Long live Estonia a place worth moving to since they seem progressive enough to adopt a technology on a national scale. Maybe they achieve this because Microsoft is not buying their elected officials or paying others to do the same.

Estonia does indeed sound like a wonderful place to live -- if only the weather was a tad better.

Can't say the fairy tale is so perfect. Admiring those, who had the courage to make a digital ID-card mandatory, I see it as overdaring to put valid certificates on the card by default! There are over 650,000 cards out there but how many of their owners know exactly what they are carrying on their wallet? I fear, the number is dangerously low.

Until now, this has not had serious consequences - the electronic signing is not widely-used yet and possibly criminals do not feel themselves quite comfortable in this area also, but my lead to problems if i-voting comes to life, in currently planned form. In that case it may impose even threath to democracy if ignorant citizens get used to gain votes.

Actually the number of active ID-card users was recently cited as 8000, out of 650.000 issued... So Joosep-Georg is right, it is a bit early to call it a success yet.

But it is true we can use digital signatures in courts and in communication with state and local authorities, which is definitely a progess. There is a well-designed and open infrastructure that allows me to use digital signatures and I really like using it -- I actually do feel safer this way, as my non-digital signature (and identity) is probably easier to fake.

At the same time: J-G is also correct in pointing out potential problems with un-used (and un-understood) certificates. But I don't think the amount of ID-cards that can get stolen (together with PIN-codes) and not reported as "lost" by owners is far from being danger to democracy.

(and to everybody intrested in climate here in Estonia -- we are having our first snow this fall in Tallinn this morning :-)

To use somebody's digital identity one haven't to steal it ;) I bet, if during card-payment process in shop one gets asked for identification and "enter that longer PIN, to make it sure" most who have remembered the PIN codes or carrying them together with card, will do it.

E-voting gives vote-buyers possibility to make sure their "investments" are useful by "collecting" votes (eg. in rural areas) with their internet-connected laptop. We can make sure nobody can't falsify given votes but we can't prevent giving false votes.

Yes, there is possibility to re-state your vote, but again - most will not do it and mostly because of their ignorance. Lack of internet access, (dis)ability to use computers and (im)possibility to vote by regular way also support vote-buyers in this case.

Hey, guys, thanks for chiming in with local information. 8000 out of 650k sounds much more believable.

At the conference, I asked what experience they had had so far with crimes, thefts, and other perversions of the system. The answer was "None," to which we all agreed at my table really meant "none yet ... that we're saying :-)"

There's no doubt in my mind that the system will be attacked in many and various and elegant ways. The only question is when. If this was Internet cash, I'd say 10k active would be about the point of worry, and you're at that point more or less; that's what we've seen in the DGC world.

But this isn't a cash system, so I'd say it will need more active cards before persistent and popular hacking will take off. Just a guess, really, as you have to spread all those cards across a wide base of targets, which means that any given target doesn't concentrate enough users yet.

Should be very interesting. Keep us posted!

iang

Well, I did a radio interview with chief of Estonian crimi-police today -- as they have been asking for rights to make sure new comm technologies remain accessible for their surveillance -- and asked if they want to control comm why issue 650th IDcards with pretty strong crypto, is there a backdoor so you don't consider this technology a problem? He went pretty... "mummm"

Which probably was typical "no-comments-speak", unfortunately that can be understood pretty wrongly in this case (like "we are not very sure if we can keep all these NATO secrets", which in some circles is definitely not considered a joke, specially as we just had a minister of defence who managed to have a burglar break into his home and steal his portfolio with some secret docs).

But just as a matter of journalistic integrity I have now to take Joosep-Georg's sceptical position, that the system is easily hackable by establishment, until they manage to prove otherwise :-D