SEB is looking for project manager of authentication and security

seb_digiauthsec

Your responsibilities:
• Authentication and internet bank security solutions related project management
• Product management, analyze/interpret security needs and translate them into application and operational requirements
• Monitor and analyze performance data related to automated fraud detection to develop improvements
• Risk analysis and high proactivity in managing risks

Who we are looking for:
• Project management and analysis skills are essential
• You understand or are a fast learner to explain 2factor authentication, Public Key Infrastructure, Electronic identification (eID) and electronic Trust Services (eTS) in the context of EU Digital Single Market
• Ability to multitask and prioritize work in a changing business climate
• You feel that writing documentation, preparing audits and answering security and risk assessment questionnaires is something you are comfortable to handle from time to time
• Readiness to travel between Baltic countries

This is an advantage if you have knowledge of fraud prevention/detection Technologies, have university degree in computer sciences or economics and feel comfortable to work independently/use time efficiently.

Education required: Higher education (bachelor)
Languages required: English
Location: Vilnius/Riga
Deadline for applying: 04. December 2016

Links:
http://www.cv.ee/job-ad/seb-pank/project-manager-of-authentication-and-security-f3204148.html

Criminal procedure and digital evidence in Estonia by Eneli Laurits

digital_evidence_and_electronic_signature_law_review

It has been decided in Estonia that by the year 2020, a criminal file may be digital. Following on from this decision, it is necessary to decide how to incorporate into the law a regulation concerning digital evidence with the aim of seizing as much as possible evidence in its initial digital form, and ensuring the evidence is seized in the place where it is physically located.

This article aims to sum up the most common activities within which digital evidence might be taken, highlighting the potential problems of interest to the legislature when elaborating specific regulations for digital evidence.

Quite disturbing revelation is that by the current law, the law enforcement agents, after court authorized inspection, seizure or remote take-over of the computer system, are allowed to access any other remote resources that the system has access to:

The Advisory Guidelines on IT-Evidence, prepared on 24.05.2016 by law enforcement agencies, claim that in case of public investigative measures (inspection, search) and covert surveillance, no request for legal assistance is needed for data stored in cloud on foreign states’ servers.

For example, upon apprehension, a suspect has a computer or a smartphone unprotected with a password, and it is possible to obtain and to look through the information about the data stored, for example, in the cloud or in an e-mail box (which are not on the Estonian servers). Even when prosecutors approach the court on their own initiative, and by pointing out an obvious similarity between the search of a computer system and the search of a physical space to obtain permission from the court, preliminary investigation judges have so far found that such permission is not needed.

The Supreme Court has found that a permission granted by a prosecutor, and not by a court, is enough to observe, copy data in the person’s e-mail box (including when an e-mail box is located on a foreign state’s server) and to covertly examine a part of the server where a particular e-mail box is located, because messages are then not being transmitted, but they have already reached a recipient.

Links:
http://journals.sas.ac.uk/deeslr/article/download/2301/2254

Book Chapter: E-voting in Estonia by Dylan Clarke and Tarvi Martens

real_world_electronic_voting

“Real-World Electronic Voting: Design, Analysis and Deployment” is a new book about to appear on secure electronic voting. One chapter describes the Internet voting used in Estonia.

In Chapter 6, Dylan Clarke, an ERC research fellow at Newcastle University, and Tarvi Martens, the chief architect of the Estonian remote Internet voting system, describe the Estonian Internet voting system. Since the first pilot in 2005, Internet voting has been used for the whole country in three sets of local elections, two European Parliament elections and three parliamentary elections.

The draft is available in arXiv.org.

Links:
https://www.crcpress.com/Real-World-Electronic-Voting-Design-Analysis-and-Deployment/Hao-Ryan/p/book/9781498714693
https://arxiv.org/pdf/1606.08654v1.pdf

Database of real estate transactions was accessible for years

kristjan_gross

Brokers have collected information on real estate transactions including addresses in the password-protected tehingud.ee database for years. The database includes information on sale of apartments, including dates and prices. It is strange that the portal has been allowed to operate for years. A quick internet search shows it was founded in 2011 by self-proclaimed real estate expert Kristjan Gross. An article from years ago suggests that the portal charged 99 cents for a query. It also reveals that the database had information on more than 5,000 transactions from all over the country when it was launched and that data was added regularly. Searches of price information could be based on county, parish, town, borough, street, size and condition of real estate object.

«We have reason to suspect that the website uses data from the Land Board’s transactions database,» Jürgens adds. «We do not know how the data ends up in the brokers’ portal; however, current legislation states it can only be accessed by licensed valuators,» says Tiia Redi, executive manager of the Estonian Association of Appraisers. The matter is made more peculiar by the fact that the portal’s owner works as a valuator of land and admits he has access to the Land Board’s database.

«It is possible to use transaction and land register data to indirectly identify persons who have participated in transactions,» Jürgens explains. The state has so far kept to the principle that people’s income is not public information, and that includes proceeds from sale of real estate. «The trend is towards openness elsewhere in the world. The Land Board will analyze the possibility of amending laws that regulate use of transaction data. The main question is whether and to what extent society is ready for all real estate transactions to be made public. Disclosing sale prices could constitute sensitive information as it ties into people’s financial interests,» Jürgens adds. She says that the board feels corresponding public debate is necessary.

Links:
http://news.postimees.ee/v2/3871895/secret-brokers-database-under-investigation

License plate-reading cameras to be installed at border crossings

estonian_border-licence_plate_recognition

In efforts to crack down on an increasing issue with Estonians crossing the country’s southern border in order to buy cheaper alcohol there, the Estonian Tax and Customs Board (MTA) wants to install license plate-reading cameras at ten or so currently unsupervised Estonian-Latvian border crossings.

This summer season’s record violation, for example, was discovered last week, when customs officials detained a commercial vehicle in Estonia whose driver had picked up a ton and a half of beer with the intention of delivering it to Finland; the likely intention was to resell the alcohol in Finland, as the cost of beer in Finland is currently twice that of Latvian prices.

“He had already completed a number of successful trips across the border at Ikla and from here on to Finland,” explained Urmas Koidu, director of the customs department at the MTA. “We were able to track him down specifically thanks to the license plate recgnition system.

It is strange that there are still some borders that are not covered by the system. Compared to the intelligence gathering capabilities the system provides, the motive to fight alcohol smuggling is a joke.

Links:
http://news.err.ee/v/news/c6c29079-4a1b-414f-819d-a1272018d477/tax-authority-wants-alcohol-tourists-watched-by-cameras

SK Annual Conference 2016

sk_conference_2016

E-identity event SK Annual Conference 2016 will take place on November 3, 2016, Kultuuri Katel (Põhja pst 27a, Tallinn).

Agenda:
09:00-09:30    Registration and morning coffee
09:30-09:40    Presentation of the exhibitors
09:40-10:30    Overview of SK 2016, Kalev Pihl, SK
10:30-11:00    Updates to SK services portfolio, Liisa Lukin, SK
11:00-11:15    Cofee Break
11:15-12:15    Keynote Peter Zinn: We’re All Gonna Д13
12:15-13:00    Lunch
13:00-13:30    From e-Estonia to e-Europe, Katrin Laas-Mikko, SK
13:30-14:00    Future plans of ID-software, Margus Arm, Riigi Infosüsteemi Amet
14:00-14:30    Overview of near markets: Baltikum and Nordic countries, Lauri Immonen, Telia
14:30-15:00    Cofee Break
15:00-15:20    From physical to virtual: SIM and eSIM convergence, Jürgen Niinre, Telia
15:20-15:50    New SK eID solution, Urmo Keskel, SK
15:50-16:10    Renewed DigiDoc portal, Gintas Balčiūnas, Estina
16:10-16:40    Round of question and answers
16:40-17:00    Summary of the day by digital world enthusiasts
17:00-17:30    Evening snack

Links:
https://www.sk.ee/ettevottest/aastakonverents-2016

The head of SMIT’s security department Tiit Hallas gives public lecture on cryptography

tiit-hallas

The public lecture will be held in the building of the IT College, Raja 4C, auditorium 314, Tuesday, October 18, at 13:00. The public lecture will also be broadcast live on the website of the IT College.

The main purpose of Tiit Hallas public lecture is to answer various question on the topic. Tiit will talk about cryptography related terms, describe the overall level of how cryptography works and the need for cryptography to ensure the security. Tiit has promised to bring sophisticated content to listeners as simply
and understandably as possible.

Tiit Hallas has worked in information security for over eight years in both public and private sector and has gained plenty of practical as well as theoretical experience in the field. He has a BA in Information System Development from IT College and an MSc in Cyber Security from Tallinn University of Technology. As well as delivering lectures and talks on the subject, Tiit is involved with Information Security in his daily work as the Head of Information Security at the IT and Development Centre of the Ministry of the Interior, where he not only manages staff but is also engaged with finding solutions to practical information security issues.

The lecture will be in Estonian.

Links:
http://www.itcollege.ee/blog/2016/10/12/smiti-infoturbeosakonna-juhataja-tiit-hallas-peab-kuberturvalisuse-kuu-raames-it-kolledzis-avaliku-loengu-kruptograafiast/
https://www.youtube.com/watch?v=KLhbaSRjz2s

E-Vote-ID 2016: Improving the verifiability of the Estonian Internet Voting scheme

Estonian_internet_voting

Abstract. We describe an update of the Estonian Internet Voting scheme targeted towards adding verification capabilities to the central system. We propose measures to ensure the auditability of the correctness of vote decryption and i-ballot box integrity. The latter will be improved to a level where it would be possible to outsource the vote collection process to an untrusted party and later fully verify the correctness of its operations.

The short summary is that I-voting system used for local municipal elections in October 2017 will use ElGamal cryptosystem that can be plugged into mix-net. Currently it is not clear whether the general public will be allowed to verify mix-net inputs and outputs.

Links:
http://research.cyber.ee/~jan/publ/ivxv-evoteid.pdf

 

KaPo suspects defense forces’ officer of exposing state secret

ivo_jurak

Captain Ivo Jurak (38) has been in custody for a month already as the Estonian Internal Security Service (KaPo) suspects him of having exposed a state secret. Jurak served as junior staff officer at the Estonian Defence Forces’ Movement Coordination Centre, reported Estonian daily Eesti Ekspress. This center coordinates the Defence Forces’ strategic transport, including the movement of NATO forces and equipment arriving in Estonia.

The KaPo suspects Jurak of having taken documents containing a state secret along with him from work and keeping them at home. Accrording to Jurak’s lawyer Natalia Lausmaa, Jurak admits to his guilt. Jurak is suspected according to Paragraph 241 of the Penal Code, which means that the exposure of a state secret is unrelated to treason or spying. If found guilty, Jurak could face a fine or up to five years in prison.

Case similar to this one.

KAPO annual review 2016 mentions also an illegal surveillance charge, whatever it means:

Jurak took state secrets he possessed home from work. During the investigation, it was also established that Jurak unlawfully obtained and kept a weapon not related to the defence forces, and was involved with unauthorised surveillance after leaving employment.

Links:
http://news.err.ee/v/news/7199b45e-30d3-4e73-b487-fe4a5c5be9aa/internal-security-service-suspects-defense-forces-officer-of-exposing-state-secret
https://kapo.ee/sites/default/files/public/content_page/Annual%20Review%202016.pdf

UT Seminars on Blockchain Technology

university_of_tartu_logo

bitcoin_logo

The course will consist of a number of seminars given by invited lecturers. Lecturers will be both from the University and from the industry companies. They will present the research results along with the practice best experiences and examples of the application of the blockchain and smart contract technology.

Kick-off seminar:
3.October, 10:15-12:00: Smart contracts and identity on blockchain – using e-Residency in Ethereum, Speaker: Thomas Bertani, Oraclize.it

Regular seminars (Tuesdays 18.15-20.00, Liivi 2-404, Tartu):

25.October: Introduction to Smart Contracts and Applications
Speaker: Kristo Käärmann, TransferWise

1.November: Blockchain as an Enabling Technology for Businesses
Speaker: Frederik Payman Milani, University of Tartu

8.November: Lightweight BPMN engine on ethereum
Speaker: Luciano Garcia Banuelos, University of Tartu

15.November: Cryptographic Foundations of Bitcoin
Speaker: Michal Zajac, University of Tartu

29.November: Introduction to KSI blockchain
Speaker: Andreas Sisask, Guardtime

6.December: Creation of Smart-Contracting Collaborations for Decentralized Autonomous Organizations
Speaker: Alex Norta, Tallinn Technical University

Links:
https://courses.cs.ut.ee/2016/blockchain/fall/Main/Seminars