Estonian ID card security risk calls into question security of e-elections

Please note that the article is more than five years old and belongs to our archive. We do not update the content of the archives, so it may be necessary to consult newer sources.
Photo: Erik Prozes / Postimees

A security risk which has been identified with 750,000 Estonian ID cards issued after Oct. 16, 2014 calls into question the security of e-elections and the decision regarding whether e-elections will take place this fall or not must be made by the National Electoral Committee.

The security risk calls into question the security of casting an online vote at elections using an ID card, while Mobile ID can probably used to cast a vote, a press officer for the Office of the Prime Minister said.

Whether the ID card can be used to cast a vote during the municipal election taking place in October will be decided by the National Electoral Committee. At the same time the Information System Authority (RIA) says that it is theoretically possible to steal a person's identity using the security gap, although that would require extensive knowledge and monetary resources.

RIA has notified the National Electoral Committee about the problem.

The Estonian Information System Authority (RIA) said that an international group of researches on Aug. 30 notified RIA of the detection of a security risk which affects ID cards issued in Estonia after October 2014. The potential security risk affects ID cards issued after Oct. 16,  2014, including cards issued to e-residents, which number approximately 750,000. Cards issued before that date feature a different chip and are not affected by the fault.

The risk does not affect Mobile ID. No actual identity theft has taken place and the ID cards continue to be functional.