Mozilla would remove the Dutch CA, the CA of the Staat de Nederlanden, from its trust list due to the new national legal framework.
The Dutch Information and Security Services Act will come into force in January 2018 and one of the main effects of the new legal framework is that country’s certificate authority, CA of the Staat de Nederlanden, could be taken off the Mozilla’s trust list.
The new security laws specifically address metadata retention powers and surveillance activities. Like legal frameworks adopted by other countries, the law grants broad-based interception powers for Dutch authorities.
Mozilla maintainers argue that under the new law, the CA of the Staat de Nederlanden could be forced by the Government to support interception by abusing SSL proxying.
The Dutch secret services, with the help of the CA of the Staat de Nederlanden, could access the encrypted traffic, a situation that threatens also other European states because in The Netherlands operates major transit services.
“The new “Wet op de inlichtingen- en veiligheidsdiensten (Wiv)” (Law for intelligence and security services) has been accepted by the Dutch Government. Provisions authorizing new powers for the Dutch intelligence and security services will become active starting January 1st, 2018.” wrote Chris Van Pelt
“This revision of the law will authorise intelligence and security to intercept and analyse cable-bound (Internet) traffic, and will include far-reaching authorisations, including covert technical attacks, to facilitate their access to encrypted traffic.”
“Article 45 1.b, explicitly authorises the use of ‘false keys’ in third party systems to obtain access to systems and data”.
Van Pelt pointed out that the Dutch CA is operated by PKIOverheid / Logius that is a division of the Ministry of Interior and Kingdom Relations that also operates the AIVD intelligence service.
For this reason, Van Pelt suggests to take off the Dutch CA from the Mozilla ‘s trust list.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.