The Police and Border Guard Board (PPA) is demanding €152 million from ID card producer Gemalto. More than 700,000 ID cards were found to present a security risk to their holders, as the code keys for the cards' chips had been generated not on the card, but externally, creating the risk of someone potentially abusing this information.
The PPA submitted a claim to the effect to Harju County Court on Thursday, demanding a contractual penalty in the amount of €152 million.
Deputy Director General of the PPA Krista Aas said in a press release that to guarantee the security of the Estonian ID card it is important that the private code key to each individual card is generated on the card's chip and not externally. "But it turned out that our partner in this contract had violated this principle for years, and we see this as a very serious breach of contract."
Aas went on to say that analysts of Estonian software developer Cybernetica "clearly showed that such a breach could only take place with the contract partner's knowledge and deliberate action."
The PPA is filing separate claims in each case where they see a breach of contract, as the matters in question are "both legally and technically very complicated," Aas added.
Given the complexity of the different issues, the PPA wants to isolate every incident very clearly. "That is why we decided to submit claims for each individual breach."
The first claim filed with the Harju County Court, then, is the issue of ID card code keys having been created externally, which created a situation in which individual card holders were put at risk, and where the same could be said for Estonia's reputation and image also, Aas stressed.
Editor: Dario Cavegn