Category Archives: Privacy

ID card or Mobile-ID required to post comments on ERR

err_comment_auth

In the Estonian and Russian language versions of Estonian public broadcasting portal Err.ee comments will be allowed only after identification with ID card or Mobile-ID.

Err.ee reported that for a wider audience commentators still remain anonymous and can use nicknames. However, their identification data – name and personal identity number – if necessary, will be available only to the chief editor, but not other media staff or readers. As explained ERR, user identification will allow if necessary to contact the commentators, for example, to find out further information.

Changes do not affect the English version of ERR.ee, because its users are mainly foreigners.

Links:
http://uudised.err.ee/v/eesti/d631cdc9-8393-4fc1-8fd7-96f5260c7d41/

Amendments to allow invasion of privacy without judicial approval

kaitsepolitsei

The Ministry of the Interior is drawing up legislation to expand the rights of ISS, the Internal Security Service and the Information Board, the foreign intelligence agency. Current laws governing security agencies date back to 2001, when the security situation in Estonia and in the world was different, Eesti Päevaleht reported.

Another change would give ISS the right to breach home, family and private life sanctity without the approval of a judge, if officials are unable to reach a judge or the situation deems a quick response. The bill, if it enters force, would compel ISS officials to ask a judge for permission at the earliest possibility and if permission is rejected, the operation must be stopped immediately.

“The need for that has appeared in combating terrorism and in prevention of the movement of weapons, ammunition and explosives,” the motion reads.

Links:
http://news.err.ee/v/politics/9bd6fa2f-eff9-4122-bd12-fa4a513325ad/intelligence-agencies-to-get-more-powers
http://epl.delfi.ee/news/arvamus/juhtkiri-kapo-ei-vaja-voimu-juurde?id=73046971

Data Protection Inspectorate allows to process personal data in privacy-preserving manner

sharemind-it-students-deployments

In Estonia, the Ministry of Education and Science keeps track of students and the Tax and Customs Board keeps track of working (by tracking income tax payments). If data scientists could access these databases, they could find the correlation between working during studies and not graduating in time. However, this data cannot be shared because of the Personal Data Protection Act and the Taxation Act (not to mention the relevant EU regulation). This prevents such studies from being performed.

Personal Data Protection Act actually permits processing of personal data for research purposes (see § 16), although data mining in privacy-preserving manner might have some advantages.

We used the Sharemind Application Server with its analytics package Rmind to perform the study in a privacy-preserving way. The privacy-preserving solution was checked by the Estonian Data Protection Inspectorate. Their response was that our solution does not process Personally Identifiable Information (PII) in the meaning of the law.

For actual privacy of the study the institutions are required to audit the code which is being run on the Sharemind server. In this case Tax and Customs Board had a person having skills and willingness to audit the code:

Furthermore, the Tax and Customs Board reviewed Sharemind’s source code to ensure that everything is performed according to the study plan.

The  findings of the study:

Our study showed relations between higher education and higher income, but we found no relation between working during studies and not graduating on time. Instead, it turned out that Estonian students of all fields work an equal amount. Also, our data showed clearly the reduction of employment during the financial crisis in 2008.

Links:
https://www.youtube.com/watch?v=Age06E1TWaA
http://sharemind.cyber.ee/stories_privacy-preserving-policy-decisions.html
http://news.err.ee/v/politics/education/01447de3-b5ef-4863-a42b-8275eb823cab/studies-majority-of-it-students-drop-out-of-university
http://eprint.iacr.org/2015/1159

Talk by IT law and data protection specialist professor Lee Bygrave

Lee A. Bygrave

The IT law programme invites you to a discussion with a distinguished IT law and data protection specialist professor Lee Bygrave from Oslo University. He will give his talk on Friday, October 9, 2015, from 14.15 to 17.30 at the University of Tartu, Faculty of Law, Näituse 20 room 103. The talk will cover the following topics:

  • the US-EU cleavage on data protection regulatory policy;
  • the extent to which data protection rules can and ought to apply to use of human biological material;
  • regulatory policy on privacy-enhancing technology and privacy/data protection by design.

Lee Bygrave’s visit to Estonia is organized by the IT Law Programme. Additional information: Helen Eenmaa-Dimitrieva, Director of the IT Law.

Links:
http://www.ut.ee/itlaw
http://www.jus.uio.no/ifp/english/people/aca/lee/

The suspected mayor of Tallinn ordered regular bug sweeps

kapo_pressconf

By eavesdropping on telephone calls, the investigators were aware who and when Mr Savisaar met and what to keep in mind while collecting evidence. The investigators were aware that dark matters are not discussed over the phone, and that plain speech would be avoided if at all possible.

Here is where hidden cameras are helpful, installed by court permission. However, even these are in danger to be discovered. Especially with Mr Savisaar, as the all-suspecting Mayor of Tallinn is in the habit of asking people close to him «bug control» places linked to him from time to time. Therefore, Kapo was at pains to diligently plan where and for how long to install stuff.

Links:
http://news.postimees.ee/3337697/the-scandal-long-feared-laid-bare

Estonian blocked as UN’s first digital privacy investigator

United_Nations_Logo

The Estonian picked as the United Nation’s first digital privacy investigator was blocked on Friday by the German president of the UN Human Rights Council, after activist groups said she would not be a strong enough critic of US surveillance.

Nyman-Metcalf said she also found it bizarre that she had been criticised for saying there was no such thing as total privacy. “We all see these surveillance scandals and of course that’s upsetting, but at the same time there’s more and more pressure to do something against terrorism. There are lots of things that are pushing in different directions.”

Estonian ambassador Juri Seilenthal told Reuters that there needed to be privacy guarantees but “terrorists and child pornographers” must not be able to benefit from a right to privacy.

It would be more prudent for Estonian policy-makers to change the rhetoric to the one laid down in the Keys Under Doormats report:

Lawmakers should not risk the real economic, geopolitical, and strategic benefits of an open and secure Internet for law enforcement gains that are at best minor and tactical.

Links:
http://www.theguardian.com/world/2015/jul/04/estonian-blocked-as-uns-first-digital-privacy-investigator

Concerns about European Commission’s plans to backdoor Estonian ID card

idcard_backdoor

The European Commission presented a new plan for internal security, which is driven by the concern that powerful encryption is helpful to crime and terrorism. The initiative will not leave Estonia untouched as currently ID card provides encrypted communication ability.

Prime Minister Taavi Rõivas announced that Estonia should not give up to pressure by allowing to create a backdoor in ID card. Taavi Rõivas confirmed to Eesti Päevaleht and Delfi that cybersecurity and data confidentiality is fundamentally important.

He added that the law enforcement authority will have to find other ways to control crime, “Estonia is of the view that the fight against crime will have to find other means and not at the expense of ID card security“.

While the ID card software package includes utility that can be used to encrypt files, average Estonian does not use ID card to encrypt his communications, but merely use it as an authentication tool. Unless this significantly changes, the encryption ability provided by ID card will not be of significant interest to law enforcement authorities.

Even today, If a law enforcement authority would want to decrypt files encrypted with ID card, they could use official feature built into the ID card which lets ID card manufacturer to reset PIN code and gain authorization to private key operations (i.e., decryption).

Anto_Veldre_RIA

Anto Veldre: This it is not very likely that some criminal would like to go to migration authority, give biometrics to the government and start to encrypt. Isn’t there any easier way to do it? Western world do not like that terrorist can send encrypted emails.
Interviewer: Is Estonian ID card in danger on the background of Europol requirements/thoughts?
Anto Veldre: I don’t think so. Estonian representatives in EU can handle this problem on political level (show the danger and peoples’ trust in current system). Police have their own techniques and they can handle their work.

Links:
http://epl.delfi.ee/news/eesti/politseile-oigus-id-kaardi-koodi-murda-euroopas-tahetakse-krupteerimisele-ametlikke-tagauksi?id=71438223
http://epl.delfi.ee/news/eesti/roivas-id-kaarti-kompromiteerida-ei-tohi-kuritegevusega-voitlemiseks-tuleb-leida-teised-viisid?id=71443761
http://etv.err.ee/v/meelelahutus/terevisioon/saated/4d030bd7-c496-476c-9f21-551007d89c06 (39:32 – 46:43)
http://uus.minut.ee/tagauksed-kruptos-ja-id-kaart/

SignWise Chrome plugin leaks ID card certificate to arbitrary web sites

signwise_privacy_leak

If you have installed the SignWise plugin (available for Windows and OSX, up to at least version 1.10) to your computer, beware of privacy considerations. SignWise Chrome extension forwards the end-user certificate of the inserted eID smart card without any user interaction to any website, in plain text!

A malicious web site has to embed only a few lines of JavaScript code to collect certificate information from its visitors:

var s = new SignWiseChromePlugin();
s.getAuthenticationCertificate(function(v, e) {…

Similar flaw in 2010 was observed in the official EstEID browser plugin. Will see how much time it will take for SignWise to fix this flaw.

Update from the SignWise Team:

SignWise is happy that our software and services are used by the experts who value the high level security. We are sorry that our provided software had such a problem as described in your post. As of today (12.03.2015) we are happy to inform that your described problem is solved and user information is not shared anymore as described in your post. Our products: SignWise Services (https://www.signwise.org) and SignWise Portal (https://portal.signwise.org) have been built following highest standards of security and strict confidentiality in mind and following the business and security requirements and demands to e-sign high-value electronic documents both in-country and cross borders.

Links:
http://martinpaljak.net/sign/swhack.html
http://id.anttix.org/leak/leak.html

Attacks against Gemalto do not endanger the security of Mobile-ID

gemalto_ceo

Gemalto, which is the largest manufacturer of SIM cards in the world, launched an internal investigation after The Intercept six days ago revealed that the NSA and its British counterpart GCHQ hacked the company and cyberstalked its employees. In the secret documents, provided by NSA whistleblower Edward Snowden, the intelligence agencies described a successful effort to obtain secret encryption keys used to protect hundreds of millions of mobile devices across the globe.

Some mobile operators in Estonia use Mobile-ID SIM cards supplied by Gemalto. Here is Estonian Certification Centre response:

Attacks against Dutch SIM card manufacturer Gemalto which became public yesterday does not endanger Mobile-IDs. AS SK (Certification Centre) confirmed that the attacks against the world’s largest SIM card manufacturer Gemalto does not threaten the security of Estonian Mobile-ID.

“We analyzed the information available to us about the attack and verified that the Mobile-ID security is not affected, Mobile-ID is still secure, and users do not need to make adjustments to their normal behavior in any way,” said the head of the Certification Center Kalev Pihl.

Gemalto has released a public report where the company tries to downplay the significance of NSA and GCHQ hack. But that is understandable:

The company was eager to address the claims that its systems and encryption keys had been massively compromised. At one point in stock trading after publication of the report, Gemalto suffered a half billion dollar hit to its market capitalization. The stock only partially recovered in the following days.

Fortunately, the exploitation of the stolen symmetric keys requires the attacker to be in close proximity of the victim’s mobile phone and requires to perform active MITM attack at the moment when the victim performs Mobile-ID transaction.

Update about Estonian mobile network operators’ use of Gemalto SIM cards:

Estonian National Electoral Commission’s e-voting commission’s deputy chairwoman Epp Maaten said that among Estonian mobile operators, only EMT uses SIM cards issued by Gemalto, but only as pre-paid call cards and Gemalto is not the only vendor of the cards.

Links:
https://theintercept.com/2015/02/25/gemalto-doesnt-know-doesnt-know/
https://sk.ee/uudised/runnakud-gemalto-vastu-ei-ohusta-mobiil-id-turvalisust/
http://democracychronicles.com/estonian-internet-voting-safety/

Secure multi-party computation considered for fighting VAT fraud in Estonia

mpc_tax

In 2013 parliament mandated an invoice data annex to the VAT return whereby all firms must report all transactions with other firms exceeding 1000 Euros, with a view to checking that the buying and selling companies were declaring the same amount. Following lobbying by businesses about the accounting overhead and business secrets, the president vetoed the bill.

Sander and colleagues approached the tax and customs board with a proposal to use secure multiparty computation, and built a research prototype using Sharemind. The idea is to break VAT declarations into three shares, on servers run by the tax board, the business association, and another party, and run distributed computations to get risk scores for companies. His tests show that it’s feasible; the Estonian economy’s monthly tax returns could be processed in ten days. The remaining problem is that the tax board currently keeps its algorithms proprietary, and would prefer not to reveal them in case they get gamed; at present we don’t know how to run obscure queries in practical amounts of time. Revised legislation has now been accepted and secure MPC is on the tax board’s roadmap for the next few years. In conclusion, MPC can solve some real problems, although business processes may have to be changed.

Links:
https://www.lightbluetouchpaper.org/2015/01/26/financial-cryptography-2015/
http://fc15.ifca.ai/preproceedings/paper_47.pdf