Monthly Archives: November 2015

Amendments to allow invasion of privacy without judicial approval


The Ministry of the Interior is drawing up legislation to expand the rights of ISS, the Internal Security Service and the Information Board, the foreign intelligence agency. Current laws governing security agencies date back to 2001, when the security situation in Estonia and in the world was different, Eesti Päevaleht reported.

Another change would give ISS the right to breach home, family and private life sanctity without the approval of a judge, if officials are unable to reach a judge or the situation deems a quick response. The bill, if it enters force, would compel ISS officials to ask a judge for permission at the earliest possibility and if permission is rejected, the operation must be stopped immediately.

“The need for that has appeared in combating terrorism and in prevention of the movement of weapons, ammunition and explosives,” the motion reads.


Security system of president’s new residence publicly available on the Internet


Drawings of the security systems of Estonia’s new presidential residence in the Rocca al Mare district of Tallinn were for four days publicly available on the internet, news of the public broadcaster ERR reported.

The state real estate management company Riigi Kinnisvara AS (RKAS) that launched a tender for the renovation of the residence uploaded in the register of construction tenders the entire project documentation which among other things revealed the positions of movement sensors and surveillance cameras, how many household members would be given panic buttons with direct connection to the police, and where runs the cable the breaking of which would cut off electricity supply to the residence.

RKAS said in response to ERR news that surveillance cameras are only one part of the complex security system of the residence and that the project documentation did not include the part of the system classified as a state secret.

But spokeswoman for the Internal Security Service (ISS) Agnes Suurmets-Ots said such information definitely ought not to be publicly available. “We have to admit that it poses a security threat once such information has become public in a very regrettable way,” she said. The spokeswoman said she cannot at this point offer a comment on the measures that will be taken, but ISS certainly does not agree with RKAS chief’s opinion that the leak does not represent a security threat.

Access to the documents concerning the security of the residence has been restricted by now.


Tax refund scammers use the name of the Estonian Tax and Customs Board


“Today I received an email from Already at the beginning it seemed doubtful that such letter would come in November. However, even more bizarre became the thing when I opened the link from this email. It is obvious that this email seeks to scam out of naive people their credit card details – card number, CVV2 code” a person who received the letter writes in her Facebook post.


Banks twisting client arms to draw out personal data


Nordea and Danske clients complained to Postimees that said banks withheld services related to transfers and purchase of shares as the individuals failed to fill fresh personal data declaration.

The banks told Postimees that they are not collecting the detailed data on their own initiative but are under obligation to fulfil diligence measures arising from laws and other regulations.

Danske Bank explained that the information collected about customers has become very detailed. «In addition to an individual’s personal and document data, a bank must identify the customer’s activity profile, field of activity, volume of activity (bank account turnover), main partners,» explained the bank’s communication chief Tõnu Talinurm. «Pursuant to Tax Information Exchange Act, Danske Bank A/S Estonian branch needs to provide Tax and Customs Board information regarding US tax residents known to it or presumed by it. Because of that, we need to ask all clients whether they are US tax residents.»

Data Protection Inspectorate’s main stand is that the bank presenting the questions must also ensure that the clients know why they need to declare the extra data.

Financial Supervision Authority said the laws do lay on banks the obligation to know their customers, but do not prescribe specific questions.


Public lecture at Estonian IT College by CyberOlympics winner Jaanus Kääp


On Thursday, 19 November at 15.00, the winner of CyberOlympics, Jaanus Kääp, will give a free public lecture at the IT College. The Olympic champion will share what he learned at world famous security conferences and talks about finding security errors and developing the necessary skills.

The first CyberOlympics were organised by the Information Technology Foundation for Education, the Ministry of Defence, the Estonian Information Technology College, and Vequrity Ltd and it was won by Jaanus Kääp, a second-year student of IT systems development at the Estonian Information Technology College and data security expert at Clarified Security. The grand prix was the opportunity to participate at the prestigious “Black Hat Europe 2015” information security conference in Amsterdam. At the public lecture, the Olympic champion Jaanus will share the more interesting tips and tricks for finding security errors that were presented at the Black Hat Europe and Defcon security conferences and talk about the application of skills to finding security errors during the CyberOlympics and elsewhere.

The public lecture will take place in the IT College building in Mustamäe (Raja 4C, Tallinn, lecture hall 316). already informed about hacking competition CyberOlympics 2015.