Estonia, Internet, Legislation, Security, Technology
International Internet Magazine. Baltic States news & analytics
Thursday, 28.03.2024, 10:00
Estonian Authority to cancel ID-card certificates earlier than planned
"The threat level has changed because the Czech scientists have
published their study and experts have assessed that the possibility and
probability of making a tool that could crack the ID-card is not a matter of
several months, but less. This means that due to security reasons we will
probably cancel the certificates earlier than the previously announced deadline
at the middle of November," chief of communications at RIA Helen Uldrich told BNS.
According to Uldrich, it has not been decided yet what is the exact date.
"It is necessary that as many different people as possible, especially
those who use the ID-card daily, would update," she added. As of Tuesday
the update application has experienced many errors as several times more people
are using the application than usual, Uldrich said. She added that they have
found the cause of the error and are repairing it.
All ID-cards issued after October 16, 2014 and used electronically must be
updated. It is possible to check by document number on the website of
the Police and Border Guard Board whether one's ID-card is among those
with a security risk and needs to be updated. Those people, who do not issue
digital signatures with their card or do not use e-services by inserting their
PIN1 and PIN2, do not have to update their cards, RIA said.
All cards will work as identity documents and loyalty cards until their
date of expiry. It is also not necessary to update one's ID-cards for using
digital prescriptions as a patient.
A computer and card reader are necessary for an ID-card update. In order to
update the card, the compute must have the latest ID-card software and
people must follow the instruction on the screen. Anyone who does not have the
opportunity of updating their ID-card online or experiences errors can do so at
the service offices of the Police and Border Guard Board.
The security risk affects approximately 800,000 ID-cards, including digital
IDs and e-residency and living permit cards. The security risk does not affect
Mobile ID or ID-cards issued before October 2014.
ID-cards that have a security risk can be updated from personal computers
as well as at the service offices of the Police and Border Guard Board until
March 31, 2018. Certificates that have not been updated will be canceled as of
April 1 for security reasons. Documents that have canceled certificates cannot
be updated and a new card must be applied for for electronic use.
According to available information the security risk has never
materialized. Estonia has closed the public key database of the electronic
ID-cards, as the security flaw cannot be exploited for cracking the encryption
on the chip of a card without knowing the public key.
It
became clear in the course of remote updating test period that around 18,000
ID-cards with a security risk cannot be updated remotely, the Estonian Police
and Border Guard Board (PPA) said.
People
who are affected by the error have been personally notified by email, PPA said.
"Based
on previous experience with remote updating, it can be said that the remote
updating of about 10 percent of ID-cards fails. These cards can be updated at
PPA offices," chief of communications at PPA Kristi Ruul told BNS on Wednesday.
PPA
is also considering a possibility of setting up temporary booths in malls where
people can update their ID-card software, Ruul said. "At present we can't
promise anything certain," she added.
According
to Ruul, police officers will be at several shopping malls across Estonia on
Nov. 12, the national police day, to help people update their ID-cards.
PPA
will also extend the opening hours of their offices in Tallinn, Tartu, Parnu
and Johvi.