I can't believe I get to say this: I actually worked on the pre-cursor to this card!<p>The project was started in 2001 and was to develop ID cards for immigrant workers that regularly crossed the border for work. The purpose was to create an ID card that could not be forged or tampered with.<p>The cards looked very similar to those in section 3.1 -- identifying information and a picture, with a passport-like encoding. Unlike the picture in section 3.1, all of the information was placed on the front of the card. When a new card was produced, the software created a cryptographic hash of the identifying information and the picture which was stored both on the card's mag-stripe and in a central database.<p>When users were authenticated at the border, the card was placed face-down on an optical scanner much like you see at airports today. The software then computed a hash of both the personal information and the picture. In offline mode the system would compare the hash only to the hash on the mag-stripe, but in online mode the system would connect to the central database to verify the mag-stripe hash matched and existing entry in the central database.<p>I think the Estonian government used that system for two or three years.<p>The best part of this setup was that the system did not in any way create a national registry. Instead, it proved the the ID (token) was not tampered with and that the token had indeed been created by a registered government authority.<p>Funny story: In early testing, I created an ID using my manager's name and a photo of my co-worker's ass. I still have the card at home somewhere. Who knows... it may still be in the database!
End of section 2.4 contains this gem, "The manufacturing of ID cards has always been a closed, non-transparent activity, not open to scrutiny even to the manufacturer’s contracting partner – the Estonian state. The personalization protocols and procedures have never beenpublicly documented, leaving the security aspects of this process to bedetermined by the competency of the ID card manufacturer. As described inSection 6.8 of this work, this lack of supervision oversight allowed the ID cardmanufacturer to engage in activities that compromised the ID card securitywithout it being detected for years."<p>Card personalization is the bootstrapping problem, and there is another one with potentially hostile readers creating DoS conditions. I've worked on ID cards and digital identity in a few areas in both private and public sectors, and the threat model basically disappears into a cloud of spooky agencies, and it comes out the other end as a vague consensus to just move forward. If you think voting machines are unreliable you haven't seen anything until you've looked into digital identity, as it's a massive host of unresolved political problems tossed over the fence onto technologists, and then laundered back through opaque entities like the ones in this doc, then presented as a good idea.<p>My impression of identity is it's not a technology problem, but there are lots of people who will take your money to let you say that it is.
For context, this is the PhD thesis of Arnis Paršovs [0], a cyber security researcher who has written on topics pertaining to the Estonian electronic ID system since as early as 2013. You would be hard pressed to find many people more familiar with the matter — even the public government reports aren't as detailed as this is.<p>[0] <a href="https://www.etis.ee/CV/Arnis_Parsovs/eng" rel="nofollow">https://www.etis.ee/CV/Arnis_Parsovs/eng</a>