Solving the Estonian ID Card Crisis: the Legal Issues

In: ISCRAM 2020 Conference Proceedings - 17th International Conference on Information Systems for Crisis Response and Management; Blacksburg, Virginia (USA), May 2020, pp. 459−471

13 Pages Posted:

See all articles by Arnis Parsovs

Arnis Parsovs

University of Tartu - Institute of Computer Science

Date Written: May 2020

Abstract

In 2017, Estonia experienced a cyber crisis caused by a vulnerability found in the smart card chips produced by Infineon Technologies AG. Since the affected chip was used in the electronic identity card (ID card) issued by the State to more than half of the Estonian population, the vulnerability posed a risk to the resilience of Estonian e-state and thus quickly escalated into a manageable crisis. This work studies to what extent, in such a national emergency, the involved parties were able to precisely follow the applicable laws and regulations in the field. We enlist the cases where the requirements were not fully followed, either due to the lack of technical preparedness, suboptimal decisions made under heavy time pressure, or the critical nature of the situation.

Keywords: Cyber Resilience, Electronic Identity, Cyber Legislation, eIDAS

JEL Classification: L86

Suggested Citation

Parsovs, Arnis, Solving the Estonian ID Card Crisis: the Legal Issues (May 2020). In: ISCRAM 2020 Conference Proceedings - 17th International Conference on Information Systems for Crisis Response and Management; Blacksburg, Virginia (USA), May 2020, pp. 459−471, Available at SSRN: https://ssrn.com/abstract=

Arnis Parsovs (Contact Author)

University of Tartu - Institute of Computer Science ( email )

Estonia

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
4
Abstract Views
21
PlumX Metrics