Kate's Comment

Thoughts on British ICT, energy & environment, cloud computing and security from Memset's MD

Estonia: the e-government exemplar we should emulate

I have spent the last few days in Estonia. I originally went out for the European Cloud Partnership steering board, but stayed on for the Friends of Estonia exhibition/conference. The President of Estonia was our host and we got to meet their Prime Minister too which was fun!

We were told about the Estonian electronic government systems, and I have been truly impressed. In 1994 when they gained independence from Russia they had to build a country’s systems practically from scratch, but they had little money. Fortuitously the old Soviet cybernetics division had been in Estonia and most of the scientists stayed. This wealth of expertise combined with a minimalist bureaucracy (again, thanks to being relatively poor) has allowed them to truly embrace the digital era.

The lynch pin was their government-issued citizen authentication system; used for both private individuals and civil servants. In the UK we are terribly suspicious about anything that might resemble the dreaded “ID card”, but this is completely irrational and holds us back. In Britain we happily give over our most private information to Facebook and Google, often without even knowing it, and now we know that the NSA has been watching all along! Yet, we do not trust our own government to allow us to prove who we are without sending copies of passports and utility bills around? Madness!

The next very clever thing they did was to create a standardised Enterprise Service Bus for government services, into which private and public organisations could connect. This means that they don’t have all their eggs in one basket but can instead use a federated model with multiple service providers.

The first big win for the Estonian citizens with the mandated e-authentication system, which uses 2048 bit RSA encryption and a two-PIN system, was e-tax. They can do their tax returns online and in 5 minutes. They get their tax rebates just 5 days later! The system can also be used by the private sector too, not just government, which makes business much more convenient for all parties concerned.

They have functional e-prescriptions too. Now that they are linking their systems with Finland, when a Fin comes to Estonia and gets drunk, loses their prescription for heart medication or whatever, they can just present their e-ID to an Estonian pharmacy and get their medication.

Other innovations include: Secure online private voting, which has greatly helped with issues around political manipulation (it is hard for the mafia to hold a gun to your head in the polling station when you’re actually at home; a fully digital land registry since 2007 (no stupid paper records); and soon they will be ensuring every home has at least 100Mbps Internet connectivity by 2015, even in the countryside.

Estonia has been ranked the number 1 country in world for Internet freedom 3 years in a row now, and with good reason! When the ITU had their big conflab at which they wanted to impose regulations on the Internet, it was Estonia and the US that fought it. I am deeply ashamed that Britain was on the other side of the argument.

However, the really clever thing they have done is ensured that the citizens own their own data, and can see exactly how and where it is used. They also mandate that whenever citizen data is used for analytics it is anonymised. Two examples:

First, one of the presenters logged in to his account with the service and showed us the access log to his personal details. There was an entry for when the police had looked him up a couple of weeks ago. He was not aware of why this was originally, so he asked them. He was told that a squad car had been behind him in traffic and they checked his number plate as part of their routine to verify that he was the registered owner (it provides them with a picture too). The process was completely transparent.

For aggregated data, he was able to show us the average earnings of each class of government employee! The individuals were not shown, but he was able to see and show us what the senior civil servants in Estonia earn, on average.

If we truly want to embrace cloud in the UK, and enjoy the benefits e-government without having to keep all the crappy old manual/paper based systems running, then the government should grow a pair and mandate government-backed, secure electronic citizen authentication.