Monthly Archives: October 2015

E-enabled elections in Estonia: Forum on research and development in 2015

Estonian_internet_voting

During the first half day, Estonian researchers will present the results of a 3-year scientific project that studied the Estonian flavour of verifiable Internet voting from both technical and social aspects. The second half of the first day will be devoted to the presentation of the development ideas of the Estonian solution. The second day holds additional interventions on the topic of remote online voting and offers brainstorming activity where feedback to the ideas of the first day will be gathered interactively.

Thursday (05.11.2015)
09:00 – 09:30 Registration
09:30 – 09:45 Opening keynote
09:45 – 10:30 Kristjan Vassil “Diffusion of Internet Voting in Estonia”
10:30 – 11:15 Mihkel Solvak “Impact of Verification on Trust toward Internet Voting”
11:15 – 11:45 Coffee break
11:45 – 12:15 Taavi Unt “Usage Patterns in Internet Voting Log Files”
12:15 – 13:45 Jan Willemson, Sven Heiberg and Arnis Paršovs “Log analysis of Estonian Internet
voting 2013-2015”
14:00 – 15:00 Lunch
16:00 – Coffee break
15:00 – 17:30 Tarvi Martens, Sven Heiberg and Jan Willemson “Estonian Internet voting 2017+”

Friday (06.11.2015)
10:00 – 10:30 Bingsheng Zhang “How to Achieve Unconditional Integrity in an End-to-end Verifiable E
voting System”
10:30 – 11:00 Kristjan Gjøsteen “A security usability study on the Norwegian e-voting system”
11:00 – 11:30 Carsten Schürmann “Creating Credible Elections”
11:30 – 12:00 Coffee break
12:00 – 12:30 Jurlind Budurushi “An Investigation into the Usability of Electronic Voting Systems with
Paper Audit Trails in the Context of Complex Elections”
12:30 – 13:00 Helger Lipmaa “Privacy and Accountability in Networks via Optimized Randomized Mixnets”
13:00 – 13:30 Filip Zagorski “Improving security of remote voting”
13:30 – 14:30 Lunch
15:00 – Coffee break
14:30 – 17:00 Argument game

Links:
http://cyber.ee/en/news/e-enabled-elections-in-estonia-forum-on-research-and-development-in-2015/

Data Protection Inspectorate allows to process personal data in privacy-preserving manner

sharemind-it-students-deployments

In Estonia, the Ministry of Education and Science keeps track of students and the Tax and Customs Board keeps track of working (by tracking income tax payments). If data scientists could access these databases, they could find the correlation between working during studies and not graduating in time. However, this data cannot be shared because of the Personal Data Protection Act and the Taxation Act (not to mention the relevant EU regulation). This prevents such studies from being performed.

Personal Data Protection Act actually permits processing of personal data for research purposes (see § 16), although data mining in privacy-preserving manner might have some advantages.

We used the Sharemind Application Server with its analytics package Rmind to perform the study in a privacy-preserving way. The privacy-preserving solution was checked by the Estonian Data Protection Inspectorate. Their response was that our solution does not process Personally Identifiable Information (PII) in the meaning of the law.

For actual privacy of the study the institutions are required to audit the code which is being run on the Sharemind server. In this case Tax and Customs Board had a person having skills and willingness to audit the code:

Furthermore, the Tax and Customs Board reviewed Sharemind’s source code to ensure that everything is performed according to the study plan.

The  findings of the study:

Our study showed relations between higher education and higher income, but we found no relation between working during studies and not graduating on time. Instead, it turned out that Estonian students of all fields work an equal amount. Also, our data showed clearly the reduction of employment during the financial crisis in 2008.

Links:
https://www.youtube.com/watch?v=Age06E1TWaA
http://sharemind.cyber.ee/stories_privacy-preserving-policy-decisions.html
http://news.err.ee/v/politics/education/01447de3-b5ef-4863-a42b-8275eb823cab/studies-majority-of-it-students-drop-out-of-university
http://eprint.iacr.org/2015/1159

DDoS attack against Omniva’s partner distrupts the work of parcel machines

omniva_parcel_machine

The DDoS (Distributed Denial of Service) attack that started yesterday (22.10) at 2.30 p.m. and is still ongoing, was directed at the Integer network of Omniva’s cooperation partner, and resulted in a global error in Integer systems. The attack was isolated and main functions of the system were restored by 7 p.m. yesterday evening. The functionality check of parcel machines was completed at 8 p.m. By now, the attack no longer jeopardizes Omniva’s systems. In addition, databases and customer data stored in Integer are definitely protected and are not affected by the attack in any way.

In connection with the attack, sending parcels from parcel machines and receiving paid parcels from the parcel machines was disrupted from 2.30 p.m. to 7 p.m. Customers were able to use parcel machines for receiving packages that were free of charge.

From the description it seems that Omniva accessed Integer’s databases from the same public channel which was attacked, but now Omniva has non-public access to Integer’s databases, which is not available to the attackers.

Links:
https://www.omniva.ee/about_us/news/all_news/parcel_machine_malfunctions_were_caused_by_a_cyber_attack
http://uudised.err.ee/v/eesti/9f133660-eb7d-4091-a199-9fa38942040b/omniva-pakiautomaadid-langesid-kuberrunnaku-ohvriks

SK Annual Conference 2015

sk_conference_2015

E-identity event SK Annual Conference 2015 will take place on November 5, 2015, Vabal Laval Telliskivi Loomelinnakus (Telliskivi 60a, C1-hoone)

09:00-09:30 Registration and morning coffee
09:30-09:45 Overview of SK 2015, Kalev Pihl, SK
09:45-10:45 Identification physically and digitally, Joseph Leibenguth, Gemalto
10:45-11:15 Coffee Break
11:15-11:55 eIDAS and international interoperability, Katrin Laas-Mikko, SK
11:55-12:25 New Mobile-ID and alternatives, Urmo Keskel, SK
12:25-12:45 NutiKaitse 2017: development of security, Andri Möll, Monday Calendar
12:45-13:30 Lunch
13:30-14:00 Life of cryptography, Anto Veldre, RIA
14:00-14:30 Underlying technologies of cryptocurrency, Asse Sauga, Eesti Krüptoraha Liit
14:30-15:40 Tech trends 2030 & company of the future, Richard van Hooijdonk
15:40-16:00 Coffee Break
16:00-16:35 Questions and answers
16:35-16:55 Summary of the day
16:55-17:30 Evening snack

Links:
https://www.sk.ee/ettevottest/aastakonverents-2015/

Webinar “Cybersecurity Risk Management: Estonia Experiences”

webinar_Estonia_Experiences_cybersecurity_risk_management

The Organization of American States (OAS) in partnership with the Estonian Information System Authority (RIA), would like to invite you to register for our next webinar on “Cybersecurity Risk Management: Estonia Experiences”.

Invited Expert: Sven Kivvistik, Head of Risk Control and Advisory Department, Estonian Information System Authority
Thu, Oct 8, 2015 17:00-18:00 EEST

Links:
https://www.sites.oas.org/cyber/EN/Pages/Events/eventsdet.aspx?docid=71
https://vimeo.com/141810655

Talk by IT law and data protection specialist professor Lee Bygrave

Lee A. Bygrave

The IT law programme invites you to a discussion with a distinguished IT law and data protection specialist professor Lee Bygrave from Oslo University. He will give his talk on Friday, October 9, 2015, from 14.15 to 17.30 at the University of Tartu, Faculty of Law, Näituse 20 room 103. The talk will cover the following topics:

  • the US-EU cleavage on data protection regulatory policy;
  • the extent to which data protection rules can and ought to apply to use of human biological material;
  • regulatory policy on privacy-enhancing technology and privacy/data protection by design.

Lee Bygrave’s visit to Estonia is organized by the IT Law Programme. Additional information: Helen Eenmaa-Dimitrieva, Director of the IT Law.

Links:
http://www.ut.ee/itlaw
http://www.jus.uio.no/ifp/english/people/aca/lee/