Estonia plans to block access to the country’s vaunted online services for 760,000 people from midnight on Friday to fix a security flaw in some of the Baltic country’s identity smartcards that was identified earlier this year.
Estonia is seen as a leader in providing government services online and has championed the issue within the European Union in recent years, and the security issue leaves it with its much-touted digital IDs in an awkward position.
A nation-wide online identity system allows citizens access to most government and private company services via the web, including banking, school reports, health and pension records, medical prescriptions and voting in government elections.
But Estonia’s online ID service ran afoul of an encryption vulnerability identified by researchers earlier this year that exposes smartcards, security tokens and other secure hardware chips made by the German company Infineon.
Infineon said last month it had resolved the problem, but the fix still means cards and equipment need to be updated. Both the Estonian government and Infineon have said there are no signs the security flaw had been exploited.
The Estonian online services would be blocked for affected digital IDs until they renewed certificates incorporating the fix, the Estonian government said in a statement.
“The functioning of an e-state is based on trust and the state cannot afford identity theft happening to the owner of an Estonian ID card,” Prime Minister Juri Ratas said.
Thursday and Friday saw crowds pack into Estonia’s police and board guard service offices to get their ID cards certificates updated while the online update service was frequently overloaded, leaving many frustrated.
Britain’s ambassador to Estonia, Theresa Bubbear tweeted late on Thursday: “#eEstonia losing its shine? Spent hours over 2 days trying to update my ID card as per govt/MFA instructions. Still trying…”