Estonia is often described as a genuinely digital society. Today a majority of government services are offered 24/7 online, and data integrity is ensured by blockchain technology.
President Kersti Kaljulaid, explained how Estonia turned digital.
You can use medical e-prescriptions, file taxes, or even buy a car online without needing to go to the vehicle registration office. There are only a few things that you still need to do in the analog world, such as get married or buy property.
Why spend your life waiting in line for a piece of paper that proves you are you? Governments must learn to provide public services as efficiently as Amazon sells books: no physical presence, no cost of application, no opening hours.
For some weird and unexplainable reason, people normally expect better services from private companies than from their own governments. This is not the case for our citizens in Estonia. They expect a lot from their government and are constantly demanding us to improve and innovate. Estonians expect that if the private sector is constantly innovating, the government should be, too.
If you can easily buy books online, make bank transactions, and log in to your social media account within seconds, then why can’t a public service work equally well? If people can manage their finances online, why not your social-services account? If you can receive prompts from your mobile operator to see when a package is will arrive, shouldn’t you be able to receive text prompts from your government to renew your driver’s license?
Public-sector service cannot afford to be worse than the private version online. For us, it makes perfect sense to offer services electronically to our citizens the same way private companies do; they are like shareholders who demand better results in every aspect of their life.
The history of how Estonia went digital
So why do Estonians live in a digital society when everybody else still doesn’t?
A quarter-century ago, when Estonia restored its independent statehood from the USSR, we were a poor country that needed to build a modern, efficient, and democratic state. Radical reforms needed to be carried out in all walks of life. After regaining independence, we did not have a network of tax offices, social-services offices, or any public-service provision points, for that matter. It was an open slate to form a new society on—and in a different way.
In order to achieve universal service provision in affordable way, the digital model was dreamt up. But the choice we made in favor of technology was not an easy one.
We wanted to harness the potential of information and communications technology (ICT) to make public-service provision cheaper and available in the rural areas. The decision to invest the scarce resources of a newly restored independent state into building internet connections and equipping schools and public libraries with free internet access points was risky. Repairing potholes or crumbling school buildings had to be forgone in order to invest in the new technologies.
Though the first decade was complicated, in hindsight, this decision gave the entire Estonian society the momentum to make a digital jump into the future. That leap of faith shifted the fundamentals of our society in many spheres of public life. Schoolchildren, having become computer literate at an early age, brought their newly acquired skills home and also infected their parents and grandparents with the digital bug. Priorities changed for families and parents were encouraged to invest in a computer and an internet connection.
At no point during the digital transformation of Estonian society did we create cutting-edge technology from scratch. Tech-wise, everything we use is rather mundane and commonly used by other actors, mostly private. This is good, because it makes it affordable and reliable.
The Estonian experience also demonstrates that high rates of basic technological penetration pay off better than cutting-edge technology only in the hands of a selected few. Cheap, common technology that is inclusively used by society as a whole brings much greater benefits than exclusive ones only accessible to upwardly mobile populations.
With the basic digital framework in place, it was time to build upon the online platform we had created: Now that our services were digital, our citizens could be, too.
With much of the country online by the mid 2000s, the ICT and banking sectors came to the government and suggested that everyone would benefit from having secure digital identities. So we decided to give them to everyone.
Though the press has only recently been reporting on national identity programs, Estonians have had digital ID cards for nearly two decades. We can use these chip-enabled cards as an identification document while crossing borders in Europe, sign and timestamp documents, apply for different public services, pay fines and taxes online, query the registries, or simply send encrypted emails. It has therefore developed into a fully recognized online passport for our citizens.
As previously mentioned, new technologies are useless without the supporting legal framework to ensure their responsible use. People’s online signature, security, and rights are protected by law. At the same time, citizens have the responsibility to safeguard their ID card (and therefore their digital identity), meaning that if they let somebody else use it, then they also are legally answerable.
This system is cheaper, too. The digital authentication and signature system used by the whole population has been estimated to save up to 2% of GDP annually. The efficiency of these e-services offered by the government and private businesses to institutions, businesses, and citizens has far outweighed the cost of investment. By that metric, it’s a no-brainer.
The macroeconomic effect of a well-developed ICT sector is even bigger —close to 7% of the Estonian GDP comes from it. Having a digital society has also fostered a culture of innovative tech companies. Our density of unicorns —roughly four per a million citizens— is impressive for a country which 30 years ago was painfully poor and limited in modern technology penetration.
But the innovation also lies in the process of bringing business, people, and government together. The government’s digital ID infrastructure is also used by banks and other private companies with high security and trust requirements, and all private companies are free to develop services on top of the framework, too. Estonia is therefore a benchmark example of “PPP”—public-private partnership. This guarantees that all people benefit from digital services.
Trust and security
With so much of Estonia’s public and private life being stored online, this always raises questions of trust and security. We believe that in the same way a state issues passports to offer secure identification in the analog world, it should keep its citizens safe in the digital realm. Technical solutions for data protection, including securing all citizen’s data, are important, but that is not enough. The legal base has to be adjusted in order to use the state’s enforcement power for data protection.
Of course, there is no such thing as absolute security. But it is easy to demonstrate that digital technologies offer more security that paper analogs. The digital format provides much more control over personal data than the paper format, provided that the legal space prescribes clear rules on data gathering, storage, and use. The Estonian people know that meddling in public databases cannot go unnoticed because it would be recorded and secured by blockchain-based timestamping, and officials know that it is a criminal offense to nose around. This creates additional trust between citizens, state, and e-services.
But what is even more important is that your personal data does notbelong to the Estonian state. Just because it’s in the database doesn’t mean that Estonia owns it—it belongs to you. At any second you have the right to know and control what happens to this data.
This makes the digital world much more transparent then the analog world. Do you have a complete record of everyone who has ever looked through your medical files, for instance? Digital is only as safe as we make it, but its potential is far greater than analog.
Protecting against hacks
But we cannot only indulge in the benefits of digitalization. Risks are not the downside of a digital society—they are a natural part of anysociety. And so in the same way as countries take measures to keep their paper data secure against various threats—be it flood, fire, or theft—we are doing the same for our digital data.
In 2007, Estonia fell prey to a series of cyber attacks, originating largely from Russian IP addresses. In a way this was a wake-up call, because it led us to creating a cybersecurity strategy and facilitated the creation of a permanent NATO unit focused on enhancing cybersecurity.
We decided to increase our security even further. In the summer of 2017, we announced the opening of the world’s first data embassy in Luxembourg to secure government information in the event of a military or cyber attack. These server racks are in the sovereign territory of Estonia in Luxembourg (as in a case of any embassy), and both the data and the servers belong to Estonia. We chose Luxembourg as the first data-embassy site because of their readiness and flexibility to work on a new concept.
Then in 2017, we had to fix a technical flaw that affected at least half of our ID cards’ security arrangements. The risk was theoretical—no hacks occurred—but we had to react quickly once we were aware of the problem. While some could update their certificates online, others had to visit physical police offices to receive new cards.
Suddenly social media was filled with “horror stories” (link in Estonian) of how people had to stand in line and wait for the service to be provided. After avoiding queues for two decades, this was clearly not something people were ready to put up with again. Going back to paper is no longer an acceptable option for our people.