While Estonia's Information System Authority (RIA) on Tuesday invited holders of ID cards vulnerable to a potential security risk to begin renewing their certificates, the renewal process was severely impaired by technical issues overnight.
"Errors occurred last night which we will resolve as soon as possible, but nonetheless we recommend that people utilize the opportunity to renew [their certificates] remotely, as despite the errors it is still a more convenient option than going to a [Police and Border Guard Board] service point in person," RIA Director General Taimar Peterkop told ERR's online news portal.
Simply put, the ID card certificate renewal process involves four agencies — the RIA, the Police and Border Guard Board (PPA), SK ID Solutions and Gemalto — and the process runs smoothly if all four agencies' own systems are functioning.
"It all depends on the cooperation between the parties' servers, and if one party runs into problems, it cripples the entire process," Peterkop explained. "Last night, that is what happened with one party."
RIA has also made it clear that it is a matter of days until the current certificates of vulnerable ID cards are blocked, which means that in order to ensure the smooth, continued use of ID card-related services, it would be a good idea for people to renew their certificates as soon as possible, either remotely or in person at PPA offices.
Once the certificates in question are blocked, it will not be possible to use affected ID cards for the purposes of authentication or digital signatures until their certificates are renewed. Regardless, ID cards will not lose their validity as photo ID or travel documents.
According to ERR's information, the RIA is waiting to block the certificates until the majority of the so-called "heavy users" of ID cards have renewed their certificates.
Nonetheless, many holders of vulnerable ID cards received a message from the PPA Tuesday night stating that it would not be possible to renew their card's certificates remotely.
"You can renew your ID card exclusively at PPA service points," the message from the PPA read. "The certificates of ID cards vulnerable to the security risk will be blocked at the beginning of November. After these certificates are blocked, e-services cannot be accessed or digital signatures given with the ID card until you have renewed your ID card's certificates at a PPA service point."
800,000 cards vulnerable
A total of 800,000 cards are vulnerable to the detected security risk, 500,000 of which are in active use as digital IDs. According to the director general of the PPA, 45,000 cards are in very intensive use.
Police have urged residents who actively use their ID cards as electronic ID to also sign up for the SIM card-based Mobile ID, which is unaffected by the security risk.
For security reasons, Estonia will restrict the electronic use of the ID cards beginning the second week of November. The certificates associated with the cards affected by the security risk will be revoked on April 1 next year, which means that holders of affected cards must apply for a new card if they have not updated their current cards in the meantime.
On Aug. 30, an international group of researchers informed the RIA that they had discovered a security risk affecting all ID cards issued in Estonia beginning in Oct. 2014, including ID cards issued to Estonian e-residents.
ID cards issued prior to Oct. 16, 2014 used a different kind of chip and are not affected by the current risk. The security risk likewise does not affect Mobile-ID users.
Editor: Aili Vahtla