Estonia, Internet, Legislation, Technology

International Internet Magazine. Baltic States news & analytics Tuesday, 19.03.2024, 06:05

Many Estonian ID cards and e-residents cards have faulty certificates

BC, Tallinn, 05.10.2015.Print version
As the result of good work of software giant Google, a flaw was discovered in the certificates of Estonian ID cards, which concerns nearly 250,000 ID card holders and among them also all the more than 5,000 Estonian e-residents cards, LETA/Postimees Online reports.

On September 15, it was revealed that Google has, in developing its browser Chrome, toughened the formal control of certificates. "The screws were turned on so tight that several hundred thousand Estonian ID cards, digital identity cards and to be honest, e-resident cards were hit – they do not get through Chrome's strict security conditions anymore, they cannot log in the web site," writes the State Information System Agency (RIA) analyst Anto Veldre in the agency's blog.

 

According to Veldre, the mistake lies in the fact that the certificate should start with certain agreed upon bits – modules should be positive, but the certificates created by AS Sertifitseerimiskeskus started with minus bits. "These minus bits do not pose a direct security threat," explained the analyst, adding that it is just not nice to ignore the standard.

 

Veldre said that such "incorrect interpretation" of bits is in conflict even with Sertifitseerimiskeskus own in-house standard – certification policy and he wondered how the mistake could go through the company's control mechanisms – audits.

 

In order to save all the people with an ID cards with invalid certificates having to go to the Police and Border Guard Board offices, especially when it comes to the nearly 5,000 residents, RIA is turning back to the times when the ID-card certificates and software could be updated over the Internet.

 

RIA electronic identity sphere manager Vallo Veinthal said that creating the remote update possibility is inevitable, because otherwise it is difficult to ensure the co-functioning of the Estonian ID card with constantly revolving operating systems and browsers.

 

Estonia has less than six months to create a new system, since then Google releases its new Internet browser software, and from this moment people with faulty ID-card software cannot identify themselves in it anymore. The ID cards with defective certificates were issued for a year, since September 2014. All Estonian e-residents' ID-cards have been issued then.






Search site