231110/2e53c11f/attachment.txt>

More information about the cypherpunks mailing list