|
Silvia Böhmer

What the QWAC? Dismantling the heated controversy surrounding eIDAS Article 45

Tuesday, 13. May 2025 - 12:30 to 13:30, Leo 18

Speaker: Dr. Johannes Sedlmeir

Abstract:  Qualified Website Authentication Certificates (QWACs) were introduced by the electronic Identification, Authentication and Trust Services (eIDAS) Regulation in 2014 to provide users a reliable means to assess the trustworthiness of digital services and to strengthen European digital sovereignty. During the eIDAS 2.0 negotiations, plans for the mandatory recognition of QWACs and their graphical highlighting by browsers caused considerable outrage. Among other issues, browser vendors and hundreds of security researchers have warned in several open letters about the large-scale surveillance threats emerging from the mandatory recognition of QWACs. European certificate authorities (“trust service providers”), on the other hand, got involved with position papers challenging these arguments and supporting the Commission’s ambitions. This talk introduces what QWACs are, dissects the main arguments expressed by both sides in the discourse, and attempts an analysis of what the controversy teaches us about discussions involving digital sovereignty.

Short Bio Johannes Sedlmeir is an acting professor of Statistics, Security & Trust at the Information Systems Department of the University of Münster. He previously worked as a research associate at the Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg, and as a researcher at FIM Research Center and Fraunhofer FIT. He received his B.Sc. in Mathematics from the University of Augsburg, his M.Sc. in Theoretical and Mathematical Physics from LMU Munich, and holds a PhD in information systems engineering from the University of Bayreuth. 

In his research, Johannes focuses on the opportunities and challenges of using emerging digital technologies to enhance security and trust when processing data within and across organizations. He does so by designing innovative IT artifacts based on various cutting-edge technical building blocks for enhanced integrity or data minimization, such as blockchains, digital identity wallets, and zero-knowledge proofs. He uses formal (e.g., security and privacy assessments), quantitative (e.g., performance evaluations, economic modeling), and qualitative (e.g., expert interviews) research methods to engage in requirements engineering and evaluations of corresponding solutions. Johannes has published his research in international journals such as Business & Information Systems Engineering, Computers & Industrial Engineering, Electronic Markets, IEEE Transactions on Network and Service Management, Information & Management, Joule, and the Journal of the Association for Information Systems.