Australia’s new prime minister, Malcolm Turnbull, has announced what he calls a “21st century government”. This article is part of The Conversation’s series focusing on what such a government should look like.
Tucked up in the north east of Europe against the Russian border is the Republic of Estonia. Geographically it is one of the Baltic states with Latvia and Lithuania, but its cultural heritage is strongly Nordic, influenced by Norway, Sweden and Finland over many centuries.
It is a beautiful country of forests, lakes and islands, about half the size of Tasmania, with a population of 1.3 million, of whom 70% are Estonian and 25% are Russian. But it is also a remarkable example of a how to do e-government right, and there are lessons for countries like Australia.
Estonia gained independence from the Soviet Union in 1991 and has since set about making its mark as a digital-rich economy. But to understand the Estonia digital story, you need to dig deeper than the statistics reported by the European Union, the OECD and others.
The best known technology success story coming out of Estonia is Skype, built on the same technology platform as music-sharing application Kazaa by Estonian software engineers, and now owned by Microsoft.
It is far from the only example. Others include foreign exchange platform Transferwise and the Uber-like taxi ordering service, Taxify. More than €80 million was invested in start-ups in Estonia in 2014, of which around 15% of new investment was in the information technology sector.
Electronic government is also booming, with 38% of individuals interacting with government services almost entirely online. This includes 95% of 2013 tax declarations being filed online, and 100% of general practitioners use digital prescriptions.
Can you imagine collecting a prescription from any pharmacy without any paperwork in Australia?
Electronic voting also accounted for more than 30% of all votes cast in the 2015 parliamentary elections.
So why is Estonia recognised as such a leader, especially in government services?
Following independence from the Soviet Union, the Tiigrihüpe (Tiger’s Leap) policy was proposed, coming into effect in 1997, to invest heavily in computer and network infrastructure and information technology literacy.
There were several favourable conditions. The post-Soviet government ministers were young (average age 35 years) and recognised the need for innovation to kick-start a country with few natural resources. There was little in the way of significant legacy in either paper-based administration or disparate computerised systems to hold them back.
There was also the Institute of Cybernetics, now at the Tallinn University of Technology, one of the earliest centres of computer science under the Soviet Academy of Sciences, established in 1960. This provided a significant body of expertise in computer systems and especially security.
According to Siim Sikkut, Digital Policy Adviser to the Estonian government, the decision to go hard into digital, with a focus on education and e-government, was made in 1996:
That meant developing technologies for a secure digital, paperless government, and educating not just children but all members of society. One of our first actions was to network schools, but Tiigrihüpe was always going to be the start of something bigger.
One of the big surprises in the Estonian cabinet room in the sumptuous Stenbock House is the lack of paper. The government gazette hasn’t been printed in book form since 2011.
Estonia runs a paperless e-government where ministers bring their iPads to cabinet meetings.
Critical to the take-up of digital government is that services are optimised for online engagement. It is no good taking a paper-based process and translating it into an online form of data entry. Estonia’s government services are designed to be online.
In fact, Estonia’s processes are so streamlined for online delivery that Siim claims they couldn’t revert to a paper process even if they wanted to. It is estimated that digital signatures alone deliver a 2% GDP saving compared to paper-based systems.
You own your own personal data
Australia follows the common road when it comes to personal information and privacy. Our legislative framework makes the assumption that government and private agencies collect personal information in order to provide services.
We are informed through privacy policies about why our personal information is being collected, how it will be used and how we can apply to see that information. In the process, we give up ownership and control.
If I want to know what an agency knows about me, the common experience is a bureaucratic nightmare through Freedom of Information processes.
As a society, we are generally distrustful of our government and provide personal information only grudgingly. This is quite strange. Why do we trust a foreign company like Facebook with our personal information, yet we don’t trust our own government?
Estonia takes a very different approach: you own your personal data. Any agency, whether government or private, needs access to certain private information in order to provide a service. It’s your data, so you don’t give it away. Rather, you provide access, and you can always see and control how that access is used.
If your records are accessed by anyone, then you, the owner of the data, are informed through a secure access record. You have the right to query any access transaction, and the individual responsible has a month to respond. It is illegal to view someone’s data without appropriate reasons. Penalties include prison terms.
Some data is always publicly available. This includes business registrations and property ownership. The Tax and Customs Board also has legal authority to access company bank accounts. These disclosure measures support accountability and reduce the occurrence of inadvertent oversights (and deliberate fraud behaviours) of business and public officials.
The technology behind the Estonian approach to personal data is X-Road, a secure data-sharing layer accessible through the internet and developed by Cybernetica AS, the privatised spin-off of the Institute of Cybernetics.
Different government agencies and some private companies, including banks and health providers, connect their databases to the X-Road backbone. These agencies are responsible for managing the integrity and security of their own database, but the only way to associate personal information is with the population database through X-Road, which means that all access to personal records is logged. Logs are secured using block-chain crypto-technology (similar to bitcoin) developed by another local technology company, Guardtime.
This integrated solution provides robust security not only against privacy breaches targeting individuals, but also against larger attacks. In 2007 a large scale denial-of-service attack which would have brought any other government information system to its knees was thwarted relatively easily thanks to the X-Road architecture.
Access is secured through the Estonian identity card, which incorporates a contact SIM for digital service authentication. Identity can also be built into a mobile phone SIM to support smartphone identity authentication.
Beyond Estonia’s borders
While the X-Road system is being exported, starting with close neighbour Finland, Estonia is looking to expand its role in the world.
In late 2014, Estonia introduced a new innovation: e-Residency. Foreign nationals are now able to apply for a digital identity in Estonia. A secure smart card supports a biometrically validated digital signature, recognised throughout Europe, and provides access to X-Road.
Want a European bank account? Your digital identity authenticates you with the bank and provides access. Want to open a business in Europe? Register in Estonia, online, in 18 minutes, using your digital identity. Just be sure to get the best possible tax advice first. At least, that’s the claim.
The latest Estonian e-government concept is the data embassy. Despite membership of the European Union and the presence of NATO, the Baltic states continue to perceive the existential threat of a Russian invasion, with ongoing tension across the border such as the detention of Eston Kohver in September 2014.
Estonia is preparing to back up its entire digital government in multiple data centres worldwide, including in Australia. Under a worst-case outcome, this would ensure that the Estonian government could continue to function in exile.
I spent three weeks in Estonia in July with a group of Honours and PhD students studying cyber-security and Estonia’s digital economy. One evening we met with the Prime Minister, 35-year-old Taavi Rõivas. He had time to come and talk with us, he explained, because he was able to read and sign official documents using his smart phone as he walked across from his office.
Imagine any other country, anywhere, with a government as efficient as that.