Video: How Estonia recovered from ID card hack
Despite Estonia's recent cybersecurity crisis, which also affected its e-residents, the number of digital identity applications received by the tiny Baltic state continues to grow.
Last September, Estonia's prime minister Jüri Ratas called a special press conference to inform the public of a potential security threat that affected almost 750,000 ID cards issued in the past three years, including thousands of e-resident ID cards.
Like the citizens of Estonia, e-residents had to quickly renew the certificates of their ID cards to eliminate the danger of identity theft.
Although a bigger crisis was averted and, according to the state, no instances of e-identity theft occurred, the director of the e-residency program Kaspar Korjus tells ZDNet that the potential security vulnerability presented a huge challenge for the e-residency program.
"On our side, we communicated a lot to the e-residency community by email and blogposts to guide them through the process of the software update. E-residents are full members of our digital society, so they need to have the same access to information as any citizen or resident," he says.
"We also recommended solutions such as Smart ID for anyone needed access to banking. And our team was fully dedicated to provide support for any e-resident who was contacting us."
Despite the extent of the crisis, Korjus says lessons are always learnt from such events.
"The Estonian government has no intention of letting a good crisis go to waste, as the saying goes, and will use this as an opportunity to carry out further robust development of e-services," he says.
"The vulnerability and the update of the ID card certificates have already forced the government and private companies, who provide around 5,000 e-services, to think about new and even more sophisticated security arrangements for their services, find even more convenient alternatives, and implement updates at a fast pace."
He believes the ID card crisis hasn't frightened off new applicants for e-residency.
"On the contrary, the number of applications has significantly increased during recent months. Each week we receive more than 300 applications. Also, the number of companies applying has been the highest ever over the past few months."
Estonia's e-residency program was launched in December 2014. It is a government-issued digital identity that gives a person an opportunity to run an EU-company online from anywhere in the world.
According to an analysis prepared by Deloitte, in the first two years of full operation, it has returned to Estonia €14.4m ($17.6m), of which €1.4m has been net proceeds and €13m indirect socioeconomic net proceeds.
"At the end of the third operating year of the e-residency program, we have 27,000 e-residents from 143 countries who have in total created 2,847 new companies -- in total, more than 4,300 companies have e-residents as owners -- and paid €2.8m in labor taxes," Korjus says.
Although the e-residency application process takes place online, the e-resident still has to pick up his or her ID card from an embassy. The limited number of locations where they can collect their card overseas has also been one of the biggest challenges for the expansion of the program.
To tackle this problem, from December 2017, the e-residency project started a pilot in South Korea to issue e-resident digital ID cards locally from certified visa application centers.
"Within the first six months, the plan is to be serve 500 e-residents from South-Korea who want to expand their businesses into the EU," Korjus says.
"But the more important aspect of this is to have a successful pilot and collaboration with a private-sector partner who conducts face-to-face meetings on behalf of our government. If this succeeds, then we can expand our locations rapidly."
In future, the project can be expanded to many more locations around the world where there is high demand for e-residency, but where people have difficulty reaching an existing pick-up location.
"We have a growing community of e-residents in Bangalore, for instance. It would be more convenient for them to be able to pick up their card there, instead of going to the capital city of their country."
Although Korjus acknowledges that having more partners overseas increases the security risks, he also points out that many countries partner with third-party service providers to issue official documents.
"Security is always Estonia's top priority, and the state ensures that its partners have the same level of requirements," he says.
"Estonia is also up weighing the option of visa application centers issuing documents to Estonian citizens in the future, so that Estonians living around the world can also obtain their documents more easily."
Next year the program expects to have extra 20,000 e-residents and 2,500 new companies. At the same time, Korjus is working already on a new challenge, the details of which will be unveiled this year.
"Our e-residency team is planning to work on discovering whether Estonia can become the best country for ICOs. Consequently, we need to be very clear on the matters of regulations, KYC, taxation, banking, best practices for those companies who desire to launch their token sales.
"It may include also adapting some regulations and building further partnerships with private sector but we are fully ready to address these challenges," he explained the plans.
Previous and related coverage
Estonia is built on secure state e-systems, so the world was watching when it hit a huge ID-card problem.
Early next year, Estonia rolls out its new Smart-ID digital identity system, which is not dependent on a SIM card and can be used around the world.
With the security of its 60 million national ID smartcards in question, Spain faces some tough choices.