Information & Ethics committee  The recent development was that when I vote, after that I can.... For example, if I go to a computer, I can check whether or not my vote reached its destination. I can check that with my mobile phone. There are two ways to make sure that my vote went to the place it was supposed to.

Information & Ethics committee  To be honest, I'm not sure that I understood your question.

Information & Ethics committee  I don't have the calculation of how much the certificate costs, but the ID card with cryptoprocessor certificates and everything costs 20 euros per person. We didn't need to change the ID cards, only the certificates, so I would guess that it cost maybe 1 euro per person.

Information & Ethics committee  We manage the inside vulnerabilities again by using the ID cards. With respect to what different persons do in the cyber-environment, there is going to be a log. Everything is going to be logged, and we can investigate the log later. If the administrator, for example, wants to do something in the system, they have to identify themselves with their ID card.

Information & Ethics committee  Let me explain how the system works. Maybe it will answer your question. On the slide you see these different databases. Some of them are in the public sector and some of them are in the private sector. We make the connectivity between the databases through the secure data exchange environment.

Information & Ethics committee  Yes. We found out that the company that produced the ID cards for us didn't use the best possible encryption logic. The cryptoprocessors that were on the cards were not made as per what was written into the contract. Basically, they were not good enough. These chips were produced by the Swiss company Gemalto, and the specific chips were made by German company Infinia.

Information & Ethics committee  The update was done over the Internet, the same as we do updates for our personal computers. Resource-wise, it wasn't very massive. It simply meant that each person had to plug their ID cards into their personal computers and update the certificate. They have to do it anyway every second year, so in this case they had to do it earlier.

Information & Ethics committee  If I think back to the time when we had this incident, I ask myself what lessons we learned. One is that we have to co-operate more closely with the countries that believe in the same values as we do—basically, all democratic countries. Regarding those countries that don't appreciate the democratic way, we just have to keep in mind that we need other solutions, technical solutions or otherwise, to prevent other incidents from happening.

Information & Ethics committee  We do that through the European Union, because all these countries you've probably referred to are quite big. They are simply not discussing this matter with us, so the only way to deal with these countries is through the EU foreign policy. Also, let's say that the international co-operation or foreign policy in this area gives something like probably 30% of the security, but most of the things that we could do are still technical.

Information & Ethics committee  Maybe you can clarify your question.

Information & Ethics committee  No, absolutely not. That's the information that only I see. Not even different state institutions see that. Only I see the whole picture that concerns me. Different state agencies see only the portion for which they are responsible.

Information & Ethics committee  Information is very specifically described in the public information law. We have specific law that describes what information is public, what is personal, and what is for administrative use. The whole system, the technical system, is built according to this law.

Information & Ethics committee  Yes, exactly. The control is done by the data protection inspectorate, the same agency that I mentioned before. They have the authority to oversee all activities in the digital world.

Information & Ethics committee  We believe that we don't know the Canadian situation so well. What we can say is that everything—at least, what we do in the digital world—is based on legislation that was developed with digital development in mind.

Information & Ethics committee  It might be surprising, but since we implemented the electronic ID cards, we have not had identity theft cases. We have had cases regarding their Facebook activities, but that's not the same thing. Regarding ID cards and accessing and using government services, we have not had any identity theft cases.