Thank you. While this document is a complicated read, it does get to the problems. 🙂
> More worrying, and not limited to 120,000 faulty cards affected, is a core design feature regarding the way private encryption keys were generated and handled. The ID card’s private encryption key used to authenticate digital signatures should be generated inside the card chip to ensure only that card knows it – a good example of privacy by design. Instead, keys were generated in a server operated by the card manufacturer and copied to the card over the internet.
> Another software bug was reported in which the same private key was copied to several different ID-cards, allowing cardholders that were assigned non-unique private keys to use one another’s identity.
Also, there seems to be a political problem on the horizon, because the recently started mandatory collection of fingerprints by PPA is most likely illegal (and besides being illegal, was introduced without the consent of the people) – it just hasn’t been found illegal yet in a court of law. 🙂
> The use of biometrics when registering is optional, but there are talks of turning to fingerprints for authentication when using ID cards instead of PIN codes.
I was going to say that our transparency exists mostly on paper, but the makers of the report have already noticed that too. 🙂
> It took the Estonian government 9 months to communicate they handed out 120,000 ID-cards with no usable PIN authentication, which is arguably more worrying than the failure itself. Since then all those affected have had their cards replaced.
Also, what goes on in private companies stays oftentimes behind closed doors, and if case of public infrastructure, that should not be so.
> the contracting of private companies to develop components of a technology stack adds an additional layer of opacity to the design and processes. For Estonia this layer was so thick that not even the government was able to observe or scrutinise decisions made by its contractor Gemalto (now part of Thales Group). Governments need to ensure that an external private agent is not trampling on important safeguards and is subject to scrutiny and held accountable.
1 comment
Thank you. While this document is a complicated read, it does get to the problems. 🙂
> More worrying, and not limited to 120,000 faulty cards affected, is a core design feature regarding the way private encryption keys were generated and handled. The ID card’s private encryption key used to authenticate digital signatures should be generated inside the card chip to ensure only that card knows it – a good example of privacy by design. Instead, keys were generated in a server operated by the card manufacturer and copied to the card over the internet.
> Another software bug was reported in which the same private key was copied to several different ID-cards, allowing cardholders that were assigned non-unique private keys to use one another’s identity.
Also, there seems to be a political problem on the horizon, because the recently started mandatory collection of fingerprints by PPA is most likely illegal (and besides being illegal, was introduced without the consent of the people) – it just hasn’t been found illegal yet in a court of law. 🙂
> The use of biometrics when registering is optional, but there are talks of turning to fingerprints for authentication when using ID cards instead of PIN codes.
I was going to say that our transparency exists mostly on paper, but the makers of the report have already noticed that too. 🙂
> It took the Estonian government 9 months to communicate they handed out 120,000 ID-cards with no usable PIN authentication, which is arguably more worrying than the failure itself. Since then all those affected have had their cards replaced.
Also, what goes on in private companies stays oftentimes behind closed doors, and if case of public infrastructure, that should not be so.
> the contracting of private companies to develop components of a technology stack adds an additional layer of opacity to the design and processes. For Estonia this layer was so thick that not even the government was able to observe or scrutinise decisions made by its contractor Gemalto (now part of Thales Group). Governments need to ensure that an external private agent is not trampling on important safeguards and is subject to scrutiny and held accountable.