[HN Gopher] Estonian Electronic Identity Card: Security Flaws in...
___________________________________________________________________
Estonian Electronic Identity Card: Security Flaws in Key Management
Author : dcbadacd
Score : 193 points
Date : 2020-07-02 11:55 UTC (11 hours ago)
(HTM) web link (www.usenix.org)
(TXT) w3m dump (www.usenix.org)
| dijit wrote:
| Anyone wondering if this is a new issue; it's not, it's a more
| detailed writing of some previous issues, one of which being the
| Gemalto affair[0].
|
| The new cards issued in 2018 are not known to have any
| vulnerabilities.
|
| [0]: https://www.linkedin.com/pulse/timeline-estonian-id-card-
| vul...
| kreetx wrote:
| Didn't read the paper but it appears to be fresh, so maybe the
| newsworthy part is that they are still not fixed?
| Avamander wrote:
| The paper is half for giving a technical overview of the
| issues and part new analysis based on datamining old
| certificates. The issues have been mostly fixed, compliance
| violations however are still badly monitored.
| pier25 wrote:
| I'm from the EU and considering incorporating my next company in
| Estonia.
|
| Anyone else in a similar situation has any recommendations or
| ideas about this?
| edko wrote:
| In general, I had a good experiences. There are a few annoying
| things, however: my Estonian bank (VUB) discriminates against
| non-Estonian customers (even if they are EU citizens/residents)
| by applying a foreigners fee. Also, the local business register
| seems to be above data protection laws and sells your
| information. I receive lots of spam just by being in the
| register. Also, if you think that because your company is
| private your financial statements will also be private, that
| won't be the case. They will still sell the information to
| anyone for a few euros.
| AhtiK wrote:
| Make sure to understand the tax laws when it comes to the
| company tax residency in scenarios where you're physically not
| operating in Estonia nor employing people there, nor having
| majority of your clients there.
|
| See my older comment [1] for some related topcis to research.
|
| [1] https://news.ycombinator.com/item?id=21321451
| pier25 wrote:
| Thanks, I will definitely check this out.
| atlasunshrugged wrote:
| Yes, I'd definitely echo that, a huge amount of tax
| implications are based on individual residency/permanent
| establishment so if you're living in say, Germany, for 1/2 of
| the year + 1 day, you should be expecting to pay at least
| your personal income taxes there, and likely the business
| taxes if you're a sole prop without local employees and local
| business. Of course, if you're a true 'digital nomad' who
| doesn't establish residency anywhere it gets much trickier.
| But in general, my advice it to pay for 1-2 hours with an
| accountant up front before you go through setting up a new
| entity somewhere
| pier25 wrote:
| Even if my personal account was in an Estonian bank?
| atlasunshrugged wrote:
| Having a personal account in a local bank may be a data
| point if you want to make a case about where you should
| be taxed but it won't automatically make you have
| permanent establishment or tax resident in Estonia
| pier25 wrote:
| Ah, right.
|
| Yeah I should definitely check with an accountant in the
| country where I will end up residing.
| atlasunshrugged wrote:
| Yeah, highly recommend that. You can also contact
| Estonian folks who do understand the idea of running a co
| in Estonia and living elsewhere which isn't common in a
| country like Germany as local accountants there may be
| confused, there's a bunch of people on this list that
| have gone through at least some govt vetting
| https://e-resident.gov.ee/marketplace/service-providers/
|
| I personally had a good working relationship with 1Office
| in particular and recommend them (wasn't a client but
| they were a partner when I worked for the e-Residency
| program and a buddy's GF works there who I trust and who
| does good work)
| pier25 wrote:
| Would you incorporate again in Estonia?
| Chickenosaurus wrote:
| Yes, the laws don't care about who you bank with. If your
| "center of life" is in Germany, you are required to pay
| income taxes. Although "center of life" is not defined in
| detail in german tax law, there are a number of known
| indicators that are considered. For example, if you
| reside in Germany for 183 days per year or more, you are
| required to pay income tax on all of your income.
| AhtiK wrote:
| "The jTOP SLE78-powered ID cards were issued until the end of
| 2018. ID cards manufactured currently are powered by the chip
| platform supplied by IDEMIA (not covered in this work)."
|
| If my memory serves me right, there was an easy way to check if
| your ID card was affected and it got replaced for free. The flaws
| described in paper are not known to exist in cards issued since
| the end of 2018, beginning of 2019.
| jlgaddis wrote:
| Yeah, an "offline tester" [0] was made available by the
| researchers who discovered ROCA [1] and a company with "close
| links" to the researchers created a "ROCA Vulnerability Test
| Suite" [2]. The Estonian government also had one on their web
| site [3] but it is, apparently, no longer available.
|
| ROCA didn't _just_ affect Estonian ID cards, though. It also
| affected also TPMs (from Infineon), certain Yubikeys [4], and
| even some PGP keys!
|
| ---
|
| [0]: https://github.com/crocs-muni/roca
|
| [1]: https://roca.crocs.fi.muni.cz/
|
| [2]: https://keychest.net/roca/
|
| [3]: http://www.id.ee/?lang=en&id=38239
|
| [4]: https://www.yubico.com/support/security-
| advisories/ysa-2017-...
| chrismeller wrote:
| Yes, the Police and Border Guard has an online tool to check.
| They also supposedly contacted all the people with bad chips
| (my card was not vulnerable, so I can't verify that).
| Etheryte wrote:
| The aftermath of the issue has been previously discussed here
| (2018): https://news.ycombinator.com/item?id=18104861
| PrimeDirective wrote:
| > The flaws of the ID-card is a very politically charged topic to
| discuss in Estonia, having any doubts about the ID-card or
| e-voting will make you a persona non grata.
|
| I somewhat disagree, the discussion tends to get bent by some
| populist agent provocateurs and some of the initial reactions
| from the private sector media. (In Estonia, the government media
| is the most centered out of all news outlets, go figure). What
| these statements usually are is that "ID card has a flaw X,
| therefore we should immidiately ban it, close the R&D and burn it
| with fire", forgetting that crypto and computing in general,
| changes over time. My view is that, of course each flaw has to be
| resolved and sometimes this is political, but this just means the
| work has to continue.
| C1sc0cat wrote:
| Thinking that compulsory id cards "Papers Bitte" are not a good
| thing is not an uncommon view.
| bragh wrote:
| It's not about it being compulsory, but the system being
| unverifiable end-to-end and any criticism of that being
| laughed at.
|
| If you put it into business terms, would you trust an
| employee or vendor who told you that everything was alright,
| did not allow you to perform checks and audits and mocked
| both your and external partners concerns [0] about it? I
| don't think so. If the government is indeed for the people
| and not vice versa, then this is not acceptable.
|
| [0] https://www.youtube.com/watch?v=LkH2r-sNjQs Tom Scott's
| video about e-voting. Funniest rebuttal I saw on Estonian
| social media was that we are secure, since he is talking
| about e-voting, but we have i-voting. So I guess once we will
| call it c-voting, it will be even better...?
| likelyunaware wrote:
| That video had outdated information regarding the Estonian
| e-voting system. The report from 2014 has been invalidated
| by the newer system, IVXV, which has been redesigned to
| address previous criticism. The newer system is open
| source, available at https://github.com/vvk-ehk/ivxv. A
| good source to quickly familiarize yourself with the
| architecure, is "Improving the verifiability of the
| Estonian Internet Voting scheme"[0] by Jan Willemson et al
|
| [0] https://research.cyber.ee/~janwil/publ/ivxv-evoteid.pdf
| aj3 wrote:
| I watched the video. It's a load of crap. I mean, here are
| his arguments (feel free to tell me if I missed something):
| - voting systems inevitably have to be closed source,
| loaded on easily compromisable USB stick, connected to
| internet unguarded and sitting that way for years. In what
| reality is this nihilistic fatalism a reasonable
| expectation? - voter has no way of independently
| verifying that their vote has been processed correctly.
| First of all, this is simply ignorant as there are many
| cryptographical schemes that allow verification, but most
| importantly - how do you know that your vote has been
| processed correctly in our current system? You don't, there
| is no way for you to do that. - US hacking machines
| are routinely exploited at Defcon. That's right. You know
| what else is routinely exploited there? Physical safes,
| which are used for storing you know paper ballots. Also
| cars. And Air Force has promised to bring a fucking
| satellite next year. Something having vulnerabilities in
| the past does not mean it still has them, something having
| vulnerabilities currently does not mean they are easy to
| exploit in practice or can't be detected and mitigated,
| some products in a certain category having vulnerabilities
| does not mean all products in this category will inevitably
| have vulnerabilities in the future and we should just give
| up on ever fixing them. - trusting a person in a
| voting booth to vote for you would be ridiculous, but
| filling a ballot yourself and trusting that it will get
| counted correctly along the way is somehow self obvious - I
| guess because in the first case you clearly see that a
| human is involved in the process and in the second example
| it sort of feels like the process is finished once you
| physically put your vote into a box? - the average
| voter won't understand checksums. Well, maybe the average
| voter shouldn't worry about bad bytes in that case? And how
| come deterministic and auditable cryptography is a problem
| while demonstrably non-deterministic process of current
| paper voting (look at how results always differ ever so
| slightly when votes are recounted) is a non-issue? -
| transferring votes over internet is problematic because you
| can't trust software on either end. Right, because you know
| (never mind trust) everybody that will handle your vote on
| the path from voting booth to the whatever-governing-body-
| is-announcing-results-in-your-country? - central
| computer could be manipulating your votes and only a few
| people will have an opportunity to inspect it. Well, how
| many voting boxes have you been allowed to inspect in your
| life? Are you allowed to go to the central location where
| your votes are aggregated and recount all of them
| personally? How do you know that officials in your voting
| location, precinct or at a national level haven't agreed to
| manipulate the results? - casting doubts on the
| election is easy to do with electronic voting and nearly
| impossible with paper voting. Have you heard this cute
| story about medical masks becoming a conspiracy and symbol
| of oppression among certain population in US? Has nothing
| to do with electrical circuits and everything to do with
| politics. If a current incumbent happens to lose an
| election there you can be sure that election results will
| be called fake, no matter paper or digital. - malware
| exists, so voting from personal devices is ridiculous. Just
| as ridiculous as doing e-commerce or banking? Or in case of
| Estonia getting pretty much any other official business
| done, or so I hear. - a single vulnerability in
| someones computer can be scaled to millions of computers.
| Ok, let's say someone is still using Windows XP and got
| infected with something after downloading GTA from Pirate
| Bay. How does that affect people voting from their iPhones?
| - anecdotes, anecdotes, anecdotes
|
| tl;dr: Stop spreading FUD.
| bragh wrote:
| Please try to think here in terms of probabilities, not
| absolutes and about the threat model.
|
| 1. Closed source and loaded on an USB stick is the
| simplest case. But in the end, how will you still know
| what is the actual code that the eventual tallying system
| is running?
|
| 2. Verification of votes is not about encryption. If you
| allow it to be unlimited, then you can actually sell your
| vote. In Estonia, you can verify your vote 3 times for 30
| minutes after your vote was cast: https://www.oiguskantsl
| er.ee/sites/default/files/field_docum... (point 14 on
| page 5)
|
| 3. Mostly agreed with you about the rate of
| vulnerabilities. But the issue here is that voting is
| such an important of how democractic society works that
| there should be no obvious vulnerabilities or any
| exploitations of vulnerabilities can be easily
| discovered. E-voting has neither of these because again,
| how can we know what code is actually being executed?
|
| 4., 5., 6., 7. Yes, one vote can get lost. Hell,
| thousands can get lost. But on average, I can still count
| on the process eventually working out due to the
| observability. Somebody will find ballots thrown in
| trash, pre-filled ballots, 117% of eligible people
| voting. Sure, in those cases the country is
| unsalvageable, but you will at least know that it is
| happening.
|
| 8. OK, but that is neither here nor there.
|
| 9., 10. If you open up Google Maps and look one country
| eastward, you will understand. As a reference, https://en
| .wikipedia.org/wiki/2007_cyberattacks_on_Estonia Not sure
| on what their planning divisions are cooking up, but I do
| not doubt that they will use any angle they can. What is
| the going price for a Windows 10 0-day anyway, on the
| order of a few hundred k to 1M, I assume? Peanuts.
| nytgop77 wrote:
| 1. Whole paper ballot process is monitored (and
| understood) by all parties. They keep each other in
| check. I can sign up for such monitoring and see for my
| self (at least in my country). Nobody will allow me to
| inspect actual machine used to count votes. 2. To hack
| paper ballot voting, conspirasy must include many more
| people than e-voting.
| 8organicbits wrote:
| Correct, wikipedia even documents this:
|
| https://en.m.wikipedia.org/wiki/Your_papers,_please
| ZWoz wrote:
| ID card is mandatory by law, but there aren't sanctions (in
| my knowledge). You need some kind document though, in US that
| is usually drivers license. I don't see big difference here.
| JoeAltmaier wrote:
| Seems interesting, but security flaws were in a countable (small)
| number of cases. Is this a general issue?
| pisipisipisi wrote:
| This shows the issues in process and attitude. Even in the case
| of ROCA, you do not really break the crypto part itself, you
| wiggle around the implementation and procedure issues to bypass
| it.
| fabianlindfors wrote:
| Are there any Estonians here on HN who would be willing to chat a
| bit about digital identities in your country? I'm working on
| bringing e-ID to more people (https://getpass.app/) and looking
| to get a better understanding of current solutions.
|
| Feel free to reach out, my email is fabian (at) flapplabs.se
| Stierlitz wrote:
| > n this paper, we describe several security flaws found in the
| ID card manufacturing process ..
|
| Like accidentally on purpose,secure up to a point, but weak
| enough to allow the spooks to generate their own IDs. I mean if
| the cards were unhackable how would a spy do his job :]
| chrismeller wrote:
| As an American residing in Estonia, I'm not sure what the
| benefit of a state compromising the card crypto would be. There
| are four broad categories of uses for the ID cards:
|
| 1) Obviously, a government-issued photo ID
|
| 2) For an increasing number of shops, as your "frequent
| shopper" card, which admittedly is slightly related to...
|
| 3) Authentication, including: logging into your bank,
| government websites (the state portal, the tax authority, the
| the "digital story" - all your medical records, the online
| booking website for booking some combination of
| surgeons/specialists that operate under the public healthcare
| system), the (one) online pharmacy that exists, etc.
|
| 4) Signing things. I've signed my lease with it (though
| "paperless" Estonia still wanted me to sign a paper version as
| well) and more routinely you have to "digitally sign" any bank
| transfers... which are the standard way to pay bills in
| Estonia, so you do it a lot. Finally, voting online.
|
| I don't see how broadly compromising the crypto would really
| benefit anyone for any of those things, it would have to be a
| more specific individual attack, like draining your bank
| accounts.
|
| Edit: formatting, added voting
| LatNax wrote:
| A single leak can be bad, multiple leaks piled into a single
| actor can be life changing.
| pisipisipisi wrote:
| Getting asked as an expert "can this id card thing be
| trusted?" my answer has been "for communicating with the
| government you inherently don't trust, the method or security
| of an authentication device does not really matter" (filing
| your taxes or logging to services being the scope). Some
| claiming encryption privacy issues ... Well, for any
| meaningful opsec you should not be using the id card for
| encrypting messages about overthrowing the same government
| issuing the encryption devices in the first place, if
| government reading your messages is a threat in your model.
| chrismeller wrote:
| Yeah, I think the biggest risk would be rigging an
| election, but we're talking about a country of 1.2 million
| people. Not to dismiss the importance of their elections on
| Estonia, it doesn't really have the same worldwide
| ramifications that compromising a US, UK, German, etc.
| election would have.
| Strom wrote:
| Rigging (digital or not) would be hard to hide, because
| it could only be a minor adjustment to remain plausible.
| All the election results end up roughly similar to all
| the various independent polling results. If some party
| suddenly receives a lot more votes than they polled for -
| it will be noticed.
|
| Also Estonia already has a history of (non-digital)
| election rigging [1] so rhetoric of the " _digital
| results in rigging, keep it physical for safety_ " kind
| isn't super convincing.
|
| --
|
| [1] https://en.wikipedia.org/wiki/1940_Estonian_parliamen
| tary_el...
| dane-pgp wrote:
| > Rigging (digital or not) would be hard to hide, because
| it could only be a minor adjustment to remain plausible.
|
| How many more votes would the party in second place at
| the last election have needed in order to have won
| instead?
|
| > If some party suddenly receives a lot more votes than
| they polled for - it will be noticed.
|
| Is there a mechanism by which the election could be run
| again (before the winners of the election have a chance
| to prevent this)?
|
| > Also Estonia already has a history of (non-digital)
| election rigging
|
| Or it's an argument that a voting system should have both
| hand-counting and digital counting, because rigging both
| counts is at least twice as difficult as rigging one.
| aj3 wrote:
| > Or it's an argument that a voting system should have
| both hand-counting and digital counting, because rigging
| both counts is at least twice as difficult as rigging
| one.
|
| Unless the party rigging the counts is the one currently
| in power. Which in my opinion is the main risk, however
| minuscule and unrealistic.
| Strom wrote:
| > _How many more votes would the party in second place at
| the last election have needed in order to have won
| instead?_
|
| 5.8% of the total votes [1] but winning the election is
| just part of the game. This time around the winning party
| isn't in power because the runner ups formed a coalition.
|
| > _Is there a mechanism by which the election could be
| run again (before the winners of the election have a
| chance to prevent this)?_
|
| Several - the previous government would still be in power
| for some time to react, the president has to sign off on
| the winners, the defense police could intervene, and then
| there are the courts. None of these entities depend on
| the newly elected government.
|
| > _both hand-counting and digital counting_
|
| That would certainly be more secure, but like all
| security it would be a trade off.
|
| --
|
| [1] https://rk2019.valimised.ee/en/election-
| result/election-resu...
| ants_a wrote:
| > How many more votes would the party in second place at
| the last election have needed in order to have won
| instead?
|
| It's a multiple party proportional representation system
| so who "wins" doesn't really matter that much.
|
| > Is there a mechanism by which the election could be run
| again (before the winners of the election have a chance
| to prevent this)?
|
| I'm not an electoral law expert, but complaints about
| election process go to National Electoral Committee,
| which can have its decision contested in Supreme Court.
|
| > Or it's an argument that a voting system should have
| both hand-counting and digital counting, because rigging
| both counts is at least twice as difficult as rigging
| one.
|
| The e-voting over here is actual e-voting - the vote is
| purely digital and done remotely. Not in any way related
| to the digital vote counting machines used in the US.
| themacguffinman wrote:
| > Rigging (digital or not) would be hard to hide, because
| it could only be a minor adjustment to remain plausible.
|
| As candidates & parties become more competitive, the
| difference in their voting shares tends to narrow.
| Eventually you end up with large coalitions that split
| the electorate fairly evenly. A small adjustment is all
| it'd take to tip the scales. If landslide victories are
| common, I'd say your political system is doing something
| wrong.
| aj3 wrote:
| > As candidates & parties become more competitive, the
| difference in their voting shares tends to narrow.
|
| This reads like a pure American exceptionalism.
| xyzzy123 wrote:
| I know your comment was tongue in cheek but this has come up in
| the digital Id space before. All these things get bootstrapped
| off government sources and spooks have no problems because
| governments control those databases. You don't need technical
| hacks if you control the systems of record.
| dane-pgp wrote:
| So what's to stop the ruling party from issuing its loyal
| spooks thousands of ID cards in key districts, which they
| then use to cast fraudulent votes in the election?
| roywiggins wrote:
| The spooks are the same government issuing the ID. They can
| just call up the department issuing the IDs and ask for a batch
| of new identities. No technical flaws necessary.
| bragh wrote:
| Brave guy to publish this, hopefully it won't end up similar to
| the Dreyfus affair -- depends on which the media will roll due to
| it being "pickled cucumber season" (everybody is on vacation,
| nothing much happening during summer in Estonia). The flaws of
| the ID-card is a very politically charged topic to discuss in
| Estonia, having any doubts about the ID-card or e-voting will
| make you a persona non grata.
| Etheryte wrote:
| Regarding your last point, I have a hard time seeing what you
| mean. The system is audited both internally and externally
| fairly regularly, the latest report being released just
| December last year [0]. There is also frequent news coverage,
| both supporting and criticizing the system [1][2]. One of the
| current government parties [3] is an active critic of the
| system. So it seems like a fair stretch to say that discussing
| or criticizing the system isn't common or somehow not welcome.
|
| None of this is to say that the system doesn't have flaws, as
| every other IT system, it does. It is however publicly
| discussed as you would expect in a democracy.
|
| [0]
| https://www.mkm.ee/sites/default/files/e-valimiste_tooruhma_...
|
| [1] https://www.err.ee/keyword/15389
|
| [2] https://www.postimees.ee/term/15008/id-kaart
|
| [3] https://www.valitsus.ee/et/peaminister-
| ministrid/valitsuse-k...
| bragh wrote:
| > The system is audited both internally and externally fairly
| regularly, the latest report being released just December
| last year
|
| Can you please clarify the 'fairly regularly' part? One of
| the members of that commission said that this is the first
| time that this kind of audit has been undertaken:
| https://digi.geenius.ee/rubriik/uudis/e-valimiste-
| tooruhma-l... To be fair, there are lots of other reviews
| having taken place, but none of them are regular with the
| exception of the OECD ones happening during elections: https:
| //et.wikipedia.org/wiki/Elektrooniline_h%C3%A4%C3%A4le...
|
| > There is also frequent news coverage, both supporting and
| criticizing the system
|
| ERR is government-funded and seems to me quite neutral, not
| sure how it is relevant here. But it still seems to me that
| mainstream media is supportive and you have to go to
| "alternative" news sources to find any true criticism.
|
| > One of the current government parties [3] is an active
| critic of the system.
|
| Actually 2, if you count both KE and EKRE. And this is one of
| the major criticisms against those parties and has been so
| for years.
|
| A good example of the prevailing attitude can be seen in this
| thread from 2017 about the security hole back then from
| Hinnavaatlus, probably biggest IT-related forum in Estonia: h
| ttps://foorum.hinnavaatlus.ee/viewtopic.php?t=715076&postda..
| . The general tonality in the beginning was that this is a
| tinfoil problem and somehow brought up by KE and EKRE before
| elections until the reality of the situation sunk in.
| raxxorrax wrote:
| Being spammed with reviews after mentioning that there might
| be a disagreement about electronic id data collection drives
| the original point a bit.
| Etheryte wrote:
| While I try to sympathize, I'm not entirely sure I see what
| you mean. Neither the research linked in the submission nor
| anything that I linked to discusses data collection, unless
| I'm grossly misunderstanding you.
|
| As for the things I linked, none of them are reviews. The
| first link is a ministry report from last year that
| outlines 25 shortcomings of the system and how to address
| them -- a clear example that there's open discussion about
| any problems the current system has. The second and third
| links are national news coverage that clearly show articles
| from both pro and con sides. The last link is about the
| current government in general.
| atlasunshrugged wrote:
| Having worked for the Estonian government for a bit, I'm not
| sure that it'll exactly make you a persona non grata but
| definitely you'll get a ton of pushback if you make any claims
| about e-ID and e-voting as people have very strong feelings
| about it.
| Svip wrote:
| > "pickled cucumber season"
|
| Funny, it's called "cucumber time" (agurketid) in Danish. I
| wonder if it's a related term in Nordic countries + Estonia.
| praseodym wrote:
| It's also called "komkommertijd" ("cucumber time") in Dutch.
| Not pickled, because we call pickles "augurken".
| sputr wrote:
| Yeah, we also use 'time of pickled cucumbers' in Slovenia. So
| not just a nordic thing ;)
| gspr wrote:
| We also call it "agurktid"/"agurknyheter" in Norwegian, and I
| know the Germans use "Sauregurkenzeit".
|
| I've never heard any similar expression in English, nor in
| any Romance languages. The Brits use "silly season" for the
| same concept in journalism/news.
| atlasunshrugged wrote:
| Ha, I'm an American who lived in Estonia for a bit, I'm not
| familiar with any related US term. Maybe we just don't have
| this as much as Europe - I know I was shocked at how slow
| business got in the EU in summer, there's for sure a dip in
| the US with people going on vacation but nothing like
| Europe in July/August
| eitland wrote:
| > I was shocked at how slow business got in the EU in
| summer, there's for sure a dip in the US with people
| going on vacation but nothing like Europe in July/August
|
| Reminds me of back when I worked for a company that
| exported machines to the US and my boss told an American
| customer that we couldn't get a shipment sent in June
| which meant it couldn't be sent before somewhere in
| August since key personell was on holiday in July.
|
| They then asked if he couldn't just tell us we _had to
| work_ anyway, which -luckily for us- wasn 't an option.
| kube-system wrote:
| One time here in the US I had to work late hours and
| weekends to hit an ambitious deadline for a French
| customer who wanted to review our work before they all
| went on their vacations.
| eitland wrote:
| Oh, that was a nice thank you from us pampered Europeans!
| /s
|
| Sorry, hope you got some nice overtime bonus (but I fear
| not.)
| kube-system wrote:
| Overtime? Ha. Almost all salaried jobs in the US are
| exempt from overtime laws.
| atlasunshrugged wrote:
| Yeah that sounds like a classic American move - who cares
| if they're on vacation, just make them work! Glad your
| employer stood up for you all (or that the law forced
| him/her to)!
| M2Ys4U wrote:
| Most people in Europe have at least 5 weeks paid leave a
| year guaranteed by law.
|
| The US does not sent a mandatory minimum, and
| consequently many employers don't offer anywhere near as
| much time off.
| krzyk wrote:
| and "sezon ogorkowy" (cucumber time) also in Poland :)
| kaliszad wrote:
| Okurkova sezona in Czech
| [deleted]
| pisipisipisi wrote:
| He is a well-known researcher in Estonia, with his scope of
| work both known as well as appreciated (at least by the non-
| politicians). Of course some have the "too big to fail", thus
| "you don't talk about Vo..." attitude, but those want to turn
| technical argumentation into political "agreement" and it is
| hard to debate a 0 to become 1. You can't argue with computers,
| "lets agree this 0 is as good as 1, even better and greater!"
___________________________________________________________________
(page generated 2020-07-02 23:00 UTC)