The police will be issuing the first new ID-cards from December 3. Because French manufacturer Idemia needs more time to fill the order, the cards will become publicly available a few weeks later. Unfortunately, Estonian companies are not ready to support the new cards. Only ISP Elisa and the tax and customs board (MTA) have updated their e-services to support the new digital IDs.
Companies were given six months to adjust systems. The State Information System’s Authority (RIA) held a training in summer where it talked about what about the ID-card would change and handed out manuals.
“We realized something is wrong a month ago as there was simply no feedback. We didn’t receive questions, comments or anything else. Everyone was suspiciously quiet. That is when we realized we need to hurry if companies are to be ready in time,” said Margus Arm, head of eID development at RIA.
The situation is less critical than it seems. “But we cannot say everything is fine in a situation where we only have two services that can be used with the new ID-card a few weeks before we start issuing them,” Arm added.
Difficulties with major companies
Ideally, RIA wanted its clients to confirm readiness for the new ID-card a month ago. Margus Arm said that necessary changes are not difficult or particularly time-consuming to make.
“For companies that use ID-card-based authentication, the development should take no more than a day. Those that use digital signatures need a little more time. Things are more complicated with major corporations, like Swedish banks in Estonia for instance,” Arm said.
The expert said that major banks have a harder time introducing changes as coordination takes longer. “If you have a small online shop, your developer will simply make the required chances and you can start servicing new ID-cards. Updates move more slowly in major enterprises,” he described.
RIA has previously said that institutions and companies that offer vital services will be ready in time, but the pledge was based on feedback from clients. “No one has told us they will not make it,” Arm said. At the same time, what company would be willing to publicly admit something like that.
Head of Communications at SEB Evelin Allas said that the bank is working on it. “SEB is actively working on application updates to be able to service new ID-cards in its online environment in early December,” she said.
Coop Bank is similarly only half-way there. The bank’s marketing and communications head Tiina Tali said that additional applications will have to be developed to service the new cards. “We are actively working on them to ensure compatibility for the first users of new ID-cards.”
The E-School application is almost ready and is busy testing its systems. “We will definitely be finished in time. We are running the first tests, so people should have no problem logging in when the time comes,” said CEO Tanel Keres.
The e-tax board already supports authentication using the new ID-card. “Adding support for new ID-cards mostly required updates to existing authentication services. We are continuing sub-service tests and complementing the systems as necessary,” said MTA press representative Kaia-Liisa Tabri.
RIA takes part of the blame
“We wanted to get things rolling sooner to leave clients enough time to make changes, but it still fell to the last minute,” Arm admitted.
He said that RIA bears some of the blame as the agency initially wanted to showcase the new card in April, but test cards from the manufacturer were late. This pushed the event closer to Midsummer’s Eve which is traditionally a holiday period in Estonia.
“The ordinary citizen should not be concerned. There will be a new card with a new chip and color photo of the cardholder that can be used just like its predecessor,” Arm said. Providers of non-vital services, like companies that use the ID-card as its loyalty card, have also been contacted. “Prisma has promised to have their systems up and running in time,” Arm said. It is important to know that potential problems with using new ID-cards will be with companies and not the digital document itself.
The new ID-card also has a contactless interface, meaning that it can be used with contactless devices such as those used by Tallinn’s public transit system. Such applications will probably appear in the near future. “While the cards allow it, we will first concentrate on existing services and making sure they work,” Arm said. The security of contactless interfaces also remains questionable.
“Radio waves are transmitted over the air, and there are technologies that can be used to intercept them. Because the ID-card holds a lot of crucial data and constitutes a mandatory ID, we must first carry out thorough analyses of how to use contactless services safely,” the RIA expert said.