Arnis Parsovs. (2020). Solving the Estonian ID Card Crisis: the Legal Issues. In Amanda Hughes, Fiona McNeill, & Christopher W. Zobel (Eds.), ISCRAM 2020 Conference Proceedings – 17th International Conference on Information Systems for Crisis Response and Management (pp. 459–471). Blacksburg, VA (USA): Virginia Tech.
Abstract: In 2017, Estonia experienced a cyber crisis caused by a vulnerability found in the smart card chips produced by Infineon Technologies AG. Since the affected chip was used in the electronic identity card (ID card) issued by the State to more than half of the Estonian population, the vulnerability posed a risk to the resilience of Estonian e-state and thus quickly escalated into a manageable crisis. This work studies to what extent, in such a national emergency, the involved parties were able to precisely follow the applicable laws and regulations in the field. We enlist the cases where the requirements were not fully followed, either due to the lack of technical preparedness, suboptimal decisions made under heavy time pressure, or the critical nature of the situation.