By Jason Erickson

Whether one calls the revelations of Edward Snowden legitimate whistleblowing or treason, the technology to potentially thwart future security breaches has been rolled out in an unlikely place: Estonia.

After a wave of cyber attacks in 2007, Estonia began focusing on data integrity and is now leading the world toward big data governance. Simultaneously, Estonia is laying claim as the first country to implement a national digital identity system, proving that all forms of tracking are being taken seriously:

Secure, authenticated identity is the birthright of every Estonian: before a newborn even arrives home, the hospital will have issued a digital birth certificate and his health insurance will have been started automatically. All residents of the small Baltic state aged 15 or over have electronic ID cards, which are used in health care, electronic banking and shopping, to sign contracts and encrypt e-mail, as tram tickets, and much more besides—even to vote. Estonia’s approach makes life efficient: taxes take less than an hour to file, and refunds are paid within 48 hours. By law, the state may not ask for any piece of information more than once, people have the right to know what data are held on them and all government databases must be compatible, a system known as the X-road. In all, the Estonian state offers 600 e-services to its citizens and 2,400 to businesses. (Source)

This type of security technology has its roots in Estonia’s scientific community, but is being taken to the next level by a company called Guardtime, whose Chief Technical Officer is Matt Johnson, a veteran of the U.S. Air Force Office of Special Investigations. According to Johnson:

What I discovered was that Estonian scientists have built a near perfect detection technology that allows every event on enterprise networks to be attributed and verified in such a way that the privacy of each event is maintained but the integrity of the events cannot be denied.

There has been collaboration with the Estonian government to digitally secure every facet of information inside Estonia, but they are now looking to combine forces with Rainmaker Solutions to make their systems available to the United Kingdom. The UK of course has been heavily featured in many of the documents that Edward Snowden has released, which has put a spotlight on the close relationship the UK has with the U.S. National Security Agency through the Five Eyes Alliance and, most specifically, the UK surveillance and intelligence agency Government Communications Headquarters.

According to the chief scientist at Guardtime, Dr. Ahto Buldas, such revelations would not be possible in Estonia due to a system that works as a “GPS for data.”





Brave - The Browser Built for Privacy In Estonia, Edward Snowden could not have committed his unauthorised act. With real-time monitoring of the integrity of digital events, his attempt to cover his tracks would have raised an alert and he would have been held accountable for his actions. (emphasis added)

Add in cybercrime of every stripe and digital threats in the areas noted at Rainmaker Solutions’ webpage – car, flight, power station, pacemaker, home, and enterprise – it becomes tempting to implement these systems as widely as possible. However, in the political realm, privacy advocates are likely to react strongly to the following potential restrictions on what could be legitimate efforts to reveal hidden criminality:

Guardtime’s Keyless Signature Infrastructure (KSI)* and solutions like GuardView and GuardVision make it impossible for insiders or cyber attackers to cover their tracks, demonstrating the truth (not trust) behind any data object in real-time. Guardtime’s solutions serve as fundamental integrity instrumentation providing independently verifiable proof of data creation time, authenticity, and identity without relying on cryptographic secrets or trust anchors like administrators. The solutions instantly alert organisations to any theft or manipulation of their data and provide a complete provenance picture, which can be resolved with forensic auditability that will hold up in a court of law. KSI solves the problem of big data governance, location, residency and sovereignty. (emphasis added)

If implementation goes according to plan in the UK, Guardtime and Rainmaker Solutions will target expansion throughout Europe.

* KSI uses an infrastructure to capture a fingerprint of a signer’s data. The infrastructure then aggregates all the fingerprints it receives during a second and publishes the result to a wide audience. Without the need for keys or key management the complexity is removed and the reliability of the signature is based only on widely witnessed agreement. KSI technology allows the veracity of any type of electronic activity, data, software or infrastructure to be independently verified using only formal mathematical methods, without the need for trusted parties. The fingerprints (or signatures) can be easily implemented at Exabyte scale; they never expire and remain quantum-immune i.e. secure even after the realisation of quantum computation.

Jason Erickson’s work can be found at ActivistPost.com and NaturalBlaze.com