Monthly Archives: November 2016

SEB is looking for project manager of authentication and security

seb_digiauthsec

Your responsibilities:
• Authentication and internet bank security solutions related project management
• Product management, analyze/interpret security needs and translate them into application and operational requirements
• Monitor and analyze performance data related to automated fraud detection to develop improvements
• Risk analysis and high proactivity in managing risks

Who we are looking for:
• Project management and analysis skills are essential
• You understand or are a fast learner to explain 2factor authentication, Public Key Infrastructure, Electronic identification (eID) and electronic Trust Services (eTS) in the context of EU Digital Single Market
• Ability to multitask and prioritize work in a changing business climate
• You feel that writing documentation, preparing audits and answering security and risk assessment questionnaires is something you are comfortable to handle from time to time
• Readiness to travel between Baltic countries

This is an advantage if you have knowledge of fraud prevention/detection Technologies, have university degree in computer sciences or economics and feel comfortable to work independently/use time efficiently.

Education required: Higher education (bachelor)
Languages required: English
Location: Vilnius/Riga
Deadline for applying: 04. December 2016

Links:
http://www.cv.ee/job-ad/seb-pank/project-manager-of-authentication-and-security-f3204148.html

Criminal procedure and digital evidence in Estonia by Eneli Laurits

digital_evidence_and_electronic_signature_law_review

It has been decided in Estonia that by the year 2020, a criminal file may be digital. Following on from this decision, it is necessary to decide how to incorporate into the law a regulation concerning digital evidence with the aim of seizing as much as possible evidence in its initial digital form, and ensuring the evidence is seized in the place where it is physically located.

This article aims to sum up the most common activities within which digital evidence might be taken, highlighting the potential problems of interest to the legislature when elaborating specific regulations for digital evidence.

Quite disturbing revelation is that by the current law, the law enforcement agents, after court authorized inspection, seizure or remote take-over of the computer system, are allowed to access any other remote resources that the system has access to:

The Advisory Guidelines on IT-Evidence, prepared on 24.05.2016 by law enforcement agencies, claim that in case of public investigative measures (inspection, search) and covert surveillance, no request for legal assistance is needed for data stored in cloud on foreign states’ servers.

For example, upon apprehension, a suspect has a computer or a smartphone unprotected with a password, and it is possible to obtain and to look through the information about the data stored, for example, in the cloud or in an e-mail box (which are not on the Estonian servers). Even when prosecutors approach the court on their own initiative, and by pointing out an obvious similarity between the search of a computer system and the search of a physical space to obtain permission from the court, preliminary investigation judges have so far found that such permission is not needed.

The Supreme Court has found that a permission granted by a prosecutor, and not by a court, is enough to observe, copy data in the person’s e-mail box (including when an e-mail box is located on a foreign state’s server) and to covertly examine a part of the server where a particular e-mail box is located, because messages are then not being transmitted, but they have already reached a recipient.

Links:
http://journals.sas.ac.uk/deeslr/article/download/2301/2254

Book Chapter: E-voting in Estonia by Dylan Clarke and Tarvi Martens

real_world_electronic_voting

“Real-World Electronic Voting: Design, Analysis and Deployment” is a new book about to appear on secure electronic voting. One chapter describes the Internet voting used in Estonia.

In Chapter 6, Dylan Clarke, an ERC research fellow at Newcastle University, and Tarvi Martens, the chief architect of the Estonian remote Internet voting system, describe the Estonian Internet voting system. Since the first pilot in 2005, Internet voting has been used for the whole country in three sets of local elections, two European Parliament elections and three parliamentary elections.

The draft is available in arXiv.org.

Links:
https://www.crcpress.com/Real-World-Electronic-Voting-Design-Analysis-and-Deployment/Hao-Ryan/p/book/9781498714693
https://arxiv.org/pdf/1606.08654v1.pdf

Database of real estate transactions was accessible for years

kristjan_gross

Brokers have collected information on real estate transactions including addresses in the password-protected tehingud.ee database for years. The database includes information on sale of apartments, including dates and prices. It is strange that the portal has been allowed to operate for years. A quick internet search shows it was founded in 2011 by self-proclaimed real estate expert Kristjan Gross. An article from years ago suggests that the portal charged 99 cents for a query. It also reveals that the database had information on more than 5,000 transactions from all over the country when it was launched and that data was added regularly. Searches of price information could be based on county, parish, town, borough, street, size and condition of real estate object.

«We have reason to suspect that the website uses data from the Land Board’s transactions database,» Jürgens adds. «We do not know how the data ends up in the brokers’ portal; however, current legislation states it can only be accessed by licensed valuators,» says Tiia Redi, executive manager of the Estonian Association of Appraisers. The matter is made more peculiar by the fact that the portal’s owner works as a valuator of land and admits he has access to the Land Board’s database.

«It is possible to use transaction and land register data to indirectly identify persons who have participated in transactions,» Jürgens explains. The state has so far kept to the principle that people’s income is not public information, and that includes proceeds from sale of real estate. «The trend is towards openness elsewhere in the world. The Land Board will analyze the possibility of amending laws that regulate use of transaction data. The main question is whether and to what extent society is ready for all real estate transactions to be made public. Disclosing sale prices could constitute sensitive information as it ties into people’s financial interests,» Jürgens adds. She says that the board feels corresponding public debate is necessary.

Links:
http://news.postimees.ee/v2/3871895/secret-brokers-database-under-investigation

License plate-reading cameras to be installed at border crossings

estonian_border-licence_plate_recognition

In efforts to crack down on an increasing issue with Estonians crossing the country’s southern border in order to buy cheaper alcohol there, the Estonian Tax and Customs Board (MTA) wants to install license plate-reading cameras at ten or so currently unsupervised Estonian-Latvian border crossings.

This summer season’s record violation, for example, was discovered last week, when customs officials detained a commercial vehicle in Estonia whose driver had picked up a ton and a half of beer with the intention of delivering it to Finland; the likely intention was to resell the alcohol in Finland, as the cost of beer in Finland is currently twice that of Latvian prices.

“He had already completed a number of successful trips across the border at Ikla and from here on to Finland,” explained Urmas Koidu, director of the customs department at the MTA. “We were able to track him down specifically thanks to the license plate recgnition system.

It is strange that there are still some borders that are not covered by the system. Compared to the intelligence gathering capabilities the system provides, the motive to fight alcohol smuggling is a joke.

Links:
http://news.err.ee/v/news/c6c29079-4a1b-414f-819d-a1272018d477/tax-authority-wants-alcohol-tourists-watched-by-cameras