Linnar Viik, Associate Professor and Member of the Board of the Estonian Information Technology College, likes to tell a story about what drove Estonia to become one of the most advanced wired societies in the world after gaining its independence from the Soviet Union in 1991. Its new prime minister, the story goes, was being shown his office by his secretary for the first time. On a table sat six phones, two with a dial and four without. Upon seeing them, the prime minister asked what all those phones were for. The secretary replied: “Mr. Prime Minister, we don’t know – they were there.” And so, as Professor Viik likes to put it, “That was the beginning of the infrastructure in the country. You didn’t know where the cables are going, what are the solutions behind them and who is where. And it gave the opportunity to start from scratch.”
No longer reliant on the economic resources of the Soviet Union and stuck with an archaic technology infrastructure, Estonia faced a daunting challenge in the early nineties: how was the small nation with a tiny population and very limited resources to move ahead? With the advent of the Internet, Estonia’s leaders saw the opportunity to create an e-society from the ground up and embarked upon an ambitious program to make it a reality.
First came the legal framework:
- The Personal Data Protection Acts of 1996 and 2003 that established the laws regulating the use of citizens’ personal data by government and third-parties,
- The Digital Signatures Act of 2000 that established the legal validity of digital signatures, and
- The Public Information Act of 2000 that established a national registry (called the Population Register) containing the personal data of all citizens/residents and set forth the conditions, procedures and methods for accessing this information.
The centerpiece of the legislation is that it is the citizen who owns his/her private data and has the right to control who can access it. The “system” allows citizens to specify at a granular level who can access their records. For example, they can specify which individual doctor or doctors can look at their electronic health records. While there are situations such as law enforcement where a citizen cannot block the government from accessing their data, they can still get a record of who accessed it and when – on-line. If a citizen suspects an official of accessing their data without a valid justification, he/she can file an inquiry and have the official disciplined (read: fired or imprisoned) for unauthorized use of private data.
Once the legal framework was in place, then came the technology infrastructure. First, every citizen had to be uniquely identified. Each individual was assigned a distinctive 11-digit Personal ID Code based on his/her date of birth and sex.
The government then established a Population Register – a national database holding all the basic information about each person living in Estonia. It contains their names, Personal ID Codes, birthdates, places of residence, legal relationships and other statistical data such as nationality, native language, education, and profession. The Population Register is the central repository of all personal data.
Along with a Personal ID Code, every citizen 15 years or older was issued a compulsory Estonian ID Card (Figure 1). The card serves both as a physical identity document as well as an electronic identity. It can also be used in lieu of a passport when traveling within the European Union.
The ID card is a smartcard that stores the individual’s name, gender, biometric data, Personal ID Code, and cryptographic keys and public key certificates. The certificates are used to assure identity and allow the individual to digitally sign documents. As a result of the Digital Signature Act, digital signatures are legally equivalent to manual signatures – and government organizations are required to accept digital signatures from citizens.
In 2007, the government introduced a Mobile-ID Service that enabled individuals to use their mobile phones as a form of secure electronic ID. Like the ID Card, the mobile phone could be used to access secure eServices as well as digitally sign documents – but with the advantage of not requiring a card reader. The system is based on a specialized Mobile-ID SIM card which the individual must obtain from their mobile service provider. Private keys are stored on the mobile SIM card along with an app for authentication and signing.
As a matter of law, government systems are not allowed to store the same data in more than one place. In the case of personal data, all they store is the Personal ID Code. To interconnect all the various government databases, the state developed “X-Road”– essentially a secure data-sharing network. It was initially developed as a tool to perform database queries but has been significantly enhanced. Today, it has the capability to write to multiple databases, transfer large data sets and perform searches across multiple databases. External third parties such as businesses can now interconnect as well.
To provide a gateway to all available eServices, the government developed the so-called State Portal, eesti.ee. The portal provides three views: a citizens view, an “enterpriser” (businessman) view and a public servant view and requires a single log-on.
To date, over 800 services are offered via the portal, both governmental and non-governmental. One of the first applications to be implemented was the Information System of Government Sessions, popularly known as eCabinet. It is akin to a workflow tool that enables ministers to prepare for cabinet meetings, conduct them and review minutes electronically. All documents processed and generated are digital and any that require official signatures are signed digitally by the cognizant minister(s). Under the paper-based system, cabinet meetings ran, on the average, five hours. With eCabinet, meetings are averaging 30 minutes. The fact that this was one of the first eGovernment applications implemented was no accident – it was intended to demonstrate the government’s commitment to eGovernment.
Other popular eServices include:
- On-line tax filing – 97% of tax returns in Estonia are filed electronically. Why? Because it’s so easy – the process, on the average, takes 10 minutes. Most of the fields are already filled out: Wages are reported automatically by employers as are charitable deductions by non-profit organizations. Mortgage tax deductions are automatically calculated from mortgage information provided by commercial banks. And so on. According to Estonian President Toomas Hendrik Ilves, “[On-line filing] had the additional effect of dramatically increasing compliance. People paid their taxes! – which then had the additional benefit which allowed us to reduce taxes and, suddenly, the Estonian government found out it had budget surpluses because people were paying more – people were paying their taxes.”
- Electronic health records – This nationwide EHR system integrates data from the country’s various healthcare providers and creates a common record for each patient. While it has the appearance of a centralized database, the system actually retrieves the data it requires from the various providers’ systems as needed and presents it in a standard format. Patients can access their own records and those of their children. By logging into the EHR Patient Portal with an electronic ID card or mobile phone, an individual can review previous doctor visits and current prescriptions, control which doctors have access to their medical information, and can even receive general health advice. Prescriptions are now being done on-line as well.
- On-Line voting – In 2005, Estonia became the first country to use on-line voting for nationwide elections. The Internet-Voting System, or iVoting for short, allows Estonians to cast ballots from any Internet-connected computer, anywhere in the world. In the last parliamentary elections in 2011, 24% of eligible voters voted electronically, up from 5.5% in 2005.
- Company registration –Estonians (and non-Estonians) can register a new business online in just minutes without ever having to go to a notary or government office. All it takes is an ID Card/mobile phone and an Internet connection. Through this system, businesses can also file annual reports and obtain information about other companies. This system decreased the average time required to set up a business from five days to two hours. By 2011, 98% of business registrations were done on-line.
If ever there was a proof-of-concept for eGovernment and, to a certain extent, Government-as-a-Platform, Estonia is it. Granted, in many regards, the country had the opportunity to build from scratch and with a manageable scale. But this doesn’t detract from the fact that it took sustained commitment and political will to make it happen. And it’s that which makes the difference between success and failure.