Solving the Estonian ID Card Crisis: the Legal Issues
In: ISCRAM 2020 Conference Proceedings - 17th International Conference on Information Systems for Crisis Response and Management; Blacksburg, Virginia (USA), May 2020, pp. 459−471
13 Pages Posted: 3 Aug 2020
Date Written: May 2020
In 2017, Estonia experienced a cyber crisis caused by a vulnerability found in the smart card chips produced by Infineon Technologies AG. Since the affected chip was used in the electronic identity card (ID card) issued by the State to more than half of the Estonian population, the vulnerability posed a risk to the resilience of Estonian e-state and thus quickly escalated into a manageable crisis. This work studies to what extent, in such a national emergency, the involved parties were able to precisely follow the applicable laws and regulations in the field. We enlist the cases where the requirements were not fully followed, either due to the lack of technical preparedness, suboptimal decisions made under heavy time pressure, or the critical nature of the situation.
Keywords: Cyber Resilience, Electronic Identity, Cyber Legislation, eIDAS
JEL Classification: L86
Suggested Citation: Suggested Citation