Surveillance and E-Government: Real and Potential Threats to Privacy in         Europe and Beyond          Fatemeh Ahmadi ...
Surveillance and e-government: Threats to Privacy                  National level               International level
National Level     Iran
Embezzlement and weak e-government                 system• Embezzlement in the government and the  Central BankNo appropri...
G2C: E-Voting• Irans disputed election in the year 1388 (2009)• Lack of efficient e-voting system and system  security (Da...
G2C: Police fine• Bargaining over the value• Manually entered to the system• System lacks appropriate login access control...
G2C: Smart Driving License•   Government developed smart driving license•   Classification of violations in the system•   ...
G2C: Fuel Card   Cards have no efficient security   Card password can be easily visible by others   (Stolen and used by ot...
G2C: Household consumption• Meter equipment is not well designed to meet  the security requirements• 2011: Police caught a...
G2E: Employee work time registration and            payroll system• Poor employee work time registration system• No proper...
E-Administration• Too many processes which causes data loss• Unauthorized access to the system and  customer’s data• Emplo...
E-Payment say the point• Card users share their card password• Share upon payment• Payment is not finalized, but customer ...
E-Health• Insurance booklet is in use• Upon arrival to the clinic, patients info is  entered to the system• But, no proper...
Database and accessibility• Unsecure databases and unuthorizes access• Higher education usecure database and lack of effic...
Hashing the password• Most of the government websites save the  user’s password• No hashing algorithm is used (MD5)• One u...
Government assigned password• Some government websites assign password  to the users (Melli Code: Nesha System)• By knowin...
Website Regulation: May 2012: Iran• Government surveillance on government organizations• Tight requlation for employees an...
Simorgh: May 2012: Iran•   Anti-censorship software (VPN)•   Fake version of Green Simurgh in 4shared•   Founded by Munk S...
Fiber: April 2012: Iran and …• Extensive Gov to Gov attack•   Low system security of major government organizations•   The...
Service malfunction: Iran• Consequences  Ministry of Science: The attack was failed and the situation is  under control. N...
TAKFA (Late 1999- April 2002): Iran’s road to         knowledge-based development• National Information and Communication ...
TAKFA put down• Lack of inexpensive and easy access to  Internet• Lack of advanced technologies and security  software• La...
International Level
E-Payment (NetBank) in Finland• High security (Official Finnish ID require)• Login access control• Application access cont...
E-Health in Finland• Kela Card• 1 card for 1 user• Biometric Kela Card (patient’s record is kept  safe and private)• Kela ...
Police fine in Finland• CCTV takes picture of the car violating the  driving regulation• System takes care of issuing the ...
Foreigner resident permit card in Finland• New e-service is implemented on March 2012• No resident permit is attached to t...
Resident permit in the Philippines• Stamp the resident permit in the passport• RP info is entered by hand• Info can be eas...
E-Health in Australia• NEHTA (National E-Health Transition Authority)• Personally controlled electronic health records  (P...
E-Health in China and USA: Jan 2012• China and the United States, two different  political cultures, have both introduced ...
• The United States is experiencing an  increasing use of biometric applications for  authentication and identification
Conclusion• Government of many countries abuse citizen’s  data and information• Government surveillance is done through  m...
Thank you for your kind attention   I welcome your questions,  Suggestions and Comments!          Fatemeh Ahmadi Zeleti   ...
Upcoming SlideShare
Loading in …5
×

Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond

930 views

Published on

Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
930
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond

  1. 1. Surveillance and E-Government: Real and Potential Threats to Privacy in Europe and Beyond Fatemeh Ahmadi Zeleti Tampere University of Technology FP7 SMART Project Steering Committee Meeting in Malta June 2012
  2. 2. Surveillance and e-government: Threats to Privacy National level International level
  3. 3. National Level Iran
  4. 4. Embezzlement and weak e-government system• Embezzlement in the government and the Central BankNo appropriate surveillance system andtechnology (Ex: Application access control andLogin control system)
  5. 5. G2C: E-Voting• Irans disputed election in the year 1388 (2009)• Lack of efficient e-voting system and system security (Data updated illegally)• E-counting system and security fails• Unauthorized access to the system• Number of votes cast in 50 Iranian cities exceeded the number of people entitled to vote• Additional votes are over 3 million
  6. 6. G2C: Police fine• Bargaining over the value• Manually entered to the system• System lacks appropriate login access control and application access control• Upon payment, officer falsify the data
  7. 7. G2C: Smart Driving License• Government developed smart driving license• Classification of violations in the system• Issuing of driving license• Police simply insert the license to issue the bill
  8. 8. G2C: Fuel Card Cards have no efficient security Card password can be easily visible by others (Stolen and used by other) Card is not properly designed for one car (anyone can use it) People sell their allowance to others for a higher pricehttp://www.epolice.ir
  9. 9. G2C: Household consumption• Meter equipment is not well designed to meet the security requirements• 2011: Police caught and arrested a man who cheated• Design of digital meter• Man with a hand held device to register the number
  10. 10. G2E: Employee work time registration and payroll system• Poor employee work time registration system• No proper surveillance tech• Low security to employee’s data• Authorized employee can access to the work load page and easily cheat and fool the system• Direct effect on the payroll system
  11. 11. E-Administration• Too many processes which causes data loss• Unauthorized access to the system and customer’s data• Employees uses data to establish knowledge about the customer• Due to the unauthorized access, customer’s file number is changed
  12. 12. E-Payment say the point• Card users share their card password• Share upon payment• Payment is not finalized, but customer account is affected
  13. 13. E-Health• Insurance booklet is in use• Upon arrival to the clinic, patients info is entered to the system• But, no proper system security to identify the patient and if he is using his own booklet• Solution to prevent violations and abuse of the current booklet and system: Smart insurance (Health) card• Ready to use by end of 2012
  14. 14. Database and accessibility• Unsecure databases and unuthorizes access• Higher education usecure database and lack of efficient access control• Low speed connection => distribution of whole database• Regular employees accessibility to all databases No efficient access control Lack of education and undrestanding of possible threatsEx: In March 2012, regular employee of the Central Bank hand over the whole bank database
  15. 15. Hashing the password• Most of the government websites save the user’s password• No hashing algorithm is used (MD5)• One user may use 1 password for different purposes
  16. 16. Government assigned password• Some government websites assign password to the users (Melli Code: Nesha System)• By knowing someone’s Melli Code, another person can access to the account• Melli card No-> Profile access-> Profile info
  17. 17. Website Regulation: May 2012: Iran• Government surveillance on government organizations• Tight requlation for employees and websites• For high security of user’s information• All employees of Banks and Insurance Companies• No use of international e-mail domain• No electronic communication with customers with international e-mail domain• Hotmail, MSN, Yahoo and Gmail => one of the tools to exit user’s information from the country• No website with the .org and .com domain• All website with the .ir domain
  18. 18. Simorgh: May 2012: Iran• Anti-censorship software (VPN)• Fake version of Green Simurgh in 4shared• Founded by Munk School of Global Affairs• Green Simurgh Co. (Since 2009) is denying• Abused citizen’s needs• Turned out to be Spying Version• Access to user’s info (Identification and access keys) simurghesabz.net• Monitor user’s activities (IPs, Event handelers (Keys and clicks))• Collected Info and data are transfered to a servers located in Soudi Arabia and USA
  19. 19. Fiber: April 2012: Iran and …• Extensive Gov to Gov attack• Low system security of major government organizations• The most sophisticated threats ever• Malfunction systems of the two most important gov orgs• Name: ’Fiber’• Starting date: Aug 2010 (Kaspersky Lab, Russia)• Research Unit: International Telecommunications Union of United Nation (ITUUN)• ITUUN Research on ’Wiper’ => ’Fiber’ discovery• It collects all the sensative information and destruct data from the organization DB• Record Network traffic, take picture of screen, conversation recording, keyborad recording and etc.• Over 600 Government organizations are influenced
  20. 20. Service malfunction: Iran• Consequences Ministry of Science: The attack was failed and the situation is under control. No extra info is forecasted. Ministry of Oil: Main server disconnection. Computer motherboards are burned out and some data are lost, but could be recovered. To minimize the loss, number of Internet and network connections were intentionally disconnected.
  21. 21. TAKFA (Late 1999- April 2002): Iran’s road to knowledge-based development• National Information and Communication Technology Agenda• Information Society and a knowledge-based Economy in which ICT is an Enabler Technology• TAKFA comes in seven strategic axes Government Education Higher Education Services Commerce and Economy Culture and Persian Language ICT industry through SME empowerment
  22. 22. TAKFA put down• Lack of inexpensive and easy access to Internet• Lack of advanced technologies and security software• Lack of surveillance technologies and equipment• Lack of encompassing information infrastructure• Inadequate national bandwidth
  23. 23. International Level
  24. 24. E-Payment (NetBank) in Finland• High security (Official Finnish ID require)• Login access control• Application access control• Money transfer over the NetBank require further telephonic confirmation• Required questions are asked to process the payment• 1 password/1 netbank access
  25. 25. E-Health in Finland• Kela Card• 1 card for 1 user• Biometric Kela Card (patient’s record is kept safe and private)• Kela card is consider as the patients ID in e- health system• Owned by 1 person only
  26. 26. Police fine in Finland• CCTV takes picture of the car violating the driving regulation• System takes care of issuing the fine• No opportunity to falsify the data• IP cameras: Once capture a footage, image is sent to the control center and fine will be issued and sent to the driver address
  27. 27. Foreigner resident permit card in Finland• New e-service is implemented on March 2012• No resident permit is attached to the passport• Biometric identifiers stored on the residence permit card chip include a facial image and two fingerprints• User’s data is kept safe in the card• No one can fake it• It is not an official ID• In UK too
  28. 28. Resident permit in the Philippines• Stamp the resident permit in the passport• RP info is entered by hand• Info can be easily change by the passport holder• Solution: ACR I-Card Resident permit (electronic chip embedded into the card containing all your relevant information)• Quick verification of information• Eliminates fixers and illegal personnel issuing falsified documents.
  29. 29. E-Health in Australia• NEHTA (National E-Health Transition Authority)• Personally controlled electronic health records (PCEHR) for all Australians• Starting July 2012, all Australians can choose to register for an electronic health record• PCEHR System is used• A privacy management framework has been developed to ensure that privacy of the user’s data• Still early to define the threats to privacy
  30. 30. E-Health in China and USA: Jan 2012• China and the United States, two different political cultures, have both introduced major health reform programs to promote health- care improvement for their respective citizens• The piloted use of biometrics in the SD card with fingerprint encryption for patients to access personal health records• Without the SD card, no one can access
  31. 31. • The United States is experiencing an increasing use of biometric applications for authentication and identification
  32. 32. Conclusion• Government of many countries abuse citizen’s data and information• Government surveillance is done through monitoring users activity, communication and accessing user’s data (data are accessed from the e-services portals)• Government authorities are not enough expert to design expert systems with high security• Technology play a vital role if implemented appropriately• It is expected that privacy protections to be increased
  33. 33. Thank you for your kind attention I welcome your questions, Suggestions and Comments! Fatemeh Ahmadi Zeleti Fatemeh.AhmadiZeleti@tut.fi

×