Acquiring digital identity in Estonia: lot of room for UX improvements

Example of how an ID card looks like

As a background, I am a citizen of Estonia, a country known for its digital awesomeness. Part of this awesomeness is the national infrastructure which allows you to authenticate yourself & sign contracts digitally with a government-issued ID. This ID is shipping in two formats: a credit-card sized ID-card and a special app on SIM card allowing to do the same via mobile phone.

The ID-card as a medium happens to be super clumsy in practice. You need a special card reader plugged into the USB port in your computer. In addition special browser plug-ins are required. These plug-ins are unstable and incompatible, especially if you are using exotic operating systems (like Mac OS X). Mobile-ID is way more comfortable to use and whenever you actually have it set up it works like a charm:

Mobile ID usage in the phone

For some reason the adoption on Mobile-ID has been really low. Estonia has around 1.3M people and even more active SIM cards. Only around 100,000 of those people are Mobile-ID users. After what happened with me during the past weeks I am no longer surprised.

It all started from me changing the mobile carrier. Something presumably simple took me eight emails and 10+ phone calls to complete. But this is handled by private sector and if they continue to be so ineffective they will be out of business at some point. So in this post I will focus on the public sector side of the deal which as we all know does not get to face that much competition.

All in all, after waiting for two weeks I was sent new SIM card by the new operator. I plugged it it in and it worked like a charm. All that was left was to activate the Mobile ID in this SIM.

Preparing to activate the Mobile ID

The SIM arrived via courier but apparently whenever you want to use Mobile ID, you need to make an appearance on the mobile operator office for them to verify you being really you. After I managed to figure out this, I drove to the nearest office of the operator only to discover it being closed for renovation. Drove to the second one with a bit more success. 35 minutes waiting in line, filling up a paper form and getting a scan of my ID card was all that was needed for this step.

Next step was to activate the Mobile ID, for which I needed to use the ID card. I guess the last time when I actually used ID card was the time when I activated my previous Mobile ID. So when trying to use the ID card after years of inactivity I discovered that the certificates on the card have expired.

Somehow the certificates had expired beyond the point where I could update the certificates and the only solution is to apply for new ID card. Discovering this information literally required a PhD in Computer Science. While I was staring at a cryptic error message, my co-worker with PhD happened to walk by. Seeing my confusion he proceeded to explain that I was looking at a certificate expiration error.

So, besides new SIM card, I needed a new ID card. Opened up the corresponding website, filled in the formular, attached a new picture of myself, paid the required fees via wire transfer and expected the ID card to be ready for picking it up soon.

Nope. In 48 hours I received a reply that “picture you sent is not OK”. Checking the list of requirements (https://www.politsei.ee/et/nouanded/id-kaart-ja-pass/dokumendifoto.dot) left me wondering which one of the ~50 requirements to the photo I am not fulfilling. After explicitly asking for this, I received explanation and the second photo passed the set criteria.

Now I was ready to receive my brand new ID card in two weeks. Entering the bureau and — hello queues. There must have been 100 people queueing up for what for me was 1.5 hours of wait time just to pick up my card. Had I applied for it in the bureau, it would have been additional 1.5h. Assuming that such queues formed every day and each day there was 400 person for whom 1.5 hours was wasted, we can count 12,000 wasted hours only in the Tartu office during a single month. I do not dare to think about the entire wastage across Estonia.

Actually activating Mobile ID

Driving to home, entering my brand new ID card to the card reader and starting to activate my Mobile ID. First stop Chrome. Nope, does not recognize the card. Second attempt Safari. Again nope. Firefox for whatever reason recognized the card and I was able to authenticate myself to start the Mobile ID activation process.

Apparently as the first step you need to revoke your existing Mobile ID. I was in the business of activating a new one, but OK, I guess I can do the revoking as well. Nope. getting a cryptic error message:

Error while trying to revoke previous Mobile-ID

Contacted support. receiving a reply that this is a known bug and ID card on Firefox with Mac OS X is known not to work. Recalling the good advice of “have you tried turning it off and on again” I restarted my Mac. Volia, Chrome started recognizing the ID card after the restart.

Back to the Mobile ID activation process but with the same results. Cannot cancel the existing Mobile ID. Contacting the support again, carried out some tests while on the call (checking certain plugin version compliances and certain error logs) and waiting for 48 hours.

Support returns with the information that I ran into back-office issues and the failure was related to something in the back-end not in my browser. They had manually proceeded to revoke my existing Mobile ID so I was clear to proceed.

Indeed, after loggin in I was now able to activate the Mobile ID and complete the process by changing the PIN numbers on Mobile ID.

So, I was able to complete the process. The key ingredients for this success was a bachelor degree in computer science. I seriously doubt people who are not dealing with IT on daily basis can complete the process above. At least not without heavy assistance from someone more tech-savvy.

Summary

In total the process of changing the cellular operator took me

  • five calendar weeks
  • around eight hours of my life
  • 15 emails
  • 10 phone calls
  • acquiring a bachelors in computer science to be able to tackle the technical issues

I would say this is something that should not be acceptable, especially considering the number of e-residents flocking in to use this infrastructure. You cannot expect these e-residents to be able to handle even the fraction of the issues I had to walk myself past in the saga above. I had all the required infrastructure elements (browser plugins, ID card admin utilities, etc) in place and I have worked in IT for 20 years. Yet still I faced the mess above.

So, in the the odd chance that someone reading my rant happens to be in charge of how ID cards/Mobile IDs are issued in Estonia, maybe you can do something to change this.

There are multiple ways how to iron out inconveniences from the process above. With just 30 minutes of analyzing the mess above — there are multiple steps that you could remove from the equation. And maybe, just maybe even most of the steps can be removed if we are to speak about Smart ID solution which is not bound to physical medium.

But the key point I would like to make is that — rants like this should not be needed to bring the process owner attention to the issue at hand.

If the process owner would monitor the experience the end users are receiving, the amount of wastage your users have to deal with will be immediately visible. I mean, wasting eight hours per person changing their ID cards should be something that the E-stonia should not tolerate.

Show your support

Clapping shows how much you appreciated Ivo Mägi’s story.