Postimees’ sources suggest that the suspicion concerning the security of Estonian ID-cards comes from Czech scientists scheduled to publish their work in October.
The study looked at chips by a lot of manufacturers, including Germany’s Infineon Technologies AG cards of which manufacturer of ID-cards, Swiss company Gemalto, has been using since October of 2014.
The researchers claim that by utilizing a new kind of mathematical approach they found that the chip used in Estonian ID-cards generates weaker keys than the standard prescribes under certain circumstances. A weak public key makes it easier to derive the secret key that can then be used to compromise someone’s online identity.
“The scientists were testing new mathematical theories,” said technology advisor at the State Information System’s Authority (RIA) Mark Erlich. “They discovered that certain theorems work with one specific product – the key generator produced weaker keys in laboratory conditions.”
The sides will not publish exact test conditions for security reasons.
The highly theoretical vulnerability concerns 750,000 Estonian ID-cards that may or may not include those that exhibit the anomaly. RIA has asked a number of scientists to help it determine whether the Czech colleagues’ theory applies to Estonian ID-cards.
Why did the prime minister make such a strong statement in a situation where the threat is highly theoretical?
Erlich said the reason is twofold. Recent ID-card anomalies have been due to mistakes in manufacturing. RIA recently had to cancel 15 cards due to a corresponding concern. Manufacturing errors are few and happen seldom. What the Czech scientists found theoretically concerns 750,000 cards. “The danger is not acute; however, it is broad and not under our control,” Erlich explained.
Estonians were quickly told by Gemalto AG that the firm is aware of the vulnerability. Gemalto has worked with the Czech group before and is likely a partner in the research project that brought the fault to light.
Estonia is feverishly searching for a solution. Deputy head of RIA Andrus Kaarelson said that working groups tasked with ruling out the theoretical weakness are meeting every day. “The workgroup is still analyzing and putting together initial versions for possible solutions. Rather we will alter our ESTeID application to make sure the vulnerability doesn’t concern Estonia.
In other words: the ESTeID application would be updated to work around the faulty part of factory software.
Remotely updatable software would make it possible to keep all ID-cards in use. Even if some users fail to update their card software, the next generation of ID-cards will arrive in late 2018, early 2019.
RIA doesn’t seem to be unanimous in terms of the severity of the threat. The agency’s specialists who talked to the press yesterday were reluctant to say whether they believe the government and the electoral committee should cancel e-voting. RIA Director General Taimar Peterkop played it safe when he suggested the electoral committee not allow e-voting this time.
The seven-member National Electoral Committee decided unanimously that there is no threat to make e-voting unsafe at this time. Committee chairman Meelis Eerik said that dropping e-voting would be peculiar in a situation where RIA and the government have publicly said the Estonian ID-card is still secure.
The decision is not set in stone yet: the committee can suspend e-voting or annul election results should new evidence come to light over the coming weeks.
The Conservative People’s Party (EKRE) said it is considering whether to contest the committee’s decision in court.
“If there is a possibility Russian special services will crash the entire election or alter results on a mass scale, it is utterly irresponsible to go ahead with e-voting,” head of the EKRE Riigikogu faction Martin Helme told ERR news.
The decision has predictably also split the ruling Center Party. Deputy Chairman Jaanus Karilaid said that should it prove impossible to assuage society, e-voting should be canceled. “Elections are anonymous, and there should be no room for suspicions of manipulation,” he said.