Tag Archive for: EU’s

EU’s Proposed CSAM Bill Poses Hacking Risks

/in


Endpoint Security
,
Governance & Risk Management
,
Legislation & Litigation

Hackers Would Exploit Client-Side Scanning, LIBE Committee Hears

Akshaya Asokan (asokan_akshaya) •
April 13, 2023    

EU's Proposed CSAM Bill Poses Hacking Risks

Members of a European Parliament committee heard Thursday an assessment warning them that a bill intended to fight child sexual abuse material would instead weaken online security.

See Also: Webinar | The Evolution of Network Architecture: What You Don’t Know Can Hurt You

The Child Sexual Abuse Material proposal unveiled by the European Commission in May 2022 faces a barrage of opposition from industry and civil liberty groups concerned that its mandate for digital communication services such as instant messenger apps to scan for CSAM is incompatible with end-to-end encryption.

Bart Preneel, a cryptography professor at Catholic University of Leuven in Belgium, told the Committee on Civil Liberties, Justice and Home Affairs, or LIBE, the only way mandatory scanning is compatible with end-to-end encryption by scanning for images on devices before they’re transmitted across the web. Preneel is co-author of an assessment of the CSAM proposal commissioned by the committee.

“The only way you could actually detect CSAM would be by scanning on the device of the user. You would have to insert additional software in the user device, and such a software will create new vulnerabilities that are open to attack and abuse,” he said.

Scanning communications would violate a right to confidential communications while client-side scanning “violates the essence of the right of protection…

Source…

Emerging Europe risks missing out on EU’s Digital Decade

/in


Europe as a whole must do more to meet its ambitious Digital Decade goals. The countries of emerging Europe must do much more, particularly in cybersecurity and education.

The largest Europe-wide trade organisation representing digitally transforming industries, DigitalEurope, last month addressed a letter to the European Commission outlining three key areas of digital development that EU member states should prioritise.

DigitalEurope’s director-general, Cecilia Bonefeld-Dahl, says that, ‘’the EU is keen to make this the Digital Decade. But for that to happen Europe needs a monumental push to digitally upskill its workforce and citizens and address the digital divide.”

According to DigitalEurope’s letter to the European Commission, in order to achieve this goal, the three areas of digital development that EU member states should focus are cybersecurity upskilling, recognition of industry certifications, as well as the introduction of compulsory computer science education that includes coding and computational thinking.

According to Bonefeld-Dahl there is still a notable discrepancy between member states. Regional experts, as well as the European Commission’s annual Digital Economy and Society Index (DESI), agree, saying that most countries in emerging Europe have some catching up to do.

“At least one in 15 workers in Sweden, Finland and the Netherlands is employed as an ICT specialist. In Bulgaria, Poland and Romania, it is just one in every 30 workers,” Bonefeld-Dahl tells Emerging Europe.

Cybersecurity

“The difference [between member states] is even more concerning when it comes to cybersecurity,” Bonefeld-Dahl continues.

DigitalEurope’s letter to the Commission details that the EU should better identify the current capabilities of member states, outline gaps, and make education on cyber skills easier to access.

Ion Moldoveanu, lead technology manager at Deutsche Bank Romania and board member of ANIS and VP Romania, which focuses on digital skills, digitalisation in education, and public administration in the country, agrees with the content of the letter.

“Society can only handle technological challenges,…

Source…

EU’s eIDAS Proposal Attracts Growing Criticism

/in


BRUSSELS, July 13, 2022 /PRNewswire/ — There is a serious threat to existing internet security measures stemming from the European Commission’s proposed revision to the eIDAS regulation. If implemented, experts say it could open individuals browsing online to additional security risks and set a precedent to allow state-sponsored internet surveillance. As currently drafted, article 45.2 could undermine the EU’s own ambitions to be the frontrunner of a more secure, responsible and competitive internet that protects people from illegal activity.

Under the revised article 45.2 of the eIDAS regulation, browsers would be mandated to accept the EU-designed Qualified Web Authentication Certificates (QWACs) even though they have weaker security properties than those most browsers currently allow. Moreover, browsers would be prevented from applying any of the existing security due diligence checks to the entities which issue these certificates, thereby bypassing the critical first line of defense against cybercrime.

Article 45.2 is attracting growing attention from parliamentarians and cybersecurity experts alike. In her draft report, MEP Romana Jerković, the file’s rapporteur, deleted it in order to have more time to figure out an approach that doesn’t compromise security. Meanwhile, in a letter sent to MEPs and EU countries, academics said that mandating the use of QWACs could introduce “significant weaknesses into the global multi-stakeholder ecosystem for securing web browsing.” They added that the move could make it “more difficult to protect individuals from cybercriminals.”

Attempts have been made in the past to forcefully bypass browser security checks for rights-interfering ends, most notably in Kazakhstan in 2020 and Mauritius in 2021. In both cases, the governments aimed to use so called “man-in-the-middle” attacks to carry out state-sponsored surveillance of internet traffic.

Marshall Erwin, Chief Security Officer at Mozilla, said: “While this is not the intent of the EU, the inclusion of article 45.2 in eIDAS will make it more difficult to push back on these surveillance attempts in future. The EU sets many global standards and we’re concerned that if this is copied…

Source…

EU’s Borrell voices solidarity with US in SolarWinds hack

/in


BRUSSELS (AP) — The European Union’ foreign policy chief expressed “solidarity” with the U.S. Thursday in the wake of the so-called SolarWinds hack, a breach of federal government agencies and American corporations that’s blamed on Russian hackers.

At least nine federal agencies, including the Department of Homeland Security, were hacked, along with dozens of private-sector companies. The months-long cyberespionage operation was carried out largely through a hack of widely used software from Texas-based SolarWinds Inc.

EU top diplomat Josep Borrell said in a statement that the “compromise affected governments and businesses worldwide, including in EU Member States.”

“We share the concerns of our partners about the increasing number of malicious cyber activities,” Borrell said.

He expressed particular alarm at the recent increase in activities affecting information and communication technology products and services, “which might have systemic effects and cause significant harm to our society, security and economy.”

The Biden administration is expected to soon announce a response to the SolarWinds hack, and has also been occupied by an intrusion affecting Microsoft Exchange email software. The company has said that was carried out by Chinese state hackers.


“All actors must refrain from irresponsible and destabilizing behavior in cyberspace,” Borrell said, adding that the EU would work closely with international partners to deter and respond to malicious cyber activities.

Source…