Fight the EU Law for attacking Cryptography
The Crypto Wars have been one topic that DeepSec keeps addressing in public. The conference and our blog documents countless attempts to weaken algorithms, introduce mandatory back-doors, and compromise of operating systems. The European eIDAS (electronic IDentification, Authentication and trust Services) regulation is a proposal that all web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments. This destructively changes the IT security landscape. To quote from Mozilla’s open letter:
These changes radically expand the capability of EU governments to surveil their citizens by ensuring cryptographic keys under government control can be used to intercept encrypted web traffic across the EU. Any EU member state has the ability to designate cryptographic keys for distribution in web browsers and browsers are forbidden from revoking trust in these keys without government permission.
If you are working in information security, we urge you to get in contact with your European members of parliament. For Euopean citizens, this means that you should register your concerns with Romana Jerković. Also, consider signing the open letter (you can do this online), if you are a researcher or an NGO.
If this law passes, then the Public Key Infrastructure (PKI) of the Web will be compromised. The fall-out will destroy the basis of e-commerce and all communication for individuals, companies, and even governments.