Download - Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond
![Page 1: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/1.jpg)
Surveillance and E-Government: Real and Potential Threats to Privacy in
Europe and BeyondFatemeh Ahmadi Zeleti
Tampere University of Technology
FP7 SMART ProjectSteering Committee Meeting in Malta
June 2012
![Page 2: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/2.jpg)
Surveillance and e-government: Threats to Privacy
National level
International level
![Page 3: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/3.jpg)
National Level
Iran
![Page 4: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/4.jpg)
• Embezzlement in the government and the Central Bank
No appropriate surveillance system and technology (Ex: Application access control and Login control system)
Embezzlement and weak e-government system
![Page 5: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/5.jpg)
• Iran's disputed election in the year 1388 (2009)• Lack of efficient e-voting system and system
security (Data updated illegally)• E-counting system and security fails• Unauthorized access to the system• Number of votes cast in 50 Iranian cities
exceeded the number of people entitled to vote • Additional votes are over 3 million
G2C: E-Voting
![Page 6: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/6.jpg)
G2C: Police fine
• Bargaining over the value
• Manually entered to the system
• System lacks appropriate login access control and application access control
• Upon payment, officer falsify the data
![Page 7: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/7.jpg)
G2C: Smart Driving License
• Government developed smart driving license
• Classification of violations in the system
• Issuing of driving license
• Police simply insert the license to issue the bill
![Page 8: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/8.jpg)
G2C: Fuel Card
Cards have no efficient security
Card password can be easily visible by others (Stolen and used by other)
Card is not properly designed for one car (anyone can use it)
People sell their allowance to others for a higher price
http://www.epolice.ir
![Page 9: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/9.jpg)
G2C: Household consumption
• Meter equipment is not well designed to meet the security requirements
• 2011: Police caught and arrested a man who cheated
• Design of digital meter • Man with a hand held device to register the
number
![Page 10: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/10.jpg)
G2E: Employee work time registration and payroll system
• Poor employee work time registration system
• No proper surveillance tech
• Low security to employee’s data
• Authorized employee can access to the work load page and easily cheat and fool the system
• Direct effect on the payroll system
![Page 11: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/11.jpg)
E-Administration
• Too many processes which causes data loss
• Unauthorized access to the system and customer’s data
• Employees uses data to establish knowledge about the customer
• Due to the unauthorized access, customer’s file number is changed
![Page 12: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/12.jpg)
E-Payment say the point
• Card users share their card password
• Share upon payment
• Payment is not finalized, but customer account is affected
![Page 13: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/13.jpg)
E-Health• Insurance booklet is in use
• Upon arrival to the clinic, patient's info is entered to the system
• But, no proper system security to identify the patient and if he is using his own booklet
• Solution to prevent violations and abuse of the current booklet and system: Smart insurance (Health) card
• Ready to use by end of 2012
![Page 14: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/14.jpg)
Database and accessibility
• Unsecure databases and unuthorizes access
• Higher education usecure database and lack of efficientaccess control
• Low speed connection => distribution of whole database
• Regular employees accessibility to all databases
No efficient access control
Lack of education and undrestanding of possible threats
Ex: In March 2012, regular employee of the Central Bank handover the whole bank database
![Page 15: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/15.jpg)
• Most of the government websites save the user’s password
• No hashing algorithm is used (MD5)
• One user may use 1 password for different purposes
Hashing the password
![Page 16: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/16.jpg)
• Some government websites assign password to the users (Melli Code: Nesha System)
• By knowing someone’s Melli Code, another person can access to the account
• Melli card No-> Profile access-> Profile info
Government assigned password
![Page 17: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/17.jpg)
• Government surveillance on government organizations• Tight requlation for employees and websites• For high security of user’s information• All employees of Banks and Insurance Companies• No use of international e-mail domain• No electronic communication with customers with international
e-mail domain• Hotmail, MSN, Yahoo and Gmail => one of the tools to exit user’s
information from the country • No website with the .org and .com domain• All website with the .ir domain
Website Regulation: May 2012: Iran
![Page 18: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/18.jpg)
Simorgh: May 2012: Iran
• Anti-censorship software (VPN)
• Fake version of Green Simurgh in 4shared
• Founded by Munk School of Global Affairs
• Green Simurgh Co. (Since 2009) is denying
• Abused citizen’s needs
• Turned out to be Spying Version
• Access to user’s info (Identification and access keys)
• Monitor user’s activities (IPs, Event handelers (Keys and clicks))
• Collected Info and data are transfered to a servers located in Soudi Arabia and USA
simurghesabz.net
![Page 19: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/19.jpg)
• Extensive Gov to Gov attack
• Low system security of major government organizations
• The most sophisticated threats ever
• Malfunction systems of the two most important gov orgs
• Name: ’Fiber’
• Starting date: Aug 2010 (Kaspersky Lab, Russia)
• Research Unit: International Telecommunications Union of United Nation (ITUUN)
• ITUUN Research on ’Wiper’ => ’Fiber’ discovery
• It collects all the sensative information and destruct data from the organization DB
• Record Network traffic, take picture of screen, conversation recording, keyboradrecording and etc.
• Over 600 Government organizations are influenced
Fiber: April 2012: Iran and …
![Page 20: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/20.jpg)
• Consequences
Ministry of Science: The attack was failed and the situation is under control. No extra info is forecasted.
Ministry of Oil: Main server disconnection. Computer motherboards are burned out and some data are lost, butcould be recovered. To minimize the loss, number of Internet and network connections were intentionally disconnected.
Service malfunction: Iran
![Page 21: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/21.jpg)
• National Information and Communication Technology Agenda
• Information Society and a knowledge-based Economy in which ICT is an Enabler Technology
• TAKFA comes in seven strategic axesGovernmentEducationHigher EducationServicesCommerce and EconomyCulture and Persian LanguageICT industry through SME empowerment
TAKFA (Late 1999- April 2002): Iran’s road to knowledge-based development
![Page 22: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/22.jpg)
TAKFA put down
• Lack of inexpensive and easy access to Internet
• Lack of advanced technologies and security software
• Lack of surveillance technologies and equipment
• Lack of encompassing information infrastructure
• Inadequate national bandwidth
![Page 23: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/23.jpg)
International Level
![Page 24: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/24.jpg)
• High security (Official Finnish ID require)
• Login access control
• Application access control
• Money transfer over the NetBank require further telephonic confirmation
• Required questions are asked to process the payment
• 1 password/1 netbank access
E-Payment (NetBank) in Finland
![Page 25: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/25.jpg)
E-Health in Finland
• Kela Card
• 1 card for 1 user
• Biometric Kela Card (patient’s record is kept safe and private)
• Kela card is consider as the patient's ID in e-health system
• Owned by 1 person only
![Page 26: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/26.jpg)
• CCTV takes picture of the car violating the driving regulation
• System takes care of issuing the fine
• No opportunity to falsify the data
• IP cameras: Once capture a footage, image is sent to the control center and fine will be issued and sent to the driver address
Police fine in Finland
![Page 27: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/27.jpg)
• New e-service is implemented on March 2012
• No resident permit is attached to the passport
• Biometric identifiers stored on the residence permit card chip include a facial image and two fingerprints
• User’s data is kept safe in the card
• No one can fake it
• It is not an official ID
• In UK too
Foreigner resident permit card in Finland
![Page 28: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/28.jpg)
• Stamp the resident permit in the passport• RP info is entered by hand• Info can be easily change by the passport holder
• Solution: ACR I-Card Resident permit (electronic chip embedded into the card containing all your relevant information)
• Quick verification of information• Eliminates fixers and illegal personnel issuing falsified
documents.
Resident permit in the Philippines
![Page 29: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/29.jpg)
E-Health in Australia
• NEHTA (National E-Health Transition Authority)• Personally controlled electronic health records
(PCEHR) for all Australians• Starting July 2012, all Australians can choose to
register for an electronic health record• PCEHR System is used • A privacy management framework has been
developed to ensure that privacy of the user’s data
• Still early to define the threats to privacy
![Page 30: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/30.jpg)
E-Health in China and USA: Jan 2012
• China and the United States, two different political cultures, have both introduced major health reform programs to promote health-care improvement for their respective citizens
• The piloted use of biometrics in the SD card with fingerprint encryption for patients to access personal health records
• Without the SD card, no one can access
![Page 31: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/31.jpg)
• The United States is experiencing an increasing use of biometric applications for authentication and identification
![Page 32: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/32.jpg)
• Government of many countries abuse citizen’s data and information
• Government surveillance is done through monitoring users activity, communication and accessing user’s data (data are accessed from the e-services portals)
• Government authorities are not enough expert to design expert systems with high security
• Technology play a vital role if implemented appropriately
• It is expected that privacy protections to be increased
Conclusion
![Page 33: Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond](https://reader033.vdocuments.us/reader033/viewer/2022051515/553880be5503464e418b47cb/html5/thumbnails/33.jpg)
Thank you for your kind attention
I welcome your questions,
Suggestions and Comments!
Fatemeh Ahmadi Zeleti