CEPIS suggests improvements on amendment to eIDAS regulation

At the beginning of November, CEPIS expressed its support to the “eIDAS: Open Letter pre Trilogue conclusion”, raising problems with the then draft and outlining safeguards to address them (see eidas-open-letter.org). Meanwhile, the trilogue concluded and a result was published at e.g. https://www.europarl.europa.eu/cmsdata/278103/eIDAS-4th-column-extract.pdf

In view of the developments, the CEPIS Legal and Security Issues expert group has produced the following text. It aims to provide a short analysis of the improvements in 3 problematic areas and the remaining deficiencies and corresponding open issues. It concludes with some proposals for improvements possible at this point in time. The 3 areas are:

  1. Rogue certificates weakening the security of the web: Article 45 requires browsers to recognise any certificate that is issued by an EU member state and that satisfies some criteria specified in an annex to the regulation (Qualified Web Authentication Certificate, QWAC) without any other requirements to be imposed by the browsers. Such certificates may not be as trustworthy as claimed, and, if the browser needs to recognise these certificates in its trust store, these certificates can be used to weaken the protection of the communication between a user’s browser and a website. Certificates in the trust store of a browser are used to validate the public key of the visited website, so a rogue certificate can be used to validate the wrong public key, and then user data encrypted for the website are actually readable by others, especially those who placed that wrong key. The recent amendments aimed to mitigate the issue by limiting the enforced use of QWACs to displaying the owner of the website as certified by the QWAC: “The obligation of recognition, interoperability and support of QWACs is not to affect the freedom of web-browser providers to ensure web security, domain authentication and the encryption of web traffic in the manner and with the technology they consider most appropriate.” So, for the purposes of ensuring web security, domain authentication and the encryption of web traffic, a browser can ask for additional measures. The remaining issue is that the text quoted above only appears in a recital and not in the core of the regulation. So it would require special attention that an actor other than a member state would push for a certain certificate. Moreover, future browsers would need to support the differentiated treatment of certificates for displaying the owner of a website vs. securing the web traffic, which is additional effort in implementation and maintenance.
  2. Lack of unlinkability of wallet uses: Avoiding the scenario where several interactions with the same or different relying parties (e.g. websites) cannot be linked together is an essential function of any wallet to prevent the user to be tracked and profiled. There is good text in Article 6a.7b.(a) to support this aim: “The technical framework of the European Digital Identity Wallet shall not allow providers of electronic attestations of attributes or any other party, after the issuance of the attestation of attributes, to obtain data that allows for tracking, linking, correlating or otherwise obtain knowledge of transactions or user behaviour unless explicitly authorised by the user.” At the same time there are provisions like Article 6a.4.(a).(4e) and Article 6a.5.5a asking for verifiability of the wallet by relying parties, which is hard (though not impossible) to align with any unlinkability requirement. In this situation of requirements difficult to fulfil in combination the careful and transparent development of technology is needed. Unfortunately the development of the Architecture Reference Framework (ARF) operated by the European Commission and the member states is not transparent, but behind closed doors, and available drafts do not support the legal requirements for safeguards for unlinkability. To do so, they would need to include more advanced cryptographic primitives that enable both unlinkability and revocation. The concern is the limited influence of the European Parliament on implementations like the Architecture Reference Framework.
  3. Lack of unobservability of wallet uses: There are no safeguards that prevent the governments, which actually provide the wallet, from exercising surveillance over everything its users do with it. As the wallet may be used in all areas of life (e.g. health, transport, finance, etc.) the related information may cover all these areas and give a very complete view on what people do with the wallet. Last-minute changes in Recital 11c oblige the wallet provider to “ensure unobservability by not collecting data and not having insight into the transactions of the users of the Wallet. This means that the providers should not be able to see the details of the transactions made by the user.” Again this provision is only given in the recitals, and its technical implementation is essential.

The text agreed in the trilogue is obviously a compromise between different positions. It seems that some MEPs are considering to not adopt this text or to abstain. When the European Parliament is to consider whether to approve the negotiated results or aim for better results in future negotiation rounds, it needs to keep in mind that its influence on the relevant (technical) implementation and standardisation seems rather limited. So it needs to consider whether the improvements and provisions it achieved to introduce into the original proposal will be strong enough to keep up the values it has been fighting for and to assure their technical implementation. Any support for assuring the later implementation may be useful, be it explicit statements under which conditions the European Parliament supported the trilogue results or the establishment of instruments for public oversight of an open development of what may be the most critical infrastructure for European values of protected freedom in interaction and transactions.

A viable option seems to condition the adoption of the outcome of the trilogue agreement on the prior publication by the European Commission and the Council of the EU of a clear and unambiguous mandate for the European Standardization bodies to draft standards that a) ensure that there will be no interference with how connections with web servers are authenticated, or the technology used to encrypt web traffic and instead only apply to displayed identity information and b) guarantee strong unobservability and unlinkability for mobile identity wallet users. The European Parliament should also use its powers and dedicate resources to closely monitor the implementation of the regulation. This should be announced together with any agreement to the results.

SUBSCRIBE TO OUR NEWSLETTER

Why not keep up to date with all our latest news and events?