Estonia is blocking access to its online identity authentication services because of a security issue affecting the country's ID smartcards.
More than 760,00 citizens, residents and foreign nationals with e-residency will be unable to identify themselves to government services until the security issue is fixed.
The disruption to those services will be an embarrassment for the nation's lauded e-Estonia movement, which seeks to offer formal regulatory activities online.
The Estonian government has been the target of both applause and mockery over a nation-wide online system which holds citizens' identities.
The online identity authentication system allows citizens access to a range of services including banking, voting and their health records over the web.
Its e-residency scheme allows foreign nationals to be subscribed with government services, although it does not provide them with the statutory rights of citizenship.
A serious flaw affecting the ID smartcards that citizens can carry as physical tokens authenticating their identities has meant that these services will not be able to be accessed starting from midnight.
The issue affected the encryption used in a number of products manufactured by German company Infineon, which has designed an update to fix the problem.
The update needs to be applied, however – and Estonia will be blocking access to its online services for everyone who fails to update their smartcards.
The UK's ambassador to Estonia, Theresa Bubbear, tweeted: "#eEstonia losing its shine? Spent hours over 2 days trying to update my ID card as per govt/MFA instructions. Still trying…"
Police and border guard service officers have been reportedly swamped over the past two days by crowds seeking to get their ID cards updated.
Despite the vulnerability being discovered in Infineon products earlier this year, Estonia is only seeking to fix its smartcards now.
The Estonian government and Infineon denied that the security flaw had been exploited by hackers, but officials in Tallinn said the threat had been "elevated".
Prime Minister Juri Ratas said: "The functioning of an e-state is based on trust and the state cannot afford identity theft happening to the owner of an Estonian ID card."
In a statement, the government added: "We are sorry for inconvenience caused by this issue, but protecting the integrity of your digital identity must come first."
Estonia is blocking access to its online identity authentication services because of a security issue affecting the country's ID smartcards.
More than 760,00 citizens, residents and foreign nationals with e-residency will be unable to identify themselves to government services until the security issue is fixed.
The disruption to those services will be an embarrassment for the nation's lauded e-Estonia movement, which seeks to offer formal regulatory activities online.
The Estonian government has been the target of both applause and mockery over a nation-wide online system which holds citizens' identities.
The online identity authentication system allows citizens access to a range of services including banking, voting and their health records over the web.
Its e-residency scheme allows foreign nationals to be subscribed with government services, although it does not provide them with the statutory rights of citizenship.
A serious flaw affecting the ID smartcards that citizens can carry as physical tokens authenticating their identities has meant that these services will not be able to be accessed starting from midnight.
The issue affected the encryption used in a number of products manufactured by German company Infineon, which has designed an update to fix the problem.
The update needs to be applied, however – and Estonia will be blocking access to its online services for everyone who fails to update their smartcards.
The UK's ambassador to Estonia, Theresa Bubbear, tweeted: "#eEstonia losing its shine? Spent hours over 2 days trying to update my ID card as per govt/MFA instructions. Still trying…"
Police and border guard service officers have been reportedly swamped over the past two days by crowds seeking to get their ID cards updated.
Despite the vulnerability being discovered in Infineon products earlier this year, Estonia is only seeking to fix its smartcards now.
The Estonian government and Infineon denied that the security flaw had been exploited by hackers, but officials in Tallinn said the threat had been "elevated".
Prime Minister Juri Ratas said: "The functioning of an e-state is based on trust and the state cannot afford identity theft happening to the owner of an Estonian ID card."
In a statement, the government added: "We are sorry for inconvenience caused by this issue, but protecting the integrity of your digital identity must come first."
