Kurat võtku! Estonia identifies security risk in almost 750,000 ID cards

Tuesday 5th September 2017 18:01 GMT John Smith 19

"Estonia has often been positioned as a poster boy for digital government"

Especially by clueless British Home Secretaries (former and serving) where they are keen to stuff the idea of ID cards down the UK throat. I think Charles Clarke loved them.

Neglecting the small details of the fact the country is 1/44 the size of the UK and its bureaucracy is (by HMG's terms) virtually a greenfield site, being less than 30 years old.

TBH IIRC they did have full audit trails of anyone trying to access your personal record (can't imagine the UK Govt ever allowing that, can you?)

The question of course is how they will handle the situation now it has arisen.

Because, realistically, with an electronic ID card system it's never a case of "if" it's a case of "when" the system gets compromised (and at what scale)

6 1 Reply
Tuesday 5th September 2017 19:31 GMT Anonymous Coward

"digital government, huh?"

Why the attempt at sarcasm?

There are security issues with every form of ID, digital or otherwise, and there are systems in place to respond to those issues, as you have reported.

Some of the language in this article is inexplicably tendentious though¹, and I cannot understand why. Perhaps someone would care to explain?

¹ "Poster boy", "this is not the first time", "huh"

0 2 Reply
1. Tuesday 5th September 2017 19:44 GMT Sandtitz
  
  Re: "digital government, huh?"
  
  "Some of the language in this article is inexplicably tendentious though¹, and I cannot understand why. Perhaps someone would care to explain?"
  
  You're new here? ElReg articles usually are not written in neutral tone. Get used to it.
  
  2 2 Reply
  1. Monday 11th September 2017 16:00 GMT Anonymous Coward
    
    Re: "digital government, huh?"
    
    > You're new here?
    
    Relatively. Since 2001 or so.
    
    There is a difference between achieving a tabloid-like, humorous, even sarcastic writing, while conveying a serious message or insightful details, and simply being dismissive about something the author knows very little about, and possibly cares even less.
    
    I do not recall this being so often the case 15 years ago when, bar a few spectacular exceptions, the authors seemed to have a passing familiarity with what they were writing about, but who knows, maybe it's a generational thing.
    
    0 0 Reply
2. Tuesday 5th September 2017 19:50 GMT Doctor Syntax
  
  Re: "digital government, huh?"
  
  "Perhaps someone would care to explain?"
  
  Let me answer that with another question. Have you heard of "single point of failure"?
  
  5 1 Reply
Wednesday 6th September 2017 10:53 GMT Anonymous Coward

From Tallinn

When co. making the cards, Trüb/Gemalto changed the chip design in 2014 they also changed RNG used to calculate private key, to version which was bad and apparently made those keys reverse engineer-able with some relatively high computing power scientists used to find that problem. By closing the public key server gov. made sure that no-one can get those keys now, which of course doesn't mean someone could have harvested these before or maybe could find them 1 by 1 from devices. Sticky situation, no breaches yet they say, but elections are coming and there would have been a lot of e-voting with these cards. Not sure if they can find another way than to change all 750k cards to other version.

2 0 Reply
Wednesday 6th September 2017 13:25 GMT John Smith 19

"Not sure if they can find another way than to change all 750k cards to other version."

Think of it as the "CASE NIGHTMARE GREEN" scenario of countries that have electronic ID card systems.

It'll be good practice for when you have to do it again.

1 1 Reply