EU lawmakers are expected to approve digital identity rules that could weaken internet security and enable surveillance, according to civil society groups and tech companies.
The rules, known as eIDAS 2.0, would require browser makers to trust government-approved Certificate Authorities (CAs). This would give governments the ability to issue certificates to websites that allow them to intercept and decrypt encrypted HTTPS traffic.
Browser makers are concerned that this could be used to spy on EU citizens and others. They have urged EU lawmakers to clarify that Article 45 of the eIDAS 2.0 rules cannot be used to disallow browser trust decisions.
Google and Mozilla have also raised concerns about how Article 45 might be interpreted. They argue that it could be used to enable governments to issue certificates to websites that are used for illegal activities, such as phishing or malware distribution.
The EFF says that the latest regulatory language on Article 45 is still problematic. The organization is calling on EU lawmakers to revise the language to ensure that browser makers can continue to protect the security and privacy of their users.
The legislative text is subject to approval behind closed doors in Brussels on November 8.
The sources for this piece include an article in TheRegister.