Estonian citizens and overseas “e-residents” rely on digital ID cards for services like banking and online voting.
Security researchers revealed the possibility of identity theft due to a security bug in September.
Estonia has frozen the cards until their owners update to a new security certificate.
A prominent security expert said ID cards pose a national security risk.
Estonia has frozen the digital ID cards for its popular e-residency programme, two months after discovering a major security flaw that could enable identity theft.
The ID cards are used by Estonian citizens and foreign “e-residents” and underpin services like banking, online voting, tax, medical records, and travel. The e-residency programme is also popular with British entrepreneurs who want to set up their company within the EU, particularly after the Brexit vote. According to Wired, more than 1,000 UK entrepreneurs have applied for the programme so far.
Estonia has suspended any ID card issued between 16 October 2014 and 25 November 2017, until its owners have updated to a new security certificate. There’s just one problem: everyone’s trying to update their cards at once, and overseas e-residents have had error messages when trying to update.
Oh FFS what next. Think I’ve spent 95% of my time with Estonian #eresidency trying to make the damn thing work 🙁 pic.twitter.com/3f0C5Zk8zT
— Jon Southurst (@southtopia) November 3, 2017
Estonia said it had initially prioritised security updates for residents who rely on the cards for banking and other everyday services, but that all e-residents could now access the bug fix. They have until the end of March 2018 to do so.
Kaspar Korjus, managing director for the e-resident programme, wrote:
“We are aware that many citizens, residents and e-residents have been receiving error messages due to the high volume of people updating at the same time.
As a result, the ability to update certificates was temporarily restricted last weekend in order to prioritise people who use their digital ID cards to provide vital services, such as medical professionals inside Estonia, as well as the most frequent users, which will include e-residents that will be notified by email.”
Estonian prime minister Jüri Ratas said there were no known instances of ID theft as a result of the bug.
The Estonian government revealed the original flaw in September, but gave no details. At the time, it said the flaw affected 750,000 ID cards and it closed its public …read more
Source:: Business Insider