
Estonia sues Gemalto for €152M over ID card flaws - atlasunshrugged
https://www.reuters.com/article/estonia-gemalto/estonia-sues-gemalto-for-152-mln-euros-over-id-card-flaws-idUSL8N1WD5JZ
======
amaccuish
This provides some more information [0].

Not only did Gemalto fail to notify Estonia in good time about the ROCA flaw
(the discoverers of which noticed that Estonia were still issuing vulnerable
cards, so notified them themselves), some cards had their private keys
generated outside of the card and then inserted, rather than on-card
generation. I think Estonia is to be applaued here for handling all this in a
sane manner.

[0] [https://dan.enigmabridge.com/estonia-hits-gemalto-again-
inse...](https://dan.enigmabridge.com/estonia-hits-gemalto-again-insecure-eid-
cards/)

------
amingilani
They made everyone regenerate their private keys on the card recently during a
short window, and those who missed it (like me) ended up with a fancy piece of
paper with their name on it. Oh joy.

Just when I'd decided to use my e-Residency for something, it becomes
worthless.

They're asking me to reapply for a new ID document and pay the fee all over
again. I'd honestly do it, but then they can't hand it over to me in Pakistan
and I'm not flying out of the country just to grab an e-Residency card when my
previous one hasn't even expired yet.

I guess I'm still a bit sour over this.

~~~
mb_72
That 'short window' was some period of months, I thought. It's not cool the
problem happened but sounds like you didn't consider it high enough priority
to get onto it.

~~~
amingilani
Yeah, unfortunately, short is relative. As I mentioned elsewhere, I was under
intense work pressure at the time and everything else in life seemed far lower
a priority in comparison.

------
sccxy
Problem was not security flaw.

Problem was that Gemalto did not tell Estonia that there is security flaw.

That led to rush security fix which could have been worked on for months
before not do it in weeks.

------
willsr
I suppose the Estonians are partially at fault for trusting Gemalto with
anything, post Snowden.

~~~
dullgiulio
Nothing to do with Snowden revelations, but with RSA prime number generation.
Because of a bug on the chip, primes were generated starting from numbers
divisble by ten, which are way rarer than those divisble by two (pardon the
extreme simplification.)

That's a hardware design error. The claim is that Gemalto failed to fullfil
the contractual clauses about quickly informing the customer (the Estonian
state) of the security breach, not the existance of the security breach
itself.

~~~
anemic
Well, there was this revelation that NSA had the 'Gemalto network wide open'.
After week long investigation Gemalto denied any breach, leading to situation
where you could either believe NSA or Gemalto.

[https://www.wired.com/2015/02/gemalto-confirms-hacked-
insist...](https://www.wired.com/2015/02/gemalto-confirms-hacked-insists-nsa-
didnt-get-crypto-keys/)

------
hkai
Everyone told them you can't have secure electronic voting.

~~~
Strom
That's a statement that applies to everything, including classic paper voting.
It's never a question of whether there's absolute security, because nothing
has it. It's about comparing the security and other benefits of different
systems.

~~~
gsich
The main problem with electronic voting is that you can't understand what the
machine is doing. Source code won't help, because you don't know what is
running on the machine. Source code won't help because you don't know what the
compiler will do (maybe insert some extra stuff?).

Paper voting is comprehensible by everyone.

~~~
Strom
That's an illusion. People can comprehend paper voting on a source code level,
in that they know what should happen in theory. No single person can even
fully observe a single counting station, much less a whole election. You still
end up having to trust the system.

~~~
gsich
It's not. People can comprehend paper voting on "source code level" aswell as
the "compiled" version.

>No single person can even fully observe a single counting station, much less
a whole election.

First is possible (just observe the person whos counting), second not, for
obvious reasons that you can't be at two places at once.

~~~
Strom
> _just observe the person whos counting_

.. and trust the votes to all be real?

A person voting could put two votes instead of one. (It can still look like
one, using the same method that's used for card tricks.) Even if you introduce
extra steps, like every paper needing a stamp or something, you're still going
to need to trust this stamper person. They could be in on it, and either stamp
multiple or leak the stamp design.

The staff could be inserting fake votes into the ballot box before it gets
counted, even without actual voters.

The counters could add votes from their sleeves, again classic card trick
mechanics.

The counters can remove votes from the pile by stacking two or just sliding
one off the table while also performing a distraction. Once again, classic
magic trick mechanics that are used for vanishing jewelry etc.

Basically my point is that if the counting station is being staffed by
magicians from Vegas, they can produce any result they want without an average
person that's _observing_ understanding anything.

Besides, at the end of the day it doesn't even matter, because one counting
station is within the margin of error for the whole election.

------
thisisit
This is surprising. Estonia was oft quoted example of digital governance. Any
ideas on how this will effect their blockchain projects?

~~~
ivoras
Estonia had excellent digital governance before the blockchain fad so they'll
handle it pretty much just fine.

