House Commerce Committee Leaders Question Tech Giants on Security Features of Digital Certificates

The lawmakers had questions about digital certificates, which are used to ensure the confidentiality and security of sensitive information transmitted through Internet transactions. A certificate authority’s (CA) “unfettered authority to issue certificates is heightened when the CA is owned and operated by a government,” the lawmakers said. “Because digital certificates are used to ensure the security and confidentiality of private communications like e-mail and social media, such services can be targets for actors who wish to inhibit political freedoms such as free expression,” they said. The lawmakers asked the companies for their views on the “significance of this potential weakness as it relates to CAs owned by governments and whether there are changes that could be implemented to protect the integrity and trustworthiness of digital certificates,” and for a response to four specific questions by June 23. The lawmakers asked: whether restricting CAs run by governments to just issuing certificates for their own properties would improve security and stability of the certificate ecosystem; whether it’s technically feasible to restrict government CAs to their own properties; potential negative effects of such a restriction; and if other policies or technologies would improve the security and stability of the certificate ecosystem.