Estonia, Financial Services, Legislation, Security, Technology
International Internet Magazine. Baltic States news & analytics
Wednesday, 24.04.2024, 11:35
Estonian Infosystem Authority advises to update ID-cards with security risk
All ID-cards
issued after October 16, 2014 and used electronically must be updated. It is
possible to check by document number on the website of the Police and
Border Guard Board whether one's ID-card is among those with a security risk
and needs to be updated. Those people, who do not issue digital signatures with
their card or do not use e-services by inserting their PIN1 and PIN2, do not
have to update their cards, RIA said.
All cards will work as identity documents and loyalty
cards until their date of expiry. It is also not necessary to update one's
ID-cards for using digital prescriptions as a patient.
Taimar Peterkop, director general of RIA that the remote update solution has been created
while racing against time and it is not ideal.
"The technical capacity of the remote update
application is limited and approximately 1,000 people can simultaneously update
their cards. There are definitely delays caused by overload and times when it
is not immediately possible to carry out a remote update and people must try
again later," Peterkop said. Approximately 15,000 people can update
their cards during one day.
A compute and card reader are necessary for an ID-card
update. In order to update the card, the compute must have the
latest ID-card software and people must follow the instruction on the
screen. Anyone who does not have the opportunity of updating their ID-card online
or experiences errors can do so at the service offices of the Police
and Border Guard Board.
The security risk affects approximately 800,000
ID-cards, including digital IDs and e-residency and living permit cards. The
security risk does not affect Mobile ID or ID-cards issued before October 2014.
ID-cards that have a security risk can be updated from
personal computers as well as at the service offices of the Police and Border
Guard Board until March 31, 2018. Certificates that have not been updated will
be canceled as of April 1 for security reasons. Documents that have canceled
certificates cannot be updated and a new card must be applied for the
electronic use.
Altogether 20,000 people have updated their documents
so far.
On September 5, Prime Minister Juri Ratas announced at a press conference that a security risk has been found
in the ID-cards and recommended that people start using Mobile ID instead. The
potential security risk affects ID-cards issued since October 2014, including
cards issued to e-residents, which number approximately 750,000. At the same
time experts said that the risk is only theoretical and cracking the code of
all faulty cards would cost approximately 60 billion euros.
According to available information the security risk
has never materialized. Estonia has closed the public key database of the
electronic ID-cards, as the security flaw cannot be exploited for cracking the
encryption on the chip of a card without knowing the public key.