A group of analysts and companies have raised their voices against the risks that the upcoming European Digital Identity Wallet implementation might bring to Europeans’ privacy. Article 45 of a leaked Eidas document (Electronic Identification, Authentication, and Trust Services) indicates that web browsers distributed in Europe will have to accept certificates and cryptographic keys selected by the European Union (EU), opening the doors to online surveillance.
European Digital Identity Wallet Project Could Introduce Means for Online Surveillance
The technical implementation of the European Digital Identity Wallet has analysts and experts worried, with some warning against the veiled introduction of a system to exert online surveillance over European citizens.
Since the announcement of the final agreement on the project, more than 500 scientists and researchers from 39 countries and foundations like Mozilla have called on the European Union (EU) to rework a leaked Eidas (Electronic Identification, Authentication, and Trust Services) document to address these concerns.
The problem lies in Article 45 of the document, which establishes that web browsers distributed in Europe have to accept digital certificates and cryptographic keys from the EU and its member countries.
According to the experts, this would mean that “any EU member state or third party country, acting alone, is capable of intercepting the web traffic of any EU citizen, and there is no effective recourse.” An open letter from these scientists declared:
The current proposal radically expands the ability of governments to surveil both their own citizens and residents across the EU by providing them with the technical means to intercept encrypted web traffic, as well as undermining the existing oversight mechanisms relied on by European citizens.
What Comes Next
While the final Eidas document has not been released to the public yet, the Mozilla Foundation has revealed that, according to its information, there have not been changes proposed to article 45 specifically, with the whole project up for voting on November 28. Mozilla also called for the document’s release before the voting session, explaining that “civil society and the public are still unable to read the proposed regulation, let alone scrutinize its impacts.”
The European Commission has disregarded the concern, stating that it was part of a misunderstanding of the project as it is presented. It reported that “there is no risk of government spying, nor breaching the confidentiality of internet connections” with the current iteration of Eidas in a Q&A session.
What do you think about the European Digital Identity Wallet project? Tell us in the comments section below.