Authorities in Estonia, Spain and Slovakia are trying to solve a security flaw in their eID smart cards. Last month, a flaw was found in a cryptographic software library that could possibly allow computer criminals to bypass the cards’ security. The software library is used by various types and brands of eID cards.
Update (4 January 2018): This article was updated following information supplied by Gemalto, a vendor of eID card solutions. See also the company's comments below.
Estonia is encouraging its citizens, including e-Residents, to update their smart cards and computer software. The country has opened temporary service centres in shopping malls and hospitals to make it easy for citizens to update their smartcard certificates, and has revoked all the compromised certificates. In addition, Estonia wants the involved eID solution vendor, Gemalto, to reimburse some of the costs.
The use of the same flawed crypto software library also caused headaches for authorities in Slovakia and Spain.
In October, the government of Slovakia suspended the use of affected certificates as a preliminary to replacing them. In a statement, the Ministry of the Interior explained it could not immediately revoke the certificates, as this would block mandatory electronic communication between companies and government services. In some cases this could results in reports not being filed on time, possibly causing fines or sanctions.
In Spain, the police in early November announced that it would soon suspend and then replace affected certificates. In a statement, the police explained that affected smart cards remain valid as ID cards and travel documents.