eIDAS
Last updated
Last updated
What is eIDAS 1.0 👀
Back in 2014, the European Commission introduced Electronic Identification, Authentication, and Trust Services (eIDAS) as part of its Digital Agenda to stimulate innovation.
Its aim was to provide unique, verifiable credentials to every EU citizen and business, simplifying online interactions.
However, the initial rollout faced hurdles, including limited adoption and concerns over user autonomy and privacy.
eIDAS 1.0 Shortcomings
The original eIDAS framework had its share of flaws. It insisted on persistent IDs that raised privacy concerns.
It also allowed governments to remotely deactivate IDs, sparking concerns about unchecked authority. Moreover, the framework’s complexity discouraged private sector adoption, resulting in a fragmented landscape.
What is eIDAS 2.0 👀
To address these issues, eIDAS 2.0 embraces self-sovereign identity (SSI) concepts, where users retain control over their data.
This approach enables the verification of specific identity elements, enhancing security while safeguarding privacy. Blockchain’s decentralized nature adds an extra layer of protection.
Privacy Safeguards and Wider Applicability
eIDAS 2.0 ensures that social media platforms have limited access to users’ data, preventing data harvesting abuses. It also allows for a broader range of data types to be securely stored, from medical records to travel history, enhancing convenience and safety. Furthermore, it offers a means for individuals to verify the authenticity of others in personal interactions, fostering trust.
Key to eIDAS 2.0’s success is placing control firmly in users’ hands. With exclusive access to their personal information, users are more likely to adopt the framework. Achieving ubiquity across the EU is vital, ensuring credentials are universally valid. Stricter safeguards are needed to prevent third-party profiling and data mining.
The Role of PETs
Zero-knowledge proofs and biometrics play a crucial role in eIDAS 2.0’s security strategy. They enable verification without revealing sensitive data, enhancing privacy. Unique physical identifiers like fingerprints and iris scans add an extra layer of protection.
EFF Open Letter
A group of cybersecurity experts from EFF is deeply concerned about specific aspects of the European Digital Identity framework (eIDAS revision).
They fear these provisions, meant to enhance web authentication, may inadvertently weaken web security. Website authentication is a cornerstone of online security, protecting against identity theft, financial crimes, malware, and surveillance. However, the framework’s emphasis on Qualified Website Authentication Certificates (QWACs) without proper security assessments raises significant cybersecurity risks.
The group calls for revisions to Article 45.2 to preserve browsers’ vital role in safeguarding users against cybercrime and prevent potential vulnerabilities.
