Estonia’s digital ID shutdown brings security to the spotlight

By GovInsider

760,000 people did not have access to online services while a security flaw was fixed.

Estonia, where citizens use their digital identity to get access to government services online, has identified a security flaw in 760,000 digital ID cards.


Estonia shut down access to online services last weekend due to an encryption vulnerability in the chips of affected smartcards. The security issue was first identified in September, and plagues other cards, chips and systems made by the card manufacturer.


While the manufacturer has resolved the problem last month, Estonian owners of affected cards still needed to apply for updated certificates.


Police stations and other government offices were packed with citizens trying to update their IDs, mostly due to the fact that the online service for updates kept crashing last week.


In a statement, Prime Minister Juri Ratas said that there have been no instances of e-identity theft as far as the government is aware, but nevertheless, “the functioning of an e-state is based on trust and the state cannot afford identity theft happening to the owner of an Estonian ID card”.


The government has given all citizens until March 2018 to update their ID cards to avoid this security flaw.


In a bad month for digital identity systems, the Slovakia digital ID card has also revealed security weaknesses. Its nationwide digital identity system was derailed by a serious security flaw affecting around 300,000 ID cards.


The chips in these cards were made by the same manufacturer, German company Infineon.


Estonia is considered a leading nation in online government service delivery. Former Prime Minister Taavi Roivas has previously told GovInsider that digital government is “a big part of the Estonian image worldwide.”


Singapore, India, and the European Union are just a few governments that are setting up digital identity systems. This encryption flaw is likely to serve as a warning to the world on the importance of security in digital identities.


Image by EU2017EE Estonian PresidencyCC BY 2.0