ID-cards affected by the security risk can be renewed from November
The State Information System Authority has developed a security software making it possible to renew the information on ID-cards, residence permits, and digital IDs from November.
‘We are currently testing the application and we have also distributed test cards to banks so they could test its compatibility with the e-services. The new software program allows people to renew their ID-card certificates from their home and according to the plan, the process of renewing the certificates will start in November this year,’ said Margus Arm, eID Domain Manager and head of work group of the Information System Authority (RIA).
ID-card certificates can be renewed from home or work computer over a period of two months, until the end of December. To renew the certificates, the person has to download the newest version of the ID-card software to their computer and follow the on-screen instructions. From January to the end of March, the certificates can be renewed only at the service points of the Police and Border Guard. In April certificates associated with cards affected by the security risk will be revoked.
‘We are already making preparations to prolong the opening hours of the service points of the Police and Border Guard both in the evenings and at the weekends from November, and to open additional service points for this period. The most convenient option is to renew the certificates at home by following the instructions, but our employees are ready to help and provide advice also in the service points,’ said Margit Ratnik, Head of the Identity and Status Bureau of the Police and Border Guard Board.
People who do not have mobile-ID but use their ID-card regularly for e-services should renew their certificates as soon as possible. ‘Right after launching the process of remotely renewing the certificates at the beginning of November, we will restrict the use of non-renewed ID-cards. This means that an ID-card cannot be digitally used before its certificates have been renewed. In order to make the use of e-services smoother at the beginning of November, I would recommend active users to start using mobile-ID in October. Considering the number of certificates that need to be renewed, as well as the servers' capability, the workload may be very high at first,’ Margus Arm stressed.
People who do not use their ID-card electronically do not necessarily have to renew the certificates because the card as an identity document is valid until the date specified on it. Additionally, the renewal of certificates does not apply to those whose ID-card has been issued before October 2014.
Taimar Peterkop, the Director-General of RIA, said that the Estonian ID-card and its digital solutions are still safe but efforts must be made to maintain this security. ‘Today, there are no reports of any theft of digital identity, but we will not wait for the first case. We will do everything we can to eliminate the risk as quickly as possible.”
RIA will make an announcement of the launch of the renewal of ID-card certificates and provide specific instructions before the software is released, at the end of October or the beginning of November at the latest.
On 30 August, an international team of researchers informed the Information System Authority (RIA) of a security risk affecting ID-cards issued in Estonia since October 2014 (including cards issued to e-residents), i.e. about 750,000 cards altogether. ID-cards issued before 16 October 2014 have a different chip and are not affected by this risk. This security risk does not apply to mobile-ID.
More news on the same subject
From 1 January 2019 at the latest, the offices of the Police and Border Guard Board (PBGB) will be issuing new ID cards with a new design as well as new security features and a contactless interface.
Today and tomorrow, the international eID Forum will be held in Tallinn Creative Hub, focusing on the future issues of electronic identity and IT solutions.