What was the role of OPTA, responsible for supervision of the electronic signature market in the Netherlands? And what was the role of IT auditors PricewaterhouseCoopers and BSI who performed audits?
What has been communicated to the government about this? On the basis of which risk assessment was the tender conducted? What recommendations and agreements have been made as a result of these audits?
The company discovered the first hack at the end of July, but DigiNotar only informed victims when everything came out via an Iranian dissident at the end of August. Why did it then take a whole week before measures were taken and the government terminated trust in DigiNotar? Did the government, like DigiNotar, know that certificates were being misused in Iran? Did the hong kong phone number list government put pressure on browser makers in the first few days to continue to trust DigiNotar? Why did Govcert have to hear about this from its German colleagues and did it not hear the alarm bells ring itself? Were there contingency plans in place to act quickly and adequately?
Who is at risk?
What specific dangers do these blunders expose Iranian internet users to? What are the implications for Iranian bloggers and human rights defenders? DigiNotar’s month-long hush-hush hack has given the Iranian regime ample time to see who they are.