Estonia to provide €670,000 in support for Mobile-ID access development ({{commentsTotal}})

Mobile-ID being used to digitally sign a document.
Mobile-ID being used to digitally sign a document. Source: (Postimees/Scanpix)

In connection with a security flaw revealed in the chip used in hundreds of thousands of Estonian ID cards, residence permits and e-Residency cards, the Estonian government will prioritize enabling access to important information systems via Mobile-ID and is ready to provide €670,000 toward developing services with Mobile-ID access.

The government has compiled a list of important e-services the work of which would be affected should the ID card security risk be realized as they do not support the SIM card-based Mobile-ID. There are currently 136 such services nationwide, 44 of which were deemed high priority. Most of these services are in the area of government of the Ministry of Social Affairs, including healthcare services.

To prevent potential problems, the government has proposed filing an application for financing the development work and authorizing the Ministry of Finance to disburse €670,000 for developing Mobile-ID support. Of this money, €260,000 would go toward the Ministry of the Interior and €230,000 to the Ministry of Social Affairs.

Services which would become unaccessible for cardholders affected by the security risk should the cards be deactivated include, for instance, population register processing software, the issuing system of digital prescriptions, the activity license register of the Agency of Medicines as well as services of the national gazette Riigi Teataja, which would mean that it would not be possible to publish new laws. The information system of surveillance procedures as well as various medical institutions' systems would likewise be affected.

750,000 ID cards affected

On Aug. 30, an international group of researchers informed the RIA that they had discovered a security risk affecting all ID cards issued in Estonia beginning in Oct. 2014, including ID cards issued to Estonian e-residents. Nearly 750,000 ID cards are affected by the issue.

ID cards issued prior to Oct. 16, 2014 used a different kind of chip and are not affected by the current risk. The security risk likewise do not affect Mobile-ID users.

Security patch to be rolled out in November

In late September, the Information System Authority (RIA) announced that they would be releasing a patch for the security risk in November after a test run in October.

Margus Arm, head of the eID field and work group at RIA, said that the application is currently being tested, and test cards have also been distributed to banks so that they can ensure it is compatible with various e-services.

"The new software will allow people to renew their ID cards' security certificates wtihout leaving home, and if all goes according to plan, the certificate renewal process will begin in November of this year," he said.

ID card security certificates can be renewed remotely from one's home or work computer during a two-month window that will last through the end of December. Cardholders must download the latest version of the ID card software and then follow the on-screen instructions.

From January through the end of March next year, ID card security certificates can only be renewed in person at Police and Border Guard Board (PPA) service points. As of April 2018, all unrenewed security certificates for at-risk ID cards will be voided.

Editor: Aili Vahtla

Source: BNS, ERR



Siim Kallas.

Interview: Siim Kallas on ambitions, Estonian politics, and EU presidency

Following the local elections in October this year, Reform Party founder, former prime minister, EU commissioner, and presidential candidate Siim Kallas took on the job of municipal mayor of Viimsi, a community on the outskirts of Tallinn. In his interview with ERR's Toomas Sildam, Kallas talks about local government, his party, the EU presidency, and perspectives in Estonian politics.

ERR kasutab oma veebilehtedel http küpsiseid. Kasutame küpsiseid, et meelde jätta kasutajate eelistused meie sisu lehitsemisel ning kohandada ERRi veebilehti kasutaja huvidele vastavaks. Kolmandad osapooled, nagu sotsiaalmeedia veebilehed, võivad samuti lisada küpsiseid kasutaja brauserisse, kui meie lehtedele on manustatud sisu otse sotsiaalmeediast. Kui jätkate ilma oma lehitsemise seadeid muutmata, tähendab see, et nõustute kõikide ERRi internetilehekülgede küpsiste seadetega.
Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: