Estonia, Internet, Legislation, Technology
International Internet Magazine. Baltic States news & analytics
Tuesday, 19.03.2024, 06:05
Many Estonian ID cards and e-residents cards have faulty certificates
On September 15, it was revealed that Google has, in developing its browser Chrome, toughened the formal control of certificates. "The screws were turned on so tight that several hundred thousand Estonian ID cards, digital identity cards and to be honest, e-resident cards were hit – they do not get through Chrome's strict security conditions anymore, they cannot log in the web site," writes the State Information System Agency (RIA) analyst Anto Veldre in the agency's blog.
According to Veldre, the mistake lies in the fact that the certificate should start with certain agreed upon bits – modules should be positive, but the certificates created by AS Sertifitseerimiskeskus started with minus bits. "These minus bits do not pose a direct security threat," explained the analyst, adding that it is just not nice to ignore the standard.
Veldre said that such "incorrect interpretation" of bits is in conflict even with Sertifitseerimiskeskus own in-house standard – certification policy and he wondered how the mistake could go through the company's control mechanisms – audits.
In order to save all the people with an ID cards with invalid certificates having to go to the Police and Border Guard Board offices, especially when it comes to the nearly 5,000 residents, RIA is turning back to the times when the ID-card certificates and software could be updated over the Internet.
RIA electronic identity sphere manager Vallo Veinthal said that creating the remote update possibility is inevitable, because otherwise it is difficult to ensure the co-functioning of the Estonian ID card with constantly revolving operating systems and browsers.
Estonia has less than six months to create a new system, since then Google releases its new Internet browser software, and from this moment people with faulty ID-card software cannot identify themselves in it anymore. The ID cards with defective certificates were issued for a year, since September 2014. All Estonian e-residents' ID-cards have been issued then.