The Estonian ID-card will turn 20 next year in which context some previously classified documents were made public last week. These work to confirm experts' doubts in that while the ID-card has largely been a success story, there have been major issues that have been kept from the public over the last two decades.
Everyone remembers the ID-card crisis from 2017, while an almost equally serious problem had occurred a few years before. What guarantees do we have that something like that will not happen again?
"I see the Estonian ID-card as nothing short of a miracle. I use it, hundreds of thousands of other people use it and I urge them to continue using it. I am also very glad to see the state airing out its file cabinets and disclosing the few dirty little secrets they held," said Anto Veldre, cybersecurity expert and former State Information System's Authority (RIA) employee, who got a closer look of the incidents during his time with the agency.
RIA Deputy Director Margus Arm recently signed an order to declassify a series of documents shedding light on these problems. Arm said that disclosing incidents after the fact is better than keeping silent indefinitely.
University of Tartu research fellow, cybersecurity expert Arnis Paršovs said that he believes the state still does not have a full picture of how the manufacturer of the ID-cards manages security.
Paršovs, who hails from Latvia but has spent the last ten years living in Estonia, defended his doctoral thesis on ID-card security problems, considered the most comprehensive work on the subject, at the University of Tartu this spring.
All three assure that the Estonian ID-card, considering its scope and role, is the most successful of its kind anywhere in the world, while its 20-year journey has nevertheless seen problems of which the Estonian public has not been made aware.
"The first thing that needs to be realized is that ID-card security goes beyond the physical card and its chip. There are other procedures, public infrastructure, software etc. The so-called ID-card ecosystem is vast and many things can go wrong there," Paršovs explained.
"Knowing the technology and its life cycle, it is hardly a major surprise. Rather, I would be worried if we said that the technology has been problem-free for two decades. I fear that would simply stand for inability to find them," said Krista Aas, deputy director of the Police and Border Guard Board (PPA).
Biggest incident from a decade ago
More serious incidents started years ago, while their effects still linger. RIA penetration testers found a programming error in the Estonian ID-card software in December of 2011.
"A mistake had been made that allowed the card to be used without knowing the PIN codes. Meaning that the ID-card that is meant to be a secure device was not fulfilling that function but was rather… just a physical thing. Being in possession of the card meant being able to access what you needed to access," Veldre explained.
Arm said that this particular attack vector simply required access to someone's ID-card. "But as long as the card was in the possession of the cardholder, remained safe and sound in their wallet, it could not be misused," he said.
The vulnerability meant that the ID-card no longer required the user to enter their PIN code after it was given a specific task. It turned out that the problem concerned all approximately 120,000 ID-cards issued in 2011. The cards were manufactured by Swiss company Trüb that was later acquired by French contractor Gemalto, with both represented in Estonia by Andreas Lehmann.
The Swiss agreed to talk to Pealtnägija but refused to give an interview on camera, pointing to confidentiality clauses as well as trauma suffered as a result of ensuing events. Lehmann said that initial tender conditions and Estonia's wishes changing over time were factors, while he also admitted that a mistake was made.
Problem with state's reaction more than vulnerabilities
Critics say that vulnerabilities manifesting is hardly surprising and suggest that the state's reaction was the bigger problem – the public wasn't notified of the problem until nine months later in September of 2012, with people simply told to update their certificates inside six months: "A routine analysis of the ID-card has found that a particular security measure from 2011 requires updating," then deputy head of RIA said. "ID-card users have no cause for concern. The card and operations done using it remain secure."
Paršovs said that the state's message was contrary to the steps it was taking as a problem that does not exist does not require users to update their certificates.
Arm admitted that it might indeed look like a major problem was hushed up. "A theoretical attack where physically holding the card allowed it to be used without knowing the PIN codes remaining a possibility in the case of 120,000 cards constituted a mess. Something like that should never happen. But I suppose a security risk assessment was carried out, the situation analyzed," he added.
Veldre said that the state's course of action was discussed at length by the insiders. "Firstly, in terms of whether something like that is honest and ethical. Secondly, if we have given people a secure device that is in fact not secure at all, should they be told? Or will we allow them their blissful ignorance regarding this matter? The official narrative landed somewhere in the middle," the expert said.
Several sources said that Andrus Ansip's (Reform) government was notified, while it was ultimately decided that the theoretical vulnerability did not outweigh inconveniencing users and what would have been a considerable reputation hit if the cards were closed overnight. The last faulty certificates weren't revoked until July of 2013.
It has been suggested that everyone involved simply moved on, with documentation classified. Initially, for a period of five years, followed by another five.
"I think things would be very different if something like that happened today. There is more talk of security problems, vulnerabilities that are fixed and then disclosed. To build transparency and trust. Perhaps society was not ready for such situations a decade ago," Arm suggested.
Update comes with a bigger problem
However, this is just the beginning of the story as a new technological problem was created when ID-cards were updated.
The ID-card's private encryption key used to authenticate digital signatures should be generated inside the card chip.
"In order to ensure the uniqueness of the private key, there needs to be a single version of it generated inside the ID-card. The security protocol prescribes generating the key inside the chip and for it to never leave there," Paršovs explained.
Veldre said that ID-card documentation has always required keys to be generated inside the card, while the manufacturer opted for a shortcut when it fell behind issuing the cards.
"This particular security requirement was violated by the manufacturer. Once the updated software was installed onto the card, keys were generated in a server operated by the manufacturer and copied to the card over the internet instead of being generated locally.
Arm described it as a major problem, more so as it was done without Estonia's knowledge.
Andreas Lehmann claims that the solution was made by their local partner as the PPA required updating the card to take under five minutes. The Swiss said that he also did not know this was achieved by generating private keys off the chip.
"I would describe it purely as a manufacturing problem. Instead of telling the customer that things have gone too far, either in terms of volumes or requirements, they said "yes, sir" and kept printing new cards using methods that were utterly unacceptable," Veldre said.
Paršovs said that the vulnerability would never have been discovered had the manufacturer not made a fatal mistake. "A software error caused the same key to be copied to several ID-cards on numerous occasions. This means that cardholders could have used one another's identity," he said.
Paršovs started asking questions and even demonstrated how Toivo could pass himself off electronically as Ülle and vice versa, but the truth was either unknown or not shared for a long time. "When I discovered it, my first thought was that the authorities and the manufacturer must be aware. I only later learned that the state was not informed," the expert said.
The truth came out in pieces. The major ID-card crisis that concerned 750,000 users broke in late summer 2017. Even though the cards were manufactured by the same company, it must be emphasized that the problems were different.
If the 2011 vulnerability meant the attacker needed to get their hands on the person's ID-card, then in 2017, a person's electronic identity could theoretically be hijacked without access to the card or the user's PIN number. If the 2011 vulnerability lied in an Estonian solution, the 2017 risk was that of the chip manufacturer.
Problems not kept secret in-house
"One thing that needs to be realized is that for many industry insiders, the 2011 problem was never a secret. Experience gained during this incident – everyone had to consider what was permissible and what they would do if something like that happened again – came in handy in 2017 when the public was made aware of the manufacturer's problem," Veldre said.
He added that this was one reason the idea to keep the matter secret never crossed people's minds in 2017. "Everyone already knew how that would end, the guilt, doubts and all. The idea was never entertained."
"I would say that if it had not been for the 2011 scandal, we would have been wholly unprepared for what happened in 2017," Veldre said.
Margus Arm who came to work for RIA in 2016 and Krista Aas who became deputy director of the PPA in the spring of 2017 where both thrown right in the middle of it. A situation where the electronic identities of half the population had to be changed made international headlines.
The major crisis also caused RIA to review the 2011 incident and discover that keys had been generated outside ID-cards. "We learned of it in late April 2018. Once again, the information came to us courtesy of researchers' efforts," Aas said.
Paršovs said it is important to note that the manufacturer generated private keys outside the chip during a period of over five years and that no internal or external audit discovered it in that time. "This highlights an important risk – no one knows what the ID-card manufacturer is doing with private keys. There is no one to check that," he said.
The problem of keys being generated outside the secure chip still concerned 74,000 ID-cards of which 12,000 were still in use and were replaced by June of 2018. Estonia has no information of any of the vulnerabilities described in the article having been exploited.
Deal cut in court
The PPA filed two actions – one regarding the so-called national ID-card crisis and the other the off-chip key generation. Damage was estimated at €152 million in the case of the latter. Surprisingly, the matter culminated in a deal worth €2.2 million this year.
Aas said that the €152 million was never the extent of damages but the maximum contractual penalty amount in the contract. "As concerns damage done to the Estonian state, there is damage to reputation that cannot be measured in money. But state expenses on fixing the vulnerability and ensuring the security of ID-cards were €2.2 million," she remarked.
Both sides were clearly interested in reaching a compromise. The PPA was up against Thales Group that had taken over the previous firms and wanted a quick resolution. The content of the claim and agreement is confidential, which is reflected in Thales' comment: "We found common ground based on which to put this matter to bed in a way that satisfied both sides."
Andreas Lehmann, who became the villain in the crisis, claims that the Estonian state overlooked several warnings and agreed to compromise to avoid a potentially embarrassing and costly legal battle.
"We went to court to fix our contractual partner's mistakes and receive compensation for damages or contractual penalties. We do not find the Estonian state had any culpability in these security vulnerabilities," Aas said.
State decides to disclose documents
Why are we talking about it? The classification period of several documents was nearing its end this year based on which RIA decided to stop playing hide and seek and shared the material with Paršovs for an independent analysis.
The legal action ended in a compromise and Estonian ID-cards are today manufactured by a company called Idemia and allegedly based on much stricter standards. While Paršovs warns against putting blind faith in the manufacturer, pragmatics say it is impossible to supervise every inch of the system.
"It is a complex world where a lot of certified products are trusted. German, French and other major countries' laboratories stamp products with their certificates. Estonia does not have the capacity to do that work even better or find errors those labs missed," Margus Arm said.
Aas explained that neither Estonia nor any other country has the capacity to validate the entire technology and its security. "That is what we buy in the form of trust from major manufacturers. What we can do is draw up carefully considered contracts we use to buy that trust," she said.
Anto Veldre said that Estonia's digital system and its scope are a small miracle. "To get there, some mistakes apparently had to be made, wrong paths walked. We are where we are today, and I believe it is a grand achievement."
In summary, while it might be difficult to accept, there is no such thing as perpetual security in the extremely rapidly developing world of IT and problems and crises might also happen in the future. That is one reason why the ID-card is only valid for five years. All the persons in this story believe in and continue to use their ID-cards. Time will tell whether all skeletons have now been dragged into the light.
Editor: Marcus Turovski