Monthly Archives: August 2016

Woman sentenced for accessing ex-boyfriend’s Facebook account


The agreement concluded with the South District Prosecutor’s Office on 16 May 2016:

In January 2015 Maarja Laanemetsa (32) without authorization logged into account of L.L (her ex-boyfriend) and took a screenshots of L.L.’s private conversations (with other women).  These actions qualify to Penal Code paragraph §217 “Illegal obtaining of access to computer systems” subsection (1) “Illegal obtaining of access to computer systems by elimination or avoidance of means of protection is punishable by a pecuniary punishment or up to three years’ imprisonment”.

Moreover, after entering social network and illegally taking the screenshots of L.L.’s private conversations, the accused forwarded the conversations to K.M (L.L.’s new partner) thereby violating Penal Code paragraph §156 “Violation of confidentiality of messages” subsection (1) “Violation of the confidentiality of a message communicated by a letter or other means of communication is punishable by a pecuniary punishment.”

Type and amount of the penalty:
Prosecutor pursuant to Penal Code paragraph §63 subsection 1 asks the court to sentence the accused for two month imprisonment. On the basis of the Penal Code paragraph §73 section (1) sentence imposed is not enforced in full unless during one year probation period the accused commits a new intentional crime.

The accused shall reimburse the costs of criminal proceedings:
State legal fees of EUR 48 and according to Code of Criminal Procedure paragraph §179 section (1) subsection 2 compensation of EUR 645 (1.5 times the amount of the minimum monthly wage).

Didn’t the accused violate the confidentiality of a message already when she read the private conversations? Is the disclosure to third person required to qualify according to Penal Code paragraph §156?


Homomorphic Tallying for the Estonian Internet Voting System


Abstract. In this paper we study the feasibility of using homomorphic tallying in the Estonian Internet voting system. The paper analyzes the security benefits provided by homomorphic tallying, the costs introduced and the required changes to the voting system. We find that homomorphic tallying has several security benefits, such as improved ballot secrecy, public verifiability of the vote tallying server and the possibility for observers to recalculate the tally without compromising ballot secrecy. The use of modern elliptic curve cryptography allows homomorphic tallying to be implemented without a significant loss of performance.
The homomorphic tallying scheme described above is not new. The scheme was introduced in 1997 by Cramer et al. [6] and has been used in the Helios open-audit voting system [1] for years. The contribution of this paper is an analysis of the deployment of homomorphic tallying in the context of Estonian Internet voting, where the performance of the protocol is improved by the use of elliptic curve cryptography.

In the new tender specification published by National Electoral Committee (NEC) we can read that there is a plan to use some kind of mix-net-based technology to provide counted-as-cast verifiability for the local government elections in October 2017. While mix-nets cryptographically are more complicated than homomorphic tallying, the mix-nets are more universal and thus can be used also in elections abroad, where the ballot style is not as simple as in Estonia (e.g., elections where the voter can vote for more than one candidate).


Kapo eavesdropped on Savisaar outside criminal procedure


Lawyers defending Edgar Savisaar are hopeful to kill criminal case against the Centre chairman with just one move – asking that the initial evidence, the basis for all the rest, be declared invalid. This would be the piece of information acquired by security police which afterwards triggered the whole criminal case – by eavesdropping a private conversation between then Mayor of Tallinn Mr Savisaar and Meriton Hotel owner Aleksander Kofkin at the Balalaika.

While talking about the food, a topic slipped in which made police ears perk up. [..] After years of eavesdropping on Mr Savisaar, this for the security police seemed to be a sign that the mayor was involved in issues outside of official responsibilities. [..] While Mr Savisaar is contesting that, the main issue is the method of acquiring the information may not have been legally justified and thus the basis for all the rest of the case would fall off.

In Estonia, security agencies are allowed to eavesdrop on people and institutions outside criminal procedure to prevent danger and in the interests of security. For this, special permission is granted by an expert administrative judge. All related information and related issues (such as statistics) is state secret.

Years of eavesdropping without having a right to ever find it out, and overall statistics being a state secret. As EFF says: When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy.


Estonian Internet voting system to be rewritten from scratch


The new system should provide end-to-end verifiability features:

The current software, created in 2004, needs overhaul as the gradual updates (such as adding the Mobile-ID capacity and others) have rendered the grasp on the source code structure challenging. “The new system will be more universal, allowing more possible applications, in addition to using it for Estonian nation-wide elections and referendums – such as internal elections of large corporations, local government polls and also abroad,” said Tarvi Martens, chairman of Estonian Electronic Voting Committee.

The voting procedure will remain the same for the voter and the source code will remain open. “The planned changes will allow the observers to keep an eye on how the stored e-votes will become election results more efficiently, based on mathematical proof,” Martens explained. “In other words, mathematics will prevail over the human factor. Technical proof allows us to control the system with much more efficiency,” he added.

The full cost of the first contract is 236 800 euros (VAT excluded). The bid was open to all EU entities and received bids from three companies. Cybernetica has won the bid for developing the Estonian electronic voting system, entailing a renewal of the system for the local government elections in October 2017.