Kurat võtku! Estonia identifies security risk in almost 750,000 ID cards
That's over half the population
The Estonian government has discovered a security risk in its ID card system, potentially affecting almost 750,000 residents.
"When notified, Estonian authorities immediately took precautionary measures, including closing the public key database, in order to minimise the risk while the situation can be fully assessed and a solution developed," according to an email by Kaspar Korjus, managing director of e-Residency, to users.
The government said the security risk is still theoretical and is not aware that anyone's digital identity has been misused. The use of an ID card is still safe for online authentication and digital signing.
ID cards issued before October 16, 2014, use an alternate chip and are not affected, nor are mobile-IDs.
In a statement Taimar Peterkop, director general of the Estonian Information System Authority, said: "According to the current assessment of Estonian experts, there is a security risk and we will continue to verify the scientists' claims."
Gareth Niblett, a security consultant holding Estonian residency, said this is not the first time there have been issues with the e-ID card.
"Last year a number of cards and certificates had to be reissued due to how Google Chrome did certificate validation checks and also a migration to SHA-2. This makes me confident that they will manage to deal with this issue too."
Estonia has often been positioned as a poster boy for digital government, with all residents interacting with the state online via the country's ID card system.
In late 2014 Estonia became the first country to offer electronic residency to people from outside the country, a step that the Estonian government terms as "moving towards the idea of a country without borders".
Estonia's state apparatus is relatively new, having restored its independence as a sovereign nation in 1991 following the Soviet occupation. ®