Estonia is a sparsely populated country. When the small country in Northeast Europe restored its independence in 1991, it had no physical infrastructure to serve its own citizens in the small villages. With the development of the web all stakeholders – government, private sector companies and citizens – embraced the concept of a digital society. “It was something we had to do in order to serve our citizens. As a comparatively poor country, it was pretty clear right from the start that it was too costly to physically serve the citizens and not good enough to transfer paper forms to a server, but to develop more efficient and smarter solutions”, says Aet Rahe who helped built up Estonia’s new IT infrastructure as deputy government CIO at the Ministry of Economic Affairs and Communications. In that role she was responsible for ICT policy which included setting the frames and creating the guidelines for state information systems development, e.g. interoperability rules and open data regulations. She now works as an independent IT consultant and is, among many other activities, chair of the supervisory board of Estonia’s Internet Foundation. Aet attended this year’s Blockchain Valley Conference at the GDI in Rüschlikon to present Estonia’s transformation into a digital society. Donna informatica had the chance to speak to Aet after her talk.
donna informatica: Can you briefly explain how Estonia’s digital society works.
Aet Rahe: From a citizen’s perspective, the ID card we use to securely authenticate ourselvses in the web, and also to give legally binding digital signatures is one of the core elements of the concept. When we started out, it was complex and expensive for each company to develop such a secure digital ID on their own. This is why banks, telecom providers and government agreed to develop it together and ensure that the card is accepted everywhere. When smart phones became popular, it was the telecom providers that pushed hard to quickly introduce a mobile ID.
In daily life, it means that you can do almost everything online in Estonia – you can even vote over the internet, in the comfort of your sitting room. 30% of Estonians who vote, do it online from more than 100 countries. The penetration rate for e-prescriptions is almost 100% in Estonia. It is also the normal way to interact with utility companies. You don’t have to go to a bank or an insurance company because you do all your business electronically. The ID card is also used to sign contracts. When I bought an apartment, I signed all the contracts digitally. You can register a company within 20 minutes. It is a safe and convenient exchange of data between private citizens, governments and corporations.
di: How did you prepare the people for this change?
AR: We consulted with others who had done similar things. Actually, this card was introduced in Finland, before Estonia. The Finnish engineers told us to make it mandatory if we wanted it to work out. In Finland they didn’t do this. With a population of roughly 5.5 million, they have less than 100’000 cards issued. We have 1.3 million inhabitants, and we have 1.2 million active cards. You don’t have to use the digital capabilities, but you have to have the card. It’s a mandatory identification document in Estonia. It is also worth mentioning that electronical signatures, if they are given with proper tools, have been legally binding (and equal to handwritten signatures) not just in Estonia, but across EU since 1999.
di: How about security concerns?
AR: Trust between government and citizens is crucial and fortunately we were able to make quite many important decisions about our e-government at a very good time – meaning that the digital capabilities were already there, but we did not have to fight as many false fears as one must fight today, trying to make the same decisions or introduce similar tools. Our society is used to harvesting the benefits of living in a digital society and we are aware that there are no systems without risks, thus implementing proper security measures is inevitable. That being said, we know in numbers how many security breaches happen in the physical and in the digital world and we firmly believe that going digital makes things more secure, not vice versa. Let’s take our medical data as an example. If I have an accident in Eastern Estonia, the emergency doctor there can access my data, even though he is not my family practitioner. Access to my medical data via digital means is open by default for all doctors, but if I want to close the access of a specific doctor because of a bad experience I can do that. All accesses are properly logged, so I as a citizen can be the “big brother” and watch over the data usage – something you can never do when data is on paper!
The acceptance of e-services that have been introduced in Estonia, have been overwhelmingly positive because of the benefits that come with it (location independent and hassle free interactions). Maybe today, considering the various NSA data leaks or politically motivated cyberattacks, people are more reluctant to embrace the digital approach.
DI: What does that mean on a strategy level?
AR: We have some principles that we followed right from the inception of the development: 1. Going digital is a strategic choice; 2. Citizen is the owner of his data – thus tools must be available for the citizen to monitor who, when and why his or her data are accessed; 3. Data-only once-principle must be applied – meaning that the citizen should only submit data once – whenever someone wants to reuse that data, it must be queried from its original source; 4. X-road – a secure information exchange layer (middleware) is the only legal way to query and reuse data gathered by the government; 5. We trust our engineers with engineering questions (not politicians); 6. We share our core infrastructure with the private sector – PPP model is widely used; 7. We are not afraid to innovate through pain – e.g. making an ID card mandatory was not an easy decision, but today we see the results, and it was worth it!; 8. We implement “No legacy policy” – meaning that we force government agencies to innovate by wiping old systems off and rebuilding them from scratch; 9. We use a holistic approach – it is not only about building IT systems, it is also about ensuring that people have skills to use them, that the connectivity across the territory is there, that security is ensured, that people are aware about cyberthreats etc.
di: How does the governance look like?
AR: The implementation relies on a close cooperation between public and private sectors. For example in Estonia, the financial and telecom companies put together an organization that take care of the electronical certificates of all ID cards. This means, the private sector is also very active on an operational level. They provide part of the solution. We are collaborating all the time to develop and enhance the technology and ensure the resilience of the system. A majority of the software is procured from the market, thus also software development companies collaborate with the government. We have very limited in-house development in general.
di: “e-Estonia” has become a brand. Other governments go to Tallinn to learn about your experiences. What are your main observations?
AR: Even though there is no need to re-invent the wheel, we still see that it tends to happen quite a lot. The legal framework for e-ID and digital signature is already there. EU did that work even though there’s always room for improvement. Additionally, all Estonian legistlation is available online, many of it also in English. And we are happy to share how we built our system. Amazingly, developing countries are often more open to learn from others than the wealthy countries. I guess they have the same need for it as we did, It’s not about “want” but about “need” since they also have limited resources and alternatives are much more expensive. In wealthy countries you can have political debates for a long time without doing anything because you don’t know everything when you start, you have to fight off the false fears etc., whereas emerging countries, such as Albania or Kosovo, which I visited recently, move really fast and they don’t suffer from digital showinism – they are happy to learn how others did it. They have to build a government from scratch. They listen and try to copy the best practices. Rich countries often think: We know better.
di: Many countries are very worried about welcoming new residents. Some even think about building walls again. Estonia’s strategy seems to be quite the opposite.
AR: That’s right. Nobody seems to want to come physically to Estonia, since our climate is cold. In order to attract people who enjoy the life of a digital nomad, or businesses to the country, we have created the e-residency concept. E-residency basically means that the Estonian government issues high-security digital ID cards to non-residents and open up the digital ecosystem to operate your business online, sign all kinds of documents electronically etc. So basically, whatever one does on paper and signs on paper, can be signed online, location independently!
Wherever you live and work, you can apply for it. The e-residency is not related to citizenship nor is the card a travel document, but you can use it to establish a location-independent business and use the high security e-identity and digital signature, which is legally binding all across European Union. Wherever you do your business, you can manage it using an Estonian e-residency card. You don’t even need a local office or manager here. That’s why we call the e-residency concept a “country-as-a-service”. It is our way to grow Estonian economy, without increasing the size of the population.
Aet Rahe, ART IT Consulting, Tallinn/Estonia
Aet Rahe is the founder of ART IT Consulting. She has more than 10 years of experience within the IT industry and she is now an esteemed authority in the field of e-governance and startups. Until 2016 Aet Rahe was deputy government CIO at the Estonian Ministry of Economic Affairs and Communications. Aet Rahe is the chairman of the supervisory board of the Estonian Internet Foundation and a guest lecturer at Tallinn Technical University and Tartu University.
Barbara Bohr, donna informatica
Barbara Bohr runs her own project consulting company and works as a lecturer at HSR Hochschule für Technik Rapperswil. Before returning to academia, she spent 12 years working in banking technology as a product and portfolio manager. She has a strong interest in the ongoing finance transformation and regularly blogs about these topics.