What a digital government looks like Anna Piperal
Almost 30 years ago,
my country was facing the need
to rebuild everything from scratch.
After years of Soviet occupation,
Estonia regained its independence,
but we were left with nothing.
No infrastructure,
no administration, no legal code.
Organizational chaos.
Out of necessity,
the state leaders back then
had to make some daring choices.
The ones that our country could afford.
There was a lot of
experimentation and uncertainty
but also a bit of luck involved,
particularly in the fact
that we could count on a number
of brilliant visionaries,
cryptographers and engineers.
I was just a kid back then.
Today, we are called
the most digital society on earth.
I’m from Estonia,
and we’ve been declaring
taxes online since 2001.
We have been using digital identity
and signature since 2002.
We’ve been voting online since 2005.
And for today, pretty much
the whole range of the public services
that you can imagine:
education, police,
justice, starting a company,
applying for benefits,
looking at your health record
or challenging a parking ticket –
that’s everything that is done online.
In fact, it’s much easier to tell you
what are the three things
we cannot yet do online.
We have to show up
to pick up our ID documents,
get married or divorced,
or sell real estate.
That’s pretty much it.
So, that’s why don’t freak out
when I tell you that every year
I can’t wait to start
doing my tax declaration.
(Laughter)
Because all I have to do
is sit on my couch with a mobile phone,
swipe a few pages with prefilled data
on income and deductions
and hit submit.
After three minutes,
I’m looking at the tax return amount.
It actually feels like
a quite rewarding experience.
No tax advisors,
no collecting receipts,
no doing the math.
And have I mentioned
that I have not visited a state office
for almost seven years?
Indeed, one of the features
of the modern life
that has no reason to exist anymore,
considering technological
possibilities of today,
is the labyrinth of bureaucracy.
We’ve almost got rid of it
completely in Estonia,
in an effort coordinated by the government
that has also digitized itself.
For instance, cabinet of ministers' work
in e-Cabinet is absolutely paperless.
The central idea behind this development
is transformation of the state role
and digitalization of trust.
Think about it.
In most countries, people
don’t trust their governments.
And the governments don’t trust them back.
And all the complicated
paper-based formal procedures
are supposed to solve that problem.
Except that they don’t.
They just make life more complicated.
I believe Estonian experience is showing
that technology can be the remedy
for getting the trust back,
while creating an efficient,
user-centric service delivery system
that actively responds to citizens' needs.
We did not do it by digitizing
bureaucracy as it is.
But by rather agreeing
on a few strong, common principles,
redesigning rules and procedures,
getting rid of unnecessary data collection
and task duplication,
and becoming open and transparent.
Let me give you a glimpse
into some of the key e-Estonia
design principles today.
First, it is essential to guarantee
privacy and confidentiality
of data and information.
This is achieved
through a strong digital identity
that is issued by the state
and compatible with everything.
In fact, every Estonian has one.
The identity is doubled
with a strong digital signature
that is accepted, used and legally binding
both in Estonia and the European Union.
When the system can properly
and securely identify who is using it,
after logging in, it will provide access
to the personal data of the citizen
and all the public services
within one tool,
and allow to authorize anything
by signing digitally.
A second principle,
and one of the most transformative,
is called “Once only.”
It means that the state
cannot ask for the same data
more than once,
nor can store it in more than one place.
For instance,
if you’ve already provided
your birth or marital certificate
to the population registry,
this is the only place
where this data is going to be held.
And no other institution
will be ever asking for it again.
Once only is a very powerful rule,
as it defines the whole structure
of the data collection in a country,
what information is collected
and who is responsible for maintaining it,
making sure we avoid
centralization of data,
duplication of data,
and guarantee that it’s
actually up to date.
This distributed approach
also avoids the problem
of the single point of failure.
But since the data cannot be replicated,
or collected more than once,
it means that the design
has to keep in mind
secure and robust access
to that information at all times,
so the public institution
can offer a service.
This is exactly the role
of the data exchange platform
called the X-Road
that has been in use since 2001.
Just like a highway,
it connects public sector
databases and registries,
local municipalities and businesses,
organizing a real-time, secure
and regulated data exchange,
saving an auditable trace after each move.
Here’s a screenshot of a live feed
showing all the requests
performed on the X-Road
and all the services
that it actually facilitates.
And this is the real picture
of all the connections between
public and private sector databases.
As you can see,
there is no central database whatsoever.
Confidentiality and privacy
are definitely very important.
But in the digital world,
reliability and integrity of information
is just critical for operations.
For instance,
if someone changes
your medical health record,
let’s say allergies,
without you or your doctor knowing,
treatment could be deadly.
That’s why in a digital society,
a system like an Estonian one,
when there’s almost no paper originals,
there’s almost only digital originals,
integrity of data,
data exchange rules, software components
and log files is paramount.
We use a form of blockchain
that we invented back in 2007,
way before blockchain even became a thing,
to check and guarantee
the integrity of data in real time.
Blockchain is our auditor
and a promise that no access to the data
or data manipulation remains unrecorded.
Data ownership is another key principle
in the design of the system.
Aren’t you worried by the fact
that governments, tech companies
and other businesses around the world
claim data they’ve collected
about you is theirs,
generally refuse to give access
to that information,
and often fail to prove how it was used
or shared with third parties?
I don’t know, for me it seems
like a quite disturbing situation.
The Estonian system
is based on the principle
that an individual is the owner
of the data collected about him,
thus has an absolute right
to know what information is collected
and who has been accessing it.
Every time a policeman,
a doctor or any state officer
is accessing personal information
of the citizens online,
first they only get to access it
after logging in
to the information they’re authorized
to see to do their job.
And secondly, every time
they’re making requests,
this is saved in a log file.
This detailed log file
is part of the state public services
and allows real transparency,
making sure no privacy violation
will remain unnoticed to the citizen.
Now, of course, this is only
a simplified summary
of all the design principles
that e-Estonia is built on.
And now, government is building up
to get ready for use
of artificial intelligence
and building a whole new generation
of public services –
proactive services
that would activate seamlessly
based on different life situations
that people might be in,
such as childbirth, unemployment
or starting a business.
Now, of course,
running a digital society
with no paper backup
can be an issue, right?
Even though we trust
our systems to be solid,
but one can never be too cautious
as we experienced back in 2007,
when the first cyberincident happened,
and it literally blocked
part of our networks,
making access to the services
impossible for hours.
We survived.
But this event put cybersecurity
at the very top of agenda,
both in terms of strengthening
the platform and backing it up.
So how do you back up
a country-wide system in a small state
where everything is super close?
Well for instance,
you can export a copy of the data
outside the country territory
to an extraterritorial
space of an embassy.
Today, we have those data embassies
that are holding the most critical
digital assets of Estonia,
guaranteeing continuity of operations,
protection of our data,
and most importantly, our sovereignty.
Even in case of a physical attack
on our territory.
Some of you might be thinking by now:
Where are the downsides?
Well, going all digital
is administratively, and let’s be honest,
financially more efficient.
Interfacing primarily
with computer systems
might create an impression
that the human factor,
elected politicians
and participating in democratic processes
is somehow less important.
And there are also some people
who feel threatened
by pervasive technology
that might make their skills obsolete.
So all in all, unfortunately,
running a country on a digital platform
has not saved us
from political power struggles
and polarization in the society,
as we have seen in the last elections.
Well, until there are humans involved.
One last question.
If everything is location-independent
and I can access all of the services
from anywhere in the world,
why cannot others
tap into some of these services,
even if they don’t reside
within Estonian borders?
Five years ago,
we launched a governmental start-up
called e-Residency program
that for today joins
tens of thousands of people.
These are businessmen and women
from 136 different countries,
who establish their
businesses digitally,
who do their banking online,
and who run their companies
virtually over e-Estonia platform,
within European Union legal framework,
using an e-identity card similar to mine
and all of that
from anywhere in the world.
The Estonian system
is location-independent
and user-centric.
It prioritizes inclusiveness,
openness and reliability.
It puts security
and transparency at its center.
And the data into the hands
of the rightful owner,
the person they refer to.
Don’t take my word for it.
Try it.
Thank you.
(Applause)