Estonia has had to act quickly after a fault in its electronic identity cards that renders them incompatible with the latest version of Google’s Chrome web browser was uncovered.

The issue arose after Google toughened the formal control of certificates.

“The screws were turned so tight as to hit somewhat about several hundred Estonian ID cards, digital identity cards, and, there’s no denying – the e-resident cards”, said Republic of Estonia Information System Authority (RIA) analyst Anto Veldre writing in an RIA blog.

“These no longer pass Google Chrome’s tough security conditions and logging into the website is impossible”.

On September 15, the product manager of SK, Estonia's primary certification authority, Jaan Murumets, informed Google Chrome security executive David Benjamin about the issue.

Benjamin since wrote on the issue:

“Estonian IDs issued between September 2014 to September 2015 are broken and use negative moduli. They last five years and are common enough that we need to work around this bug … We can put client certificates under a slightly different codepath, so this needn't hold for all certificates forever. Then in September 2019, when the broken Estonian certificates all expire, we can purge this codepath altogether”.

Veldre added on the issue: “There’s no direct security hazard posed by these minus-bits. Setting the bits the other way round will not directly lower anyone’s privacy nor will any data leak out anywhere. It’s just not nice to ignore the standard”.

The nearly 250,000 ID cards with faulty certificates were issued during a year starting September 2014. This is the time bracket wherein all Estonia’s e-resident cards were issued.