Digital governance: Lessons from Estonia to India, rest of the world

Estonia is the most digitised nation
Tallinn, Capital city of Estonia, by night. Data confidentiality, data availability, and data integrity – focus on these three pillars of information security helped Estonia become the most digitised nation.

When I say that Estonia is the only country in the world where 99% of the public services are accessible online 24/7, you might ask — what’s that 1% that is not? And that’s a fair question. As it stands, only marriage and divorce are not conducted online. For these two things, you need a physical signature of the agreeing parties and a public notary to confirm that you are not making these decisions under duress. It’s also worth pointing out that you can still do most of the administrative parts online – the main hurdle is that final signature.

When you think about all the data being exchanged between the hundreds of different government servers, you might be wondering: How do we ensure the efficiency and safety of the data? In Estonia, we are using X-Road since 2001. It’s the software backbone that encrypts and transfers our data. It works like an open-source highway for data traffic. X-Road interconnects public and private databases, which are held in a distributed manner. While every institution manages its own processes, government institutions can decide independently which platforms and technologies they use over X-Road.

READSub-par engineering education chips away at India’s technology leadership

So yes, different authorities can choose different kinds of software and server infrastructure, what matters is that they are all compatible to the X-Road. This decentralised approach means that there is not one big super-database which would be extremely attractive for hackers. All data transfers are end-point to end-point encrypted. And we can see that we’re on the right track because many other countries have gotten onboard with our solution. Some of them are on the screen but I’m sure that there is also a country in your neighbourhood that’s at least considering using X-Road as we speak.

One of the most frequently asked questions that we get is: Do you use Blockchain? The answer is yes, but not like you think. We do not store personal data on the Blockchain as that would be a data protection and privacy nightmare. But: All the data exchanges, M2M communications, data at rest, and log files are independently and fully accountable thanks to Blockchain technology.

With Blockchain deployed in Estonian government networks, history cannot be rewritten by anybody and the authenticity of the electronic data can be mathematically proven. It means that no-one – not hackers, not system administrators, and not even the government itself – can manipulate the data and get away with it.

From the security perspective, a model known as the CIA TRIAD, Estonia information security relies on a combination of three pillars: data confidentiality, data availability, and data integrity. The electronic ID allows citizens to access only their data and restricts access to unauthorized people. Estonia offers several e-ID carriers that people can use and combine, issued both by the state and public sector to guarantee confidentiality and privacy of data. The X-Road serves as the basis for secure data exchange – so different public and private databases have trustworthy data available at all times to work with.

This way, data packages can be exchanged in a smooth and interoperable manner that allows institutions to provide efficient public services using and re-using the data. Finally, integrity is crucial to maintain the trustworthiness of the data that we see and avoid the illegal loss, duplication, or manipulation of the datasets, software components or log files.

With KSI Blockchain technology deployed in the Estonian government databases, history cannot be rewritten by anybody and the authenticity of the data can be mathematically proven. This means that no one – not hackers, not system administrators, and not even the government itself – can manipulate the data and get away with it. With these three pillars in place, there is a good chance that a country can push on toward offering secure digital services that attract the interest of the population.

Estonia’s Digital Journey: A Timeline

Of course, digitalisation was not done in a day. It took 5 years from changing legislation to offering the very first online service. And also after that initial breakthrough, creating good digital services and generating acceptance for those services takes time. Still, here is a timeline that describes Estonia’s journey pretty well.

  • 2000 – e-Cabinet – database and scheduler for streamlining governmental decision-making processes.
  • 2000 – Estonia had an online e-Tax Board already in 2000, while many other countries have created similar online versions only in recent years.
  • 2000 – m-Parking – a system that enables drivers to pay for city parking via mobile phone.
  • 2002 – e-ID – digital identification based on the mandatory ID card.
  • 2005 – Estonia was the first country in the world to use i-Voting. Since then, there have already been 9 elections in Estonia where people could cast their vote using i-vote – 30% of Estonians cast their vote via the i-voting system from 128 countries all over the world.
  • 2017 – data embassy in Luxembourg was established. Data Embassy is an extension in the cloud of the Estonian government, which means the state owns server resources outside its territorial boundaries. This is an innovative concept for handling state information, since states usually store their information within their physical boundaries. Data Embassy resources are under Estonian state control. They are secured against cyberattacks or crisis situations with Blockchain technology and are capable of not only providing data backups, but also operating the most critical services.
  • 2019 – AI strategy – We have launched an expert task force, led by the Government Office and the Government CIO. The task force released a report in May 2019 on a national AI strategy on how we will advance the uptake of AI solutions in public sector as well as wider economy.
  • 2019 – Reporting 3.0 – the automatic data collection environment. With enforcement of Reporting 3.0 strategy, Estonia has already managed to improve the quality of data collected by its government statistical organisations; thereby lowering the administrative burden on enterprises with regards to communicating basic information to Statistics Estonia or the Estonian Tax and Customs Board.
  • 2020 – proactive family benefits – As soon as child has been born and registered in the population register and given a name, a population entry activates all of the following services – also the Social Security Agency will send an email to the parents to receive family benefits.
  • 2020 – e-notary for remote verification – With the e-notary service now rolled out to its total capacity, you can trade or transfer company shares, buy or sell real estate, attest credentials, or carry out other notarial acts from anywhere in the world.
  • 2020 – 50 public sector AI use cases – To increase the user-centricity of public services, the process of data analysis and efficiency, Estonia launched by the end of 2020 at least 50 AI use cases in the public sector
  • 2020 – 7 invisible services – Today, a shift in the service delivery approach provides the basis for a truly seamless digital state. As citizens have no need to be aware of government complexity and do not wish to fill multiple complex paper or web forms, government services as a whole, or partly, need to become more seamless, reusable, and proactive.
  • 2021 – Bürokratt will, in the future, allow a person to get everything they need from one device and through a virtual assistant in one communication session. Bürokratt is thus an interoperable network of public and private sector AI solutions, which from the user’s point of view, act as a single channel for public services and information.

Now that we’ve touched on the fundamental principles of e-Estonia, it’s time to talk about how these things were put into practice. One of the cornerstones is undoubtedly the electronic ID which enables Estonian citizens and residents alike to prove their identity online and benefit from convenient, safe and fast hassle-free e-services. We’ve got this card since 2002.

Nearly every one of Estonia’s 1.3 million citizens and residents has an ID card, which is a mandatory national card with a chip that carries embedded files and functions as definitive proof of ID in an electronic environment. The ID card is in compliance with the highest EU standards (particularly eIDAS).

If you find using that card on a daily basis too bothersome – and the truth is that many Estonians do – you’re in luck because there are several other eID-carriers! The first one is called mobile-ID which allows people to use their mobile phone as a form of secure digital ID.

Mobile-ID is a different kind of SIM card that you can get from your network provider, pop into your phone and use it just like the ID-card: it can be used to access secure e-services and digitally sign documents, but has the added advantage of not requiring a card reader. This option is particularly attractive for people who don’t own a smartphone because it is not an app-based solution.

If a SIM card is also too much hassle, you might be interested in Smart-ID which is an app that you can download and use for authentication just like the aforementioned solutions. You can use Smart-ID on a smartphone or a tablet, on an iOS device just as easily as on Android. When using Smart-ID, you only need a Wi-Fi network or mobile internet connection, no data roaming is necessary.

As of November 2018, Smart-ID is recognized as QSCD (Qualified Signature Creation Device). This is the highest level of recognition in the EU and now all Smart-ID users can digitally sign documents on Qualified Electronic Signature (QES) level that must be recognised by every EU member state.

Finally, there is a method of electronic identity that literally everybody in this room can have as well. It’s called the e-Residency card and in many ways it is the culmination of many of Estonia’s previous efforts. Anyone around the world aged 18 or older can get this card – with it, they can create a company on Estonian legal soil, meaning inside the European Single Market and also give digital signatures that are legally binding, just like Estonian citizens and residents can with their ID cards.

With this solution, we solve different problems for people living in different countries: People from non-EU countries are interested in having an EU-based company, but we also have surprisingly many e-Residents from EU countries, primarily because they want to make use of the digital signature and creating and running a company might be more expensive, bureaucratic and time-consuming in their home country. Bear in mind though that the digital ID is not a physical identification or travel document, nor visa or citizenship and does not display a photo.

Let’s talk a bit more about e-Residency. Estonia started this project in 2014 and thus became the first and still the only country in the world to establish global e-Residency. e-Residency is perfect for people who want to set up a business, be it for their own freelance jobs or to create something bigger than themselves. By now, we have e-Residents from more than 160 countries which shows the global reach and size of the target group. By now we have more than 21,000 companies created by e-Residents in Estonia and overall they have contributed north of €32m in taxes.

All you need to create a company in Estonia is an e-Residency card and an EU bank account, and there are many other financial service providers that are more than happy to help you set up the basics. And of course, as was mentioned before, e-Residency allows you to give digital signatures that are legally binding, just like Estonians do it. That’s one of the main reasons why there are so many Finns who use e-Residency – they don’t create that many companies but they use e-Residency to give digital signatures whenever they want to sign contracts with Estonian colleagues, which naturally happens quite a lot.

(Margus Solnson is Deputy Head of Mission, Estonian Embassy in New Delhi. This article is the edited transcript of Mr Solnson’s speech at an event organised by Policy Circle.)