EU democratic standards and global vision for safe web browsing – EURACTIV.com
The revision of the eIDAS regulation has launched a discussion on who sets the standards for secure web browsing via qualified website authentication certificates. Dr. Kim Nguyen, Managing Director of D-Trust (a Bundesdruckerei Group company), explains why European digital sovereignty is the best option.
Dr. Kim Nguyen is the Managing Director of D-Trust GmbH, a Bundesdruckerei Group company.
With Adapting Europe to the digital age, the von der Leyen Commission has set us on the path to a new digital age for the European Union. Digital technology has a profound impact on our lives and, if the EU is to take its values and principles seriously, Europe needs this change to benefit both citizens and businesses.
True EU sovereignty requires sincere and well-intentioned protection of its citizens. In this effort, two aspects play a key role: the ability to verify digital content, URLs and identities as well as the ability to establish sovereign European standards.
Why are standards and their certification so important? Standards represent quality, ensure safety and build trust. When you are currently visiting a website, your browser will display a lock icon. This indicates that you have established an encrypted connection with the digital destination you accessed. This connection is secured via digital certificates.
However, only Qualified Website Authentication Certificates (QWAC) provide transparency and confirm and provide the secure identity of the website provider for the user. They are – in a way – your “defense” against fraudulent sites and malicious actors. They establish the level of trust in a website, which is necessary for you to browse safely, because they ensure that your personal information – including sensitive data such as credit card information – is not only protected during their transmission, but do not fall in the wrong direction. hands.
According to a 2018 study, the websites of the twenty largest online sellers in Germany alone have been illegally reproduced more than 7,000 times. This example impressively demonstrates the threats to Internet users as well as the need for website authentication mechanisms.
The question of who is responsible for setting standards for websites and who oversees them has become a hotly debated topic. Given the experience in other sectors, such as transport, pharmaceuticals or finance, it should be quite obvious that standards are set and controlled by neutral external control bodies.
However, today browsers set and verify security standards themselves and can arbitrarily decide whether or not to display QWACs.
The European Commission now intends to transfer this decision-making power from the hands of international “Big Tech” companies to democratically elected European regulators and a “governance system” which consists of certification bodies and audit as well as national oversight bodies. including means and processes for dealing with potential critical issues. Some web service providers claim to uphold consumer protection and provide safer solutions on their own responsibility.
While it is true that some digital companies excel in their sectors and that it is easier for them to create certification schemes for their own browsers, this argument hides an important aspect: such an approach would leave the question of standards and responsibility entirely in their hands. These companies essentially aim to usurp the role of trust service providers and take on crucial internet security responsibilities on behalf of the European Union.
In a world of big tech companies and increasingly powerful authoritarian regimes outside of Europe, the question of who to trust to set and control the norms of the digital world is becoming increasingly important. Why would we trust the largely opaque internal processes of global corporations – without any “external oversight” – more than our own democratic institutions? As European citizens, we should choose to be the ones who decide who sets and oversees these standards.
By setting standards at European level, we can even avoid becoming dependent on a single government. European solutions may not be perfect, but EU governance has become very well established over the years and can still be developed. The Commission’s proposal to revise the eIDAS Regulation is in line with the ambition of the European Union to strengthen its attachment to its values such as sovereignty, responsibility and transparency.
Contrary to what the recent anti-QWAC campaign has suggested, the standard setting of liberal democratic institutions is well established, has served Europe well for decades, and can in no way be compared to government overreach. undemocratic states like Kazakhstan. In accordance with democratic principles, European standards should be developed in cooperation with technical experts from business, civil society and government.
For a website verification to be trustworthy in Europe, European standards are needed. EU standards reinforce EU sovereignty, and from EU sovereignty follows the maintenance of the spirit of EU laws. EU standards mean that we, as European citizens, governments and businesses, develop the ground rules for the digital world together. Joint events, which bring together policy makers, businesses and civil society, such as the European roundtable on digital identitycan make an important contribution to this process.
Furthermore, it means that other companies and institutions will have to follow the standards developed by and for Europeans, thus giving us a competitive advantage. This also implies that online verification will rely on European players. Giving up control over the certification of websites will not help the EU to become more sovereign or more democratic. Therefore, the EU should make use of its right for democratically legitimized representatives and officials to set standards that are in the interest of European citizens.