this post was submitted on 15 Nov 2023
57 points (96.7% liked)

Privacy

31974 readers
276 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Just saw this update. I'll quote from the previous article for a complete picture.

After years of legislative process, the near-final text of the eIDAS regulation has been agreed by trialogue negotiators1 representing EU’s key bodies and will be presented to the public and parliament for a rubber stamp before the end of the year. New legislative articles, introduced in recent closed-door meetings and not yet public, envision that all web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments.

This means governments could impersonate websites, effectively breaking https. Over 500 researchers and experts had signed a letter against the problematic article 45. In the update they got a response:

In a media Q&A given by the European Commission on Thursday (9th November), the Commission characterized the risks raised in the open letter from cyber security experts and civil society as a ‘misunderstanding’. The Commission went on to state that the open letter had been discussed with their experts, who concluded ‘there is no risk of government spying, nor breaching the confidentiality of internet connections’.

So they asked 'experts' who said breaking https doesn't lead to government spying.

We call on the European Commission, Council and Parliament to:

  • Publish the final legal text of the eIDAS regulation as soon as possible.

  • Ensure that civil society and cyber security experts have adequate time to scrutinize this regulation ahead of any legislative action.

  • Be transparent about the advice the Commission has received regarding this regulation and who was consulted.

I'm so done with this. The fact that they can just:

  1. Introduce an article that breaks https into a regulation a short time before it's voted on

  2. Don't disclose the text of the articles for independent experts to look at

  3. Blatantly deny what it does after it gets discovered

Without any repercussions is depressing. They'll just keep trying this until it sneaks past.

This text is subject to approval in the final closed-door trialogue meeting in Brussels on November 8th, after which it will be published and presented for formal ratification in the European Parliament. This is expected to be in the first few months of 2024, but this vote is seen as a formality with the text of trialogue negotiations typically being adopted into law without alteration.

Last week, representatives of the European Parliament, Council and Commission announced they had signed off on the eIDAS Regulation and that a vote in Parliament’s ITRE committee will be held on November 28th. We understand that although no changes have been made to Article 45, there were last-minute changes to the accompanying Recital 32. However, the EU has still not published the agreed legal text. There are now less than 13 days until the vote and the cyber security community, civil society and the public are still unable to read the proposed regulation, let alone scrutinize its impacts.

Finally:

If you’re a European citizen, you can write to the member of the European Parliament responsible for the eIDAS file - Romana JERKOVIĆ - and register your concern.

Edit: formatting

top 3 comments
sorted by: hot top controversial new old
[–] knfrmity@lemmygrad.ml 7 points 1 year ago

The EU was never designed to be a democratic body.

They tried chat control and got pushed back on, so they gave up on that track and quickly switched to a sneaky effort to break SSL.

Just as previous initiatives were voted down by the people, but forced through the parliament anyway.

The EU exists to protect private property and capital, not to benefit the people.

[–] fluckx@lemmy.world 6 points 1 year ago

You'll get two WHOLE days to go through it how much time do you need. It's all very very safe okay. All my advisors tell me it's safe. Really. What's the problem that the government can impersonate any https site online. We would never do such a thing. There's no record in history of the government getting hacked or people accessing data they shouldn't.

( /s for those thinking I'm being serious )

[–] Nithanim@programming.dev 3 points 1 year ago

I am weirdly looking forward to the surprised pikachu face when the privkey leaks in the first week and suddenly suspiciously specific info about virtually everything whats going on privately in the EU pops up all over the world, including politicians and their friends.