Tallinn Administrative Court on Thursday rejected an appeal by ID card manufacturer Gemalto AG against Estonia’s Police and Border Guard Board (PPA), which will allow the latter to continue with preparations for the manufacture of new electronic ID cards. “Today’s decision by Tallinn Administrative Court not to satisfy the complaint of Gemalto AG regarding the procurement procedure for the contract to manufacture ID cards means certainty for the PPA that we can move forward with preparations for the fulfilment of the agreement on the manufacture of ID-cards concluded in spring,” said Margit Ratnik, head of the Development Department of the PPA. The police authority is planning to begin issuing electronic ID cards with new security elements and a new design, manufactured by the company Idemia, in fall 2018.
Articles about voting issues in the Republic of Estonia.
Estonia, where citizens use their digital identity to get access to government services online, has identified a security flaw in 760,000 digital ID cards. Estonia shut down access to online services last weekend due to an encryption vulnerability in the chips of affected smartcards. The security issue was first identified in September, and plagues other cards, chips and systems made by the card manufacturer. While the manufacturer has resolved the problem last month, Estonian owners of affected cards still needed to apply for updated certificates. Police stations and other government offices were packed with citizens trying to update their IDs, mostly due to the fact that the online service for updates kept crashing last week.
For the past two and a half months, Estonia has been facing the biggest security crisis since a wave of cyberattacks hit its banks and critical national infrastructure in 2007. At the heart of the current debacle is the latest version of its national ID card, which has been a mandatory identification document for citizens of Estonia since 2002 and serves as a cornerstone of Estonia’s e-state. The hardware behind the ID cards was found to be vulnerable to attacks, which could theoretically have led to identity thefts of Estonian citizens and also e-residents, something which its government has denied occurring.
Estonia has suspended its digital ID cards for residents and overseas “e-residents” after discovering a security flaw that could lead to identity theft. It is estimated that about 760,000 people in Estonia were affected, or about half of the nation’s population. According to Reuters, the eID chip was manufactured by German semiconductor manufacturer Infineon Technologies. For security reasons, Estonian authorities immediately blocked access to the digital services of the eID card until owners can update to a new security certificate, the Hong Kong Economic Journal reported. They have until March 2018 to do so.
Estonia’s police and border guard service offices have reportedly been swamped with people seeking to obtain new eID cards.
About 12 years ago, Estonia, a country in the Baltic region of Northern Europe, launched its eID programme which can serve as an ID card to travel within the European Union and can be used for filing tax claims, online voting, electronic prescriptions and logging into bank accounts.
Full Article: Estonia blocks eID card services after security flaw found.
Estonia has frozen the digital ID cards for its popular e-residency programme, two months after discovering a major security flaw that could enable identity theft. The ID cards are used by Estonian citizens and foreign “e-residents” and underpin services like banking, online voting, tax, medical records, and travel. The e-residency programme is also popular with British entrepreneurs who want to set up their company within the EU, particularly after the Brexit vote. According to Wired, more than 1,000 UK entrepreneurs have applied for the programme so far.
Estonia’s residents use their mandatory national IDs to access pretty much anything, from online banking to online voting. So, it was a huge blow to the program when experts found a security flaw in the chip the ID used that makes it possible for bad players to impersonate and steal the identities of all 760,000 affected individuals. That might not sound like a huge number, but that’s half the small country’s population. Now, the country has blocked most of its residents from accessing all its online services for a weekend, so it can go in and and fix the vulnerability.
Estonia plans to block access to the country’s vaunted online services for 760,000 people from midnight on Friday to fix a security flaw in some of the Baltic country’s identity smartcards that was identified earlier this year. Estonia is seen as a leader in providing government services online and has championed the issue within the European Union in recent years, and the security issue leaves it with its much-touted digital IDs in an awkward position. A nation-wide online identity system allows citizens access to most government and private company services via the web, including banking, school reports, health and pension records, medical prescriptions and voting in government elections. But Estonia’s online ID service ran afoul of an encryption vulnerability identified by researchers earlier this year that exposes smartcards, security tokens and other secure hardware chips made by the German company Infineon.
Estonia: A test case for Russian hacking threat – e-voting grows despite tampering concerns | Global Journalist
Tiny Estonia might seem an unlikely place to see the future of technology. With just 1.3 million people, the country has fewer people than San Diego and is just three decades removed from Soviet rule. But “E-stonia,” as its known, has also brought the world Skype as well as up-and-coming startups like robotics firm Starship Technologies and payments provider TransferWise. Yet Estonia’s technology prowess has also made it something of a laboratory for the dangers of the threats posed by hackers backed by neighboring Russia. In a country where 90 percent use online banking, 95 percent file taxes online and 30 percent cast their ballots from a computer, Estonia is a target-rich environment for cyberattacks. Indeed the NATO-member country is the site of what may have been the world’s first politically-motivated digital attack in 2007. In that year, Estonia angered Russia by relocating a World War II era memorial to Soviet troops. Soon, the networks of government ministries, banks and leading Estonian newspapers went down, the result of a massive and sophisticated botnet attack.
The Supreme Court of Estonia rejected the appeal of the Conservative People’s Party of Estonia (EKRE) of the National Electoral Committee’s Sept. 6 decision not to ban electronic voting at the local government council elections taking place next month. The Supreme Court explained that, according to the Local Government Council Election Act, the National Electoral Committee has the right not to start electronic voting if the security or reliability of the electronic voting system cannot be ensured in such way that electronic voting could be conducted pursuant to the requirements of the act. The National Electoral Committee is not, however, required to cancel e-voting if it receives information indicating the possibility of adverse consequences.
The Conservative People’s Party of Estonia (EKRE) has submitted an appeal to Estonia’s National Electoral Committee challenging the committee’s decision to allow e-voting in the local elections this October despite a detected security risk that could affect 750,000 ID cards. According to EKRE parliamentary group chairman Martin Helme, the party finds that the Sept. 6 decision of the National Electoral Committee to still allow e-voting in the upcoming elections opens them up to vote manipulation and the influencing of election results, party spokespeople said. The party is seeking to have e-voting called off and the elections to be held with paper ballots exclusively.