RIA recommends state officials use Mobile-ID to minimize security risks
Estonia's Information System Authority (RIA) is recommending all state officials who use e-services to use Mobile-ID in addition to ID cards to help minimize potential security risks associated with a weakness detected in the chips of 750,000 national ID cards.
Following the news of a detected security risk that could affect 750,000 ID cards with a newer type of chip issued after October 2014, many state officials have been recommended to sign up for Mobile-ID, a national SIM card-based form of authentication, so that their work would not be crippled should affected ID cards be voided.
Rasmus Ruuda, director of the Public Affairs Department at the Ministry of Economic Affairs and Communications, told ERR that nothing has outright changed in the working arrangements of their ministry, as they have long since recommended their employees use Mobile-ID. Each ministry has its own working arrangements, however.
According to RIA Director General Taimar Peterkop, the RIA has also long since recommended that anyone who uses e-services or leads a digital life use two secure authentication methods.
"It happens — services are interrupted for some reason, for maintenance or whatever," said Peterkop. "In this regard, it is always a good idea that people have an ID card and Mobile-ID." He added that the agency is currently also recommending that people establish an alternative authentication method and means of signing documents, if they haven't already done so.
According to the RIA director, Mobile-ID is the simplest solution to the current security risks, as it is considered just as safe as ID cards. Mobile-ID is also the only other means of providing a digital signature that is the legal equivalent of a handwritten signature.
Other forms of authentication used for various services, such as Smart-ID, are not considered equivalent to the ID card and Mobile-ID in Estonia's public sector.
State continues work on solving ID card security risk
The state has employed a variety of measures to solve the potential security risk affecting hundreds of thousands of Estonian ID cards, and a number of services which currently lack support for alternatives to the ID card are urgently developing support for Mobile-ID, Peterkop said.
"We are preparing for the worst-case scenario," he admitted. "The goal is that our digial state is not crippled, but continues to work."
Asked whether the RIA believes that this can be ensured, Peterkop replied that they will do their best and that he believes that their efforts will be successful.
Editor: Aili Vahtla