Security flaw forces Estonia ID 'lockdown'

Image source, Getty Images

Estonia is to block thousands of citizens from accessing online government services from Saturday while it works to fix a security flaw.

A problem with the country's national identity cards was identified earlier this year, affecting 760,000 people.

The flaw could let attackers decrypt private data or impersonate citizens.

Those who have not had their cards updated with new security certificates will no longer be able to use them to access some services from midnight.

Estonia's digital ID system lets citizens access government and some private services such as medical records, voting and banking.

But security researchers found the encryption used in the ID cards was easily cracked which could, if exploited, let attackers impersonate people.

"As far as we currently know, there has been no instances of e-identity theft, but the threat assessment of the Police and Border Guard Board and the Information System Authority indicates that this threat has become real," Juri Ratas.

From midnight, only cards that have been updated will continue to work online.

Some citizens had complained that updating their ID card had taken a long time, with the online service often overloaded.

"Spent hours over two days trying to update my ID card as per govt/MFA instructions. Still trying..." said Theresa Bubbear, Britain's ambassador to Estonia, on Thursday.

This weekend, only "people who use their digital ID cards to provide vital services", such as medical professionals, will be able to update their digital ID online.

From Monday, the system will be opened back up to everybody. All cards must be updated by March 2018.

"The functioning of an e-state is based on trust and the state cannot afford identity theft happening to the owner of an Estonian ID card," said Mr Ratas.