Following an extraordinary meeting of the National Defence Council on Friday morning, President Kersti Kaljulaid said that Estonian agencies did a B+ job solving the ID card security issue that cropped up unexpectedly this fall.
Kaljulaid told reporters that she convened the National Defence Council because she did not want to let a good crisis go to waste, so to speak, as life sent a widespread, yet-unorganized exercise their way.
The Estonian head of state expressed her conviction that Estonia’s reputation as an e-state has rather improved following the ID card security issue and its subsequent resolution.
She stressed that Estonia is currently essentially the only country in the world where society is dependent on e-services. “Figuratively speaking, we are simply on the front lines,” said the president. “Such things can happen to us; they can’t happen to others.
“The citizens of other countries also have digital identities; they were closed and absolutely nothing happened,” Kaljulaid continued. “We could not allow this; we had to repair a moving car. And we managed to do so, more or less to a B+ level. This rather improves the reputation of the Estonian e-state.”
Police and Border Guard Board (PPA) Director General Elmar Vaher said that as of Friday, 200,000 people have updated their ID card certificates, nearly 150,000 of whom did so remotely and the remainder of whom did so in person at PPA service points.
Suspended ID card certificates can be updated through March 31, 2018.
Certificates suspended last Friday
Last Thursday, Nov. 2, the Estonian government decided at a Cabinet meeting to suspend the certificates of Estonian ID cards vulnerable to a detected security risk, which numbered approximately 800,000 in total, at midnight the next night.
Prime Minister Jüri Ratas explained at a government press conference that evening that the Czech researchers who had initially discovered the security risk affecting all ID cards issued in Estonia beginning Oct. 16, 2014, including national IDs and the ID cards issued to Estonian e-residents, had published their research in full last week, which increased the risk of the vulnerable ID cards being exploited to a critical level.
ID cards issued prior to Oct. 16, 2014 used a different kind of chip and are not affected by the current risk; also unaffected are ID cards issued beginning at the end of last month.
Police have also urged residents who actively use their ID cards as electronic ID to also sign up for the SIM card-based Mobile ID, which is likewise unaffected by the security risk.