Last Thursday, Estonia’s Information System Authority (RIA) was informed by an international group of researchers that a potential security risk had been detected affecting all national ID cards issued in Estonia after October 2014.
Estonian experts have determined that the potential risk does indeed exist, affecting 750,000 currently valid ID cards issued after Oct. 17, 2014.
ID cards issued prior to this date use a different chip and are unaffected by this risk. Likewise unaffected is the SIM card-based Mobile-ID system, which the government is recommending people sign up for.
“According to Estonian experts’ current assessments, the security risk exists and we will continue testing the researchers’ claims,” said RIA director general Taimar Peterkop. “We have already worked out initial solutions for risk mitigation and are doing everything we can to ensure that the security of ID cards remains guaranteed.”
The RIA confirmed that no cases of identity theft have been reported. “Based on current information, the given security risk has not been realized and nobody’s digital identity has been abused with its help,” Peterkop said.
The Police and Border Guard Board (PPA) has confirmed that ID cards will continue to be issued and remain in use. “The risk is great enough to take seriously, but not enough to cancel the cards,” noted Minister of Entrepreneurship and Information Technology Urve Palo (SDE)
Prime Minister Jüri Ratas (Center) said that this incident will not affect the course of the Estonian e-state. Estonian authorities have also confirmed that IT specialists will be able to eliminate the security risk, but that this will take time.
Early and online voting in this fall’s local government council elections is scheduled to begin on Oct. 5; the State Electoral Office [former National Electoral Committee] will make a decision regarding the use of potentially affected ID cards for online voting in these elections.