Estonia is the first member state in the European Union that might be called Extremely Online. Over the past decade, the Baltic republic of 1.3 million people fully digitized its government services and medical data. More than 30 percent of Estonians voted online in the last elections, and most critical databases don’t have paper backups. To sleep a little better at night, the country has recruited volunteer hackers to respond to the kinds of electronic attacks that have flummoxed the U.S. and other countries in recent years. While many are civilians, these men and women, numbering in the low hundreds, have security clearances and the training to handle such attacks. Their sturdy, bearded commander, Andrus Padar, previously a military reservist and policeman, says the threat is taken as a given: “We have a neighbor that guarantees we will not have a boring life.”Full Article: A Russian Neighbor Has Cybersecurity Lessons for the Rest of Us - Bloomberg.
Articles about voting issues in the Republic of Estonia.
Communications expert Ilmar Raag thinks that Russian meddling in the upcoming general election on 3 March is unlikely, not least because the situation in Estonia is stable, and even a large-scale disinformation effort wouldn’t change much. In a piece for weekly Eesti Ekspress (link in Estonian), Mr Raag writes that given the current political situation and support of political parties in Estonia, Russia is unlikely to make an attempt at influencing the outcome of the 3 March general election—simply because it doesn’t stand to gain much. For a serious attempt at influencing political opinion in Estonia, the main means at the disposal of the Russian state services is the repetition of whatever story they carry. In practice, this would mean at least five major stories about Estonia on Russian state TV, which at the moment isn’t happening.Full Article: Russia unlikely to meddle with upcoming general election, expert thinks | News | ERR.
President Kersti Kaljulaid signed into action the go ahead for the general election in Estonia, due on 3 March 2019. Whilst the date of 3 March has long been talked about, according to § 78 (3) of the Estonian constitution, the president ”calls regular elections of the Riigikogu..” (official English translation), so the move was necessary to make the date official. The deadline for so doing was Sunday, 2 December. Ms Kaljulaid also made a speech at an event in the eastern Estonian town of Jõhvi, giving practical advice and setting out her views on the importance of democratic behaviour.Full Article: President formally green lights election, advises level-headed voting | News | ERR.
Tallinn Administrative Court on Thursday rejected an appeal by ID card manufacturer Gemalto AG against Estonia’s Police and Border Guard Board (PPA), which will allow the latter to continue with preparations for the manufacture of new electronic ID cards. “Today’s decision by Tallinn Administrative Court not to satisfy the complaint of Gemalto AG regarding the procurement procedure for the contract to manufacture ID cards means certainty for the PPA that we can move forward with preparations for the fulfilment of the agreement on the manufacture of ID-cards concluded in spring,” said Margit Ratnik, head of the Development Department of the PPA. The police authority is planning to begin issuing electronic ID cards with new security elements and a new design, manufactured by the company Idemia, in fall 2018.Full Article: Court rejects current ID card manufacturer's appeal against Estonia | News | ERR.
Estonia, where citizens use their digital identity to get access to government services online, has identified a security flaw in 760,000 digital ID cards. Estonia shut down access to online services last weekend due to an encryption vulnerability in the chips of affected smartcards. The security issue was first identified in September, and plagues other cards, chips and systems made by the card manufacturer. While the manufacturer has resolved the problem last month, Estonian owners of affected cards still needed to apply for updated certificates. Police stations and other government offices were packed with citizens trying to update their IDs, mostly due to the fact that the online service for updates kept crashing last week.Full Article: Why isn’t voting done online? | GovInsider.
For the past two and a half months, Estonia has been facing the biggest security crisis since a wave of cyberattacks hit its banks and critical national infrastructure in 2007. At the heart of the current debacle is the latest version of its national ID card, which has been a mandatory identification document for citizens of Estonia since 2002 and serves as a cornerstone of Estonia’s e-state. The hardware behind the ID cards was found to be vulnerable to attacks, which could theoretically have led to identity thefts of Estonian citizens and also e-residents, something which its government has denied occurring.Full Article: Estonia's ID card crisis: How e-state's poster child got into and out of trouble | ZDNet.
Estonia has suspended its digital ID cards for residents and overseas “e-residents” after discovering a security flaw that could lead to identity theft. It is estimated that about 760,000 people in Estonia were affected, or about half of the nation’s population. According to Reuters, the eID chip was manufactured by German semiconductor manufacturer Infineon Technologies. For security reasons, Estonian authorities immediately blocked access to the digital services of the eID card until owners can update to a new security certificate, the Hong Kong Economic Journal reported. They have until March 2018 to do so.
Estonia’s police and border guard service offices have reportedly been swamped with people seeking to obtain new eID cards.
About 12 years ago, Estonia, a country in the Baltic region of Northern Europe, launched its eID programme which can serve as an ID card to travel within the European Union and can be used for filing tax claims, online voting, electronic prescriptions and logging into bank accounts.
Full Article: Estonia blocks eID card services after security flaw found.Full Article: Estonia blocks eID card services after security flaw found.
Estonia has frozen the digital ID cards for its popular e-residency programme, two months after discovering a major security flaw that could enable identity theft. The ID cards are used by Estonian citizens and foreign “e-residents” and underpin services like banking, online voting, tax, medical records, and travel. The e-residency programme is also popular with British entrepreneurs who want to set up their company within the EU, particularly after the Brexit vote. According to Wired, more than 1,000 UK entrepreneurs have applied for the programme so far.Full Article: Estonia has frozen its popular e-residency ID cards because of a massive security flaw | Business Insider.
Estonia’s residents use their mandatory national IDs to access pretty much anything, from online banking to online voting. So, it was a huge blow to the program when experts found a security flaw in the chip the ID used that makes it possible for bad players to impersonate and steal the identities of all 760,000 affected individuals. That might not sound like a huge number, but that’s half the small country’s population. Now, the country has blocked most of its residents from accessing all its online services for a weekend, so it can go in and and fix the vulnerability.Full Article: Estonia freezes resident ID cards due to security flaw.
Estonia plans to block access to the country’s vaunted online services for 760,000 people from midnight on Friday to fix a security flaw in some of the Baltic country’s identity smartcards that was identified earlier this year. Estonia is seen as a leader in providing government services online and has championed the issue within the European Union in recent years, and the security issue leaves it with its much-touted digital IDs in an awkward position. A nation-wide online identity system allows citizens access to most government and private company services via the web, including banking, school reports, health and pension records, medical prescriptions and voting in government elections. But Estonia’s online ID service ran afoul of an encryption vulnerability identified by researchers earlier this year that exposes smartcards, security tokens and other secure hardware chips made by the German company Infineon.Full Article: Estonia orders online ID lock-down to fix security flaw.
Estonia: A test case for Russian hacking threat – e-voting grows despite tampering concerns | Global Journalist
Tiny Estonia might seem an unlikely place to see the future of technology. With just 1.3 million people, the country has fewer people than San Diego and is just three decades removed from Soviet rule. But “E-stonia,” as its known, has also brought the world Skype as well as up-and-coming startups like robotics firm Starship Technologies and payments provider TransferWise. Yet Estonia’s technology prowess has also made it something of a laboratory for the dangers of the threats posed by hackers backed by neighboring Russia. In a country where 90 percent use online banking, 95 percent file taxes online and 30 percent cast their ballots from a computer, Estonia is a target-rich environment for cyberattacks. Indeed the NATO-member country is the site of what may have been the world’s first politically-motivated digital attack in 2007. In that year, Estonia angered Russia by relocating a World War II era memorial to Soviet troops. Soon, the networks of government ministries, banks and leading Estonian newspapers went down, the result of a massive and sophisticated botnet attack.Full Article: Estonia a test case for Russian hacking threat - Global Journalist.
The Supreme Court of Estonia rejected the appeal of the Conservative People’s Party of Estonia (EKRE) of the National Electoral Committee’s Sept. 6 decision not to ban electronic voting at the local government council elections taking place next month. The Supreme Court explained that, according to the Local Government Council Election Act, the National Electoral Committee has the right not to start electronic voting if the security or reliability of the electronic voting system cannot be ensured in such way that electronic voting could be conducted pursuant to the requirements of the act. The National Electoral Committee is not, however, required to cancel e-voting if it receives information indicating the possibility of adverse consequences.
The Conservative People’s Party of Estonia (EKRE) has submitted an appeal to Estonia’s National Electoral Committee challenging the committee’s decision to allow e-voting in the local elections this October despite a detected security risk that could affect 750,000 ID cards. According to EKRE parliamentary group chairman Martin Helme, the party finds that the Sept. 6 decision of the National Electoral Committee to still allow e-voting in the upcoming elections opens them up to vote manipulation and the influencing of election results, party spokespeople said. The party is seeking to have e-voting called off and the elections to be held with paper ballots exclusively.Full Article: EKRE challenges electoral committee's decision to allow e-voting | News | ERR.
Estonia suffered an embarrassing blow to its much-vaunted ID cards that underpin everything from electronic voting to online banking, just days before hosting a big EU exercise on cyber warfare. International scientists have informed Estonian officials that they have found a security risk that affects almost 750,000 ID cards and that would enable a hacker to steal a person’s identity. The Baltic country of just 1.3m people stressed there was no evidence of a hack of what it has proclaimed to be the world’s most advanced IT card system. The cards are used to access a wide range of digital services from signing documents to submitting tax returns and checking medical records, as well as by foreigners who are e-residents in the country.Full Article: Red faces in Estonia over ID card security flaw.
An international team of researchers has informed the Estonian authorities of a vulnerability potentially affecting digital use of Estonian ID cards issued since October 2014; all the cards issued to e-residents are also affected. On 30 August, an international team of researchers informed the Estonian Information System Authority (RIA) of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards issued starting from October 2014, including cards issued to e-residents. The ID-cards issued before 16 October 2014 use a different chip and are not affected. Mobile-IDs are also not impacted. … In the light of current events, some Estonian politicians called to postpone the upcoming local elections, due to take place on 16 October. In Estonia, approximately 35% of the voters use digital identity to vote online.Full Article: Possible security risk affects 750,000 Estonian ID-cards - Estonian World.
Last Thursday, Estonia’s Information System Authority (RIA) was informed by an international group of researchers that a potential security risk had been detected affecting all national ID cards issued in Estonia after October 2014. Estonian experts have determined that the potential risk does indeed exist, affecting 750,000 currently valid ID cards issued after Oct. 17, 2014. ID cards issued prior to this date use a different chip and are unaffected by this risk. Likewise unaffected is the SIM card-based Mobile-ID system, which the government is recommending people sign up for.Full Article: Potential security risk could affect 750,000 Estonian ID cards | News | ERR.
A total of 143 election coalitions across Estonia have applied for registration ahead of the local government council elections this fall. “The number of election coalitions may not be final, as if, for example, an election coalition does not include a single candidate’s name, the coalition will not be registered,” explained State Electoral Office director Priit Vinkel.Full Article: 143 election coalitions applied to register for local elections | News | ERR.
Estonia, the only country in the world where voters elect their leaders through online balloting, is taking steps to fend off potential hacking attacks as cyber-security fears intensify. A software overhaul for the system, introduced in 2005, is ready for testing before local elections in October, according to Tarvi Martens, the National Electoral Committee’s head of e-voting. The upgrade includes anti-tampering features known as end-to-end verifiability that addresses security concerns from groups such as the Organization for Security and Cooperation in Europe, he said. “End-to-end verifiability is the ‘Holy Grail’ for electronic voting,” Martens said this month in a phone interview. “When we talk about international criticism, the new software now addresses it.”Full Article: World's Most High-Tech Voting System to Get New Hacking Defenses - Bloomberg.
Estonia: 10 Years After the Landmark Attack on Estonia, Is the World Better Prepared for Cyber Threats? | Foreign Policy
The Estonians just wanted to relocate a statue. Ten years ago today, authorities in Tallinn set out to remove a Soviet World War II memorial from the capital’s downtown. The Russian government had warned that removing the statue would be “disastrous for Estonians,” but since Moscow no longer called the shots in the Baltic state, the statue was duly shipped off to a suburban military cemetery. Soon after, Estonians found that they couldn’t use much of the internet. They couldn’t access newspapers online, or government websites. Bank accounts were suddenly inaccessible. “It was unheard of, and no one understood what was going on in the beginning,” Toomas Hendrik Ilves, then Estonian President, told Foreign Policy. Soon, he was informed that it was not an internal failure — but an attack from the outside. It was a Distributed Denial of Service Attack — an orchestrated swarm of internet traffic that literally swamps servers and shuts down websites for hours or days.Full Article: 10 Years After the Landmark Attack on Estonia, Is the World Better Prepared for Cyber Threats? | Foreign Policy.
Blockchain technology can safely be used to authenticate e-voting by shareholders at a company’s annual general meeting, Nasdaq said this week, following a pilot project in Estonia. … Voting security experts in the U.S. were skeptical about the pilot project’s wider applicability, especially with regard to national elections. “Blockchain solves a small part of the overall set of problems [with e-voting], but nowhere near all,” said Pamela Smith, president of election integrity advocacy group Verified Voting. “If you have a boat with many leaks, plugging one of them should not make you assume the others won’t swamp you,” she told CyberScoop via email.Full Article: Nasdaq says Estonia e-voting pilot successful.