Gemalto to replace representative in Estonia

Communication between Estonian ID-card manufacturer Gemalto and the state will no longer be coordinated by Andreas Lehmann from December. Lehmann attracted a lot of attention last week when he claimed he had informed the Estonian authorities of the ID-card security vulnerability much earlier.

Press representative of the Police and Border Guard Board (PPA) told ERR that Gemalto has notified the agency in writing that it will have a new contact person from December 2 - writes

Gemalto’s recent representative, executive manager of Estonian subsidiary TRÜB Baltics AB Andreas Lehmann took to the media on November 22, claiming he informed Estonian state agencies of the ID-card security risk on June 15, much earlier than the latter have claimed.

Authorities resolutely refuted Lehmann’s claims and said they received the information from Czech researchers late on August 30 that caused them to contact Gemalto.

PPA Director Elmar Vaher said in an interview to the Geenius news portal that Lehmann did not lie to the public, and that technical matters pertaining to the ID-card were discussed in June, but added they were not connected to the vulnerability in question.

Asked whether these technical matters overlapped with the discovery by the Czech researchers, Vaher said: “No, definitely not.”

However, the director answered “absolutely” when asked whether a potential security risk was discussed in June.

Vaher could not say whether the June meeting took place in person or was conducted over Skype, nor whether it was recorded.

Information available to Postimees suggests Gemalto learned of the vulnerability from chip manufacturer Infineon on May 24.

Learning of risks in time is important as it gives participants time to address the problem before the likelihood of the risk manifesting reaches a critical level and problematic cards have to be closed.

The State Information System’s Authority (RIA) said it only received vague hints from Gemalto’s representative in June, while meetings were not recorded, explanations by RIA’s eID department chief Margus Arm and the PPA suggest.

RIA Director General Taimar Peterkop said last week that RIA received no information from Lehmann concerning ID-card security risks – neither verbally or in writing.

Estonia decided to close 760,000 problematic ID-cards in early November before most of them could be updated. Online updates took time as interaction between information systems progressed slowly. ID-card certificates were closed following a proposal by the PPA.

Software to address potential vulnerabilities was paid for by the Estonian government, not card manufacture Gemalto. Postimees’ information suggests Estonia has filed a €20 million claim against the company.

Representatives of the government have consistently referred to the incident as a “realistic theoretical security vulnerability” – something that is impossible to universally understand.

Read also more news of Tallinn on our site.

If you notice an error, highlight the text you want and press Ctrl + Enter to report it to the editor
2 views in december
I recommend
No recommendations yet


Post your comment to communicate and discuss this article.

At the Riigikogu sitting beginning at 10:00 EET on Tuesday, Prime Minister Jüri Ratas (Centre) will provide an overview of the activities of the Estonian government in the implementation of EU policies. Chairman of the European Union Affairs Committee of the Riigikogu Toomas Vitsut (Centre) will also deliver a report, and representatives of the Riigikogu's parliamentary groups will present their positions, according to a Riigikogu press release. In his rep...
Chairman of the opposition Conservative People's Party of Estonia (EKRE) Mart Helme has called on Helir-Valdor Seeder, chairman of junior coalition member Pro Patria to tie the latter's support for the state budget bill to a decision by the government not to support joining the UN Global Compact on Migration. "Pro Patria still has the chance to demand from its coalition partners [the Center Party and the Social Democratic Party (SDE)] that its stances be t...
Political news portal Politico published its list of the most influential people in Europe next year last week, with fifth place going to Estonia’s cybersecurity ambassador Heli Tiirmaa-Klaar. Tiirmaa-Klaar takes her place in between well-known Europeans, after Secretary General of the European Commission Martin Selmayr and in front of Ukrainian presidential hopeful Yulia Tymoshenko. Politico believes Italy’s populist interior minister Matteo Salvini will...
Representatives of the transport ministries of the Baltic states, Finland and Poland who met in Tallinn on Monday were of differing opinions regarding whether to remain in summer or winter time once the practice of changing the clocks twice per year comes to an end. A recent survey indicates that more than half of Estonians would prefer permanent summer time. Estonia, Latvia, Lithuania, Finland and Poland jointly acknowledged that the agreement to end the...
Ida-Viru Central Hospital is having trouble with patients not showing up to scheduled specialist appointments. To combat this issue, beginning next year, the hospital will start charging visit fees for no-show appointments as well. Last year, patients at Ida-Viru Central Hospital failed to show up for scheduled appointments a total of nearly 9,500 times, accounting for some 5% of all hospital visits, reported ETV news broadcast Aktuaalne kaamera. "Patients...
Tallinn city government finds that it is not reasonable to relocate the Tallinn Bus Station to the Ülemiste district near Tallinn Airport and that it should be left in its current location on Lastekodu Street. In connection with the preparation of an architectural idea competition and the drawing up of a detailed plan for the Ülemiste terminal in the framework of the Rail Baltic railway project, the city is drawing the attention of the Ministry of Economic...
A criminal investigation has been launched into the Medita Clinic, one of the largest private sector bidders in public procurement tenders in the health sector in Estonia. The Northern District Prosecutor's Office initiated the investigation in accordance with the Penal Code section concerning the transmission of false information, according to ETV investigative show Pealtnägija. The Medita Clinic was the largest private provider of specialist medical care...
The Tax and Customs Board (MTA) has signed an agreement with Online accommodation and hospitality marketplace Airbnb which enables hosts to automatically report earnings. The MTA and Airbnb held a joint press conference on Wednesday, announcing the agreement's signing as well as the new system and its rationale. The main premise, according to MTA deputy director Rivo Reitmann, is to keep things simple, meaning that Airbnb hosts who declare their income in...
Luminor notified its clients that as of 1 January, the bank will be closing the accounts of Estonian e-residents that fail to fulfil due diligence. Hannes Oja, head of Anti-Money Laundering at Luminor Estonia, said that based on the Money Laundering and Terrorist Financing Prevention Act, banks are required to update the data of all of their customers, writes daily Eesti Päevaleht (EPL). As a result, all existing clients have to do so themselves on a regul...