The Police and Border Guard Board (PBGB) invites people whose ID-card was issued last year to PBGB service points to renew the electronic component of their ID card. People who do not use their card for electronic purposes do not have to renew the document.
„We work hard to offer the best possible technological solutions for the Estonian ID card," said Merike Jürilo, Deputy Director on Citizenship and Migration of the Police- and Border Guard Board. "As technology is changing rapidly, but cards issued stay the same during their five years of validity period, we decided to renew the electronic component of the ID card based on assessments given by experts from the Estonian Information System's Authority."
„During a routine ID card analysis process we discovered that one of the electronic security measures of the ID card needs to be renewed," said Kalle Arula, Deputy Director of the Estonian Information Systems Authority. "ID card users have no reason to be concerned. The card is secure and all transactions made with the card are fully reliable. The assessment points to only one of many security measures - all other security components are still of high quality. To illustrate, the situation can be compared to a secure door with many locks. We see the need to renew one of the locks. As all other locks stand strong, it is not possible to break in."
Kalle Arula emphasized that security is not a constant status but a goal that requires constant work. "The ID card has served us successfully for over 10 years, which is a very long time in the IT world. During these years, the card has not been electronically compromised. In order to ensure the ID card system remains as secure in two or five years, we are constantly analysing potential future risks and preempting them by always recommending the highest level of security for the card."
The 2011 ID-cards can be renewed starting today in all PBGB service points across Estonia. During coming months, the PBGB will send these card owners a personal invitation to renew the document via e-mail and regular mail. The first invitations will be sent to people who are most frequent electronic users of the card. About 40 000 people have used the card electronically at least at once. Alltogether, 120 000 cards were issued in 2011.
Merike Jürilo does not consider sensible to shorten the five-year validity period of the card but, because of the fast developing technology field, PBGB might also use the possibility to renew cards during their validity period in the future.
"A presentation held at the conference "Crypto 2012" provides a good example of how the security knowledge is constantly evolving. The paper in question touched upon standards also used in the ID-card. This paper did not discover any methods for compromising the Estonian ID card, but does showcase the importance of cooperation in monitoring developments and analysing the impact of these developments." Arula added.
Merike Jürilo reiterated that the ID-card is as secure as its usage. It is always important to follow basic security requirements: "Do not give your card or its PIN codes to strangers, do not write the PIN code on the card or keep the code and card together in one place. The card should be removed from its reader after use."
People who received their card last year can turn to PBGB service points to renew their card starting today. It is not necessary to present the invitation from PBGB. Information on the locations and opening hours of the service points can be checked from the website www.politsei.ee or contact Estonian Police and Border Guard Board client support at [email protected].
People who do not use their 2011 ID card electronically do not have to renew the document. In March 2013 the certificates of these cards will expire and their electronical use will not be possible until renewed. However, cards with deferred certificates can still be used as a physical identity document.
Police and Border Guard Board
Link to the news