Deeplinks
SAN FRANCISCO—Electronic Frontier Foundation (EFF) technologists, along with 36 of the world’s top cybersecurity experts, today urged European lawmakers to reject proposed changes to European Union (EU) regulations for securing electronic payments and other online transactions that will dramatically weaken web security and expose internet users to increased risk of attacks by cybercriminals.
The ill-conceived proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS) requires popular browsers like Firefox, Google, and Safari to accept flawed website certificates that bypass the rigorous security standards built into today’s browsers to ensure user data isn’t intercepted and stolen by criminals. Website certificates help ensure that, when you use a credit card to buy something online, your payment information is going to the right website and not to cybercriminals who have created fake websites that impersonate real websites.
In a letter today to members of the European Parliament, EFF Director of Engineering Alexis Hancock, EFF Director of Technology Projects Jon Callas, and cybersecurity experts from Belgium, Canada, France, Germany, Taiwan, the UK and the U.S. said requiring browsers to accept Qualified Website Authentication Certificates (QWACs), a specific EU form of website certificate that never gained traction because of implementation flaws, would put the entire website security ecosystem at risk by requiring browsers to trust third parties designated by the government without any security assurances.
The experts urged EU lawmakers to amend the revised Article 45.2 to “ensure that browsers can continue to undertake their crucial security work to protect individuals from cybercrime on the web.” Insecure third parties can have a devastating effect on online privacy and security by opening the door to malware attacks, stolen personal and financial informa
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: