Mozilla: Report Raises Concerns Over Potential Cybersecurity Threat Within the Eu’s Digital Identity Framework

New Acxiom Research Reveals Only 4% of Brands Have Mastered Customer Intelligence

Mozilla (UK)

Leading security experts have expressed concerns over the proposed revision of Article 45.2 of the eIDAS regulation by the European Union (EU), citing potential risks to web authentication and encryption standards. A new report, produced by the Economist Impact Studios for Mozilla and the #SecurityRiskAhead campaign, includes findings from global experts from both industry and civil society.

The report shows that Article 45.2 could weaken cybersecurity for web users, leaving them vulnerable to state surveillance and targeted interception of internet traffic. The law could effectively bypass existing security checks as browsers would be mandated to support EU-designed Qualified Web Authentication Certificates (QWACs). QWACs are not available for free and have weaker security properties than the most commonly-used certificates by browsers.

Joseph Lorenzo Hall, Senior Vice President for Strong Internet at the Internet Society, emphasized that web security is constantly evolving and adapting, and by putting it into legislation, the proposed revision does not take into account the dynamic nature of security threats. “By bolting an exception mechanism on for EU government trusted entities, browsers will be forbidden, for example, from revoking trust for certain things. This means that you could have a group of websites online that are being spoofed or being eavesdropped upon by some compromised EU-anointed authority. And we are handcuffed and cannot do things that we would normally do very quickly to protect the people of the internet.”

Marketing Technology News: On the Heels of Google I/O, PaLM 2 AI Debuts in Sendbird’s Chatbot API

Marshall Erwin, Vice President and Chief Security Officer at Mozilla Corporation, said: “The real problem with Article 45.2 of eIDAS is it’s going to set a precedent that regimes around the globe are going to follow – and as a result not only undermine web encryption in general, but then also put dissidents, and journalists, at immediate risk.”

Arvid Vermote, Worldwide Chief Information Security Officer at GlobalSign, a Certificate Authority, highlighted the risk of having 30 additional supervisory bodies that can define a company as globally trusted, up from just four. He states, “For me, that would be an astronomical problem,” as it could potentially allow for the targeted interception of internet traffic if compromised.

Echoing the other interviewees, Scott Helme an authentication and security researcher pointed to the importance of having free certificates which “have been fundamental in completely transitioning web security.”

Marketing Technology News: MarTech Interview with Sanjay Mehta, Head of Industry, Ecommerce at Lucidworks

Picture of PRNewswire

PRNewswire

PR Newswire, a Cision company, is the premier global provider of multimedia platforms and distribution that marketers, corporate communicators, sustainability officers, public affairs and investor relations officers leverage to engage key audiences. Having pioneered the commercial news distribution industry over 60 years ago, PR Newswire today provides end-to- end solutions to produce, optimize and target content -- and then distribute and measure results. Combining the world's largest multi-channel, multi-cultural content distribution and optimization network with comprehensive workflow tools and platforms, PR Newswire powers the stories of organizations around the world. PR Newswire serves tens of thousands of clients from offices in the Americas, Europe, Middle East, Africa and Asia-Pacific regions.

You Might Also Like