Horizons Talks: e-Estonia and the future of e-governance in Estonia
The Horizons Talks speaker series brings experts from Canada and around the world to share their forward-looking research and ideas with public servants.
Marten Kaevats, National Digital Advisor at the Government Office of Estonia, and Meelis Kitsing, the Head of Research of the Foresight Center at Estonian Business Schoool, explore e-Estonia, which is the most ambitious global project of technological statecraft ever undertaken by a country. The presenters explore the evolution of e-Estonia, the current state of play, alongside the challenges that lie ahead.
Kristel Van der Elst, Director General of Policy Horizons Canada
Marten Kaevats, National Digital Advisor at the Government Office of Estonia
Meelis Kitsing, Head of Research of the Foresight Center at Estonian Business School
MARTEN KAEVATS: Hello. Yes.
KRISTEL VAN DER ELST: Marten —
MARTEN KAEVATS: So —
KRISTEL VAN DER ELST: Beautiful weather finally in Estonia.
MARTEN KAEVATS: Yeah, yeah, it’s super beautiful. I want to first show you where I am. I’m in the seaside, so yes, it’s super beautiful and the weather is nice.
You in Canada probably understand the nuances of having bad weather also. So in Estonia, we have almost the same. Basically, Tallinn, the capital of Estonia, is pretty much where Churchill is in Canada, so then you might understand about the latitudes and stuff, but at least it’s good.
So hello, everyone. As introduced, my name is Marten Kaevats. I’m the National Digital Advisor for the Government of Estonia. This means that I advise the Estonian prime minister and government on information (inaudible) and innovation. And this is kind of like mentioned in (inaudible) which means that I’m responsible for all sorts of new stuff, passwords that are probably flying around, like, artificial intelligence, self-driving cars, and lots of other stuff.
And my job in it is to kind of first filter out what is important and then work on those subjects, which means two things. It means communicating this to the both — to the bureaucratic system and also to the society at large.
And as already mentioned, Estonia, from looking abroad, I think, has done some things in the history in the digitalization in a right way, I would say, which means that we can actually work with much more interesting stuff.
And by the way, we have a very good contact with Canada. Their former CIO is a good friend, Alex Benay, and then there is lots of public sector connections between Estonia and Canada.
In the world, there is very few countries that we can have a dialogue which actually results in synergy, which means that both sides actually get some intellectual or practical knowledge, and Canada definitely is one of them, being a member of the digital nations, that’s a kind of a group for civil servants of the most advanced digital countries. And Estonia and Canada have very strong connections. So yeah, there is a lot to talk about.
So but I have more or less 25 minutes. I will try to take you on a walk. I’m walking through this very, very nice nature reserve area in Tallinn. And but I’m trying to also explain what is digital Estonia all about and what’s the story of the basics. Afterwards, maybe we can also go into some more advanced stuff, hopefully, and then that you would more or less understand what’s the story and narrative about a digitalization story.
Basically, for Estonia, it’s a long, long history, but go through the basics very quickly.
We regained our independence in 1991. At that point, we were a super-poor country, and from a practical point of view, we didn’t have the financial resources to build a regular paper-based bureaucracy. At the same time, PCs were taking off and basically, the choice to go digital basically was there in the very early beginning mainly because we basically didn’t have any money to build a regular paper-based bureaucracy. Computers offered some gains, and as we were inventing a whole new country from scratch, it kind of helped.
Other things that helped, we actually had competences at that point in time because the Soviet Union opened the Cybernetics Institute here in Tallinn, which was the first place in the Soviet Union behind the iron curtain where people had computers and they did some interesting experiments.
So we had the community of skillful labour at that time as well.
At the time, basically, the procurement money for the computer people didn’t come in from Moscow and those guys basically started working on e-governance.
So what does that mean? Very straightforwardly, there is more or less three fundamental components, and I would argue that those three fundamental components are necessary for any given digital society. It doesn’t matter which kind of ideology they represent or which kind of cultural context.
First step is to have a unique user identifier. For example, my number is 38507150821. That’s like my digital name, and everyone in Estonia has one. That is an engineering issue. You need to have unique identifiers. That’s the very baseline.
On top of a unique identifier, you need to have a strong digital identity. That helps to actually know who is who and this needs to be very, very strong. Because we have in this — are in this interesting political situation, we have — tend to have an aggressive neighbour sometimes, and cyber security is the very key enabler of this whole ecosystem. If you don’t have strong cyber security, competent skills to proceed, and all of the other stuff, then building a digital society is relatively difficult.
So but the main ingredient for these kind of things like, digital identity, probably have something in Canada — I don’t know — the penetration rate of having strong identities, and I don’t know the — how much people actually use it on an everyday basis. I think one of the main differences in Estonia is that people use this digital identity on an everyday basis.
So for example, in this current pandemic situation, I would argue that Estonia came — was one of the bestly-prepared countries to deal with this type of situation because we’re the only country in the world who can vote online. We can collect taxes. We can do decision making. We can — and all the Zooms and everything that the society as a whole (inaudible).
Yes, if people had to stay in home, but we were never in a full lockdown and that we had plenty of space and actually, and spring was coming and people actually enjoyed it.
But these are the very key fundamentals, so all of those basic procedures could go on working also in the pandemic situation.
The fundamental and the key to the Estonian success of the ecosystem actually is the data exchange layer, which is called X-Road. So if you — there is some comments, Marten would — oh, facial recognition. Well, I will comment that on later on.
So the fundamental driver for the success, and especially for the bureaucrats and for the bureaucratic apparatus is actually the data exchange layer, which in Estonia, is called X-Road. So if you are interested more on that topic, just Google X-Road and there is videos, there is some material, some principles. But this, I would argue, is still the most fundamental innovation from the Estonian ecosystem.
X-Road, it would distribute the data exchange layer which basically distributes your personal profile data all across the ecosystem.
An example would be that in 2001, when they implemented an interoperability scheme, like an X-Road, then all of the different systems came with different architectures. They came with different security service, different protocols, whatever. There was a lot of legacy. And the problem to solve was how to put all of those things together so we can build and enable much more services on top of it.
At that point, Estonian engineers from the community of (inaudible) basically, started working on this project, which is a very simple thing, but in order to understand, it’s important to understand the principles behind it.
One of the main principles behind X-Road is a policy principle which is called once-only policy. And this basically means that if you have given any piece of your personal profile to the government, the government should never ask that again.
And the simplified way of explaining it is that you probably all experience some experiences in any given bureaucratic situation when you go to a municipality of federal government in Canada, and then basically every time you — they give you a piece of paper, you fill your name, your address, your birth date, and all of those things. But this is absurd because the government already knows your name, knows your address, knows your birthday, knows all of those things. Why the hell should you (inaudible) them every time fill those things up? That’s kind of like a waste of time and moreover, a lot of mistakes are made in this kind of process.
So from the citizens’ side, a citizen needs to enter a piece of information once and all the other government authorities can use that information.
Second side to this once-only principle, which is critical to the government’s part and also to the cybersecurity part is that if you — basically, its data is stored where it’s generated in and no duplicates are made. This is important because — and for each bit of data, there is always one single source of truth. This basically means that for example, a traffic register in Estonia knows only more or less three things about me. He knows that — knows my unique user identifier, knows that I have a B category driver’s licence, and I own this kind of a Volvo. This — the traffic register never knows my name, never knows my address, my birthday, or all of those things. The population registry knows those things.
And the reason here is that when I want to renew my licence, then the traffic registry for that particular purpose asks the population registry for the latest information of that particular person, and I, as the owner of my data, gives consent to do that in an automatic way.
Why is this important? It is that the boss of the traffic registry is not responsible for knowing my name. People change their names. People move. Okay, the birthday probably doesn’t change that often, but all of those bits and pieces of information tend to move a bit sometimes. Thus, we avoid a lot of mistakes being made. If the traffic registry has a duplicate database, of that, then when, for example, I would move to another place, which people do probably more often than changing their name, then mistakes would be starting to happen.
So basically, it actually simplifies the government’s part quite a bit. If you’re the boss of traffic registry, you know you need to basically keep two pieces of information up to date, who owns which kind of a driver’s licence, and what kind of cars are owned by who. Basically, that’s it. The rest of the information is acquired across the ecosystem.
The second part to the same addenda is actually cybersecurity, because my whole profile information, which I own and in Estonia, is scattered around those various databases. Like, population registry knows my name and other places know other bits and pieces.
If I am a malicious actor and basically, want to hack into the system, then I would more or less need to hack into an Estonian page. Like, if I would hack into the traffic registry, I would not get anything practical out of it. I would only get out of it that some number owns a B category — has a B category driver’s licence and owns a Volvo, for example. I don’t know the address of that person, I don’t know the name, I don’t know anything. In order for this information to become relevant, you need to set it into context and setting it into context means that you basically need more data, more metadata.
In the Estonian context, if I was supposed to be a super malicious (inaudible), then this would mean that I would need to hack into something like at least 150, maybe 200 different databases simultaneously within a microsecond, and that is relatively difficult to do because only at that point, I would receive information and data about me that can be set to the context. You would have different bits and pieces. So basically, this type of an architecture is so-called secure by design. So it, by design and the nature of it, actually simplifies the government of one entity and actually makes the whole system much, much safer.
What else has happened is that when different government authorities start exchanging data between each other, then for the very sake of it, they need to start communicating with each other. So in order to actually exchanging data, they need to understand what kind of data is there, can I utilize for any given service?
So the beginning of this type of an interoperability architecture actually was much, much slower and now, when the basically, the bureaucracy has gotten used to it, we see lots of emergent properties in this, which basically means that the bureaucrats themselves are starting to invent lots and lots and different services that perhaps we couldn’t even imagine.
And I think the main takeaway from the Estonian ecosystem is more or less that technology has got very, very little to do with this digital transformation. The protagonist of this whole scheme is basically still the mindset and culture of people and bureaucrats, in specific, so that we could actually, in order for the — an organization or a government to go through fundamental digital transformation, then it’s not about implementing gadgetry, it’s not about taking a new piece of technology and using it. It’s about actually fundamentally changing the culture of bureaucracy.
So these are a few of the basics that basically Estonia went through already in the 2001. The very important principles that you need to kind of understand is that in Estonia, every citizen is the owner of their information and this year, every citizen will also be in control of their information. So there’s kind of a human-centred governance and ethical way of dealing with data is fundamental and key to the Estonian system.
And second important part is the once-only principle which also, if you Google or look in the internet, there is quite a lot of different material on it. These are the things that are not only piloted or tested in Estonia, but still, there is a lot of practice on it.
Now, on top of this, basically, we can do everything online. For example, probably — I’m 34, I have three children in my family, spent less than 15 minutes in my whole life doing taxes and voting together, because I can do those things online, and that is something that makes my life easier.
I don’t know — I don’t want to know anything about taxes, but I want them to be in order, but if I can do it in a few clicks, it makes my life easier, and this makes a kind of a positive feedback loop in the society in whole, which basically means that if you used any given digital service, and this has actually helped you make your — made your life easier, then — and very importantly, you also haven’t heard anything bad from anybody else, meaning that anybody else had a super bad experience of this particular digital service or anything, then you are more likely to trust this type of service, but also other types of service.
So what Estonia has gone through in the past 25 years is the kind of a (inaudible) cycle which that every once in a while of service and they turned out well and people start to use it. And that’s one of the fundamental differences of many digital societies, is that in Estonia, people actually use it.
And one of the comments also is that because Estonia started with the digital education of the less fortunate, mainly the poor and elderly, already in 1997, then for example, if we look at the turnout rates of internet voting, then — and the age groups, then the young and the elderly vote in a similar way, meaning that in Estonia, I’m hoping — well, the digital divide or something like that, of course, a bit is there, but it’s much — I would argue that it’s smaller than any other places because the digital education already started in a very early beginning. Those people who were, I don’t know, 60 years old in 1997, then probably, they are much older now, but they already at that time started using different digital services.
The key for this ecosystem is building trust on a constant basis. And trust can be made stronger with some digital technologies. For example, in Estonia, we have been experimenting with blockchain technologies since 2008 April. And since 20012 all government information systems log files have been blockchain and every citizen can go to a governmental website and see who has been looking at their data when and why.
This is a function that you can never achieve in a paper-based bureaucracy because in a paper-based system when you basically go to a bureaucratic and office and write your name, your birth date, your address and all of those things, then you — and then the civil servant probably takes the piece of paper and puts it in an archive, you actually never know who actually looks at that data. In Estonia we do. And if any kid of civil servant or a person of authority misuse the kind of powers given to them, they know that there will be consequences, which means that if you kind of — there have been small cases. For example, one police officer checking whether his girlfriend has an affair, using police databases, that person loses their job the very next day, and things like that.
The misuse of data is considered a serious offense in Estonian Civil Service. And everybody knows it, and there’s a built culture of trust around it. So if you do something that you’re not supposed to, there will be a mark somewhere and you will know that you will get caught, basically in a very (inaudible).
This is all the basics. For the end of the talk I would try to explain a bit about the work we’re doing now. It’s already quite in the very — already happening. So basically we are doing quite a lot. We are switching the whole digital architecture in the domain-driven microservices which will enable us to automate roughly, I would argue, 90 or 95 percent of regular routine bureaucracy within the next 10 years. We can do that, making digital services, based on small modules and figuring out an interoperability scheme between those small modules.
We are working on artificial intelligence. For the current state we have 33 (inaudible) applications which are in the public sector which are helping quite a lot. They are saving us a lot of money but also making lots of different governmental functions much much more accessible, easy to use, and automating lots of routine procedures.
So Estonia currently — I don’t know. For the end of the talk I would argue that digitalization has got very little to do with technology. But also I would argue that it has go very little to do with also the money because yes, you need some money to make things happen but, for example, with the (inaudible) of Estonia and AI, government of Estonia currently has, I don’t know, spent roughly about one million euros and we have 33 (inaudible) cases and as much as I understood, the average from last November for other governments is that usually governments tend to spend, like, 10 to 15 million and they have something like 7 to 8 live cases.
So it’s more about actually having a plan and actually having the working interoperability system in the background so that you would actually start sharing data and build a culture of trust around that.
And just for a fun fact, I’m also currently in this COVID situation. I am an advisor to the WHO as well, which means that I’m responsible for — oh, the camera thing goes — I am an advisor to the WHO as well which means that this type of governance architecture built around trust and the (inaudible) databases is something that we are starting to pilot also with the WHO and with the U.N. ecosystem, because in the context of complexity where you have 194 different jurisdictions, cultural identities, I would argue that having a distributed architecture based on open source open standards which is a big thing and an important fundamental for the digital architecture of Estonia, it is also vital to the whole world.
I know that there are some initiatives in Canada also trying to push for a similar type of interoperability around (inaudible) or (inaudible) data governance system but this is something I would also like to learn from you, that what’s the status and where can we help, and so forth.
But it seems that my time has run out. So I’m listening to Meelis’ talk and then I think there is questions and answers later on or however you want to do that.
KRISTEL VAN DER ELST: Thank you so much, Marten. We really appreciate that talk. It was great both to see the beautiful countryside and to follow you on the journey of how E-Estonia came about.
Meelis, would you like to — can we turn this over to you?
MEELIS KITSING: Sure. Thank you. I will share my screen so if you can see also some of the key points and the slides.
And Marten, there are some questions for you in the chat room. Maybe you can also answer some of those questions. There was something about ID card being similar to Chinese facial recognition system and so on. So there are some questions; maybe you like to answer those questions.
KRISTEL VAN DER ELST: So Meelis, I thought we might collect the questions and then I can pose them to both of you at the end.
MEELIS KITSING: Okay, that’s fine. However you want to do that. That’s fine as well.
I am affiliated with the Foresight Centre which is a think tank at the Estonian parliament. And at the same time I also work at the Estonian Business School where I am a professor. And I am going to talk about, a little bit about the scenario — the (inaudible) building exercise we did here in Estonia, and broadly those scenarios are about governance.
But in place (inaudible) obviously (inaudible). So we work in governance scenarios where we also look on the (inaudible) might or might not play out in the future. And something that — you know, why did we do scenarios and why didn’t we do some kind of (inaudible) or why did we take this approach and why did we discuss governance and not just utilization? It’s basically the idea we got notice of (inaudible) somewhat sort of mismatched (inaudible) in some of the public sector reform efforts and the way that the governance has evolved in Estonia. You know, Marten already emphasized a little bit (inaudible) sort of (inaudible) architecture in the case of X-Road and it’s the backbone of Estonian system and so on. However, when you talk to the people who wanted to reform public sector and then primarily it’s about consolidation and (inaudible) and so on.
And the key here is that, you know, how do you get sort of greater cooperation between the different agencies and so on? And are you able to utilize sort of the opportunities by the (inaudible) technologies? And so that were some of the issues.
And another point was that scenarios really are way how to broaden the debate because sometimes the public policy debate is very (inaudible) and it’s about cost cutting, you know. How many officials do you have versus how many you don’t have, and so on. So we thought if we could come up with sort of various alternatives, it helps to broaden the debate.
And essentially we tried to ask the normative question, how could we make governance more efficient, equitable and (inaudible). And the process was actually quite diverse in terms of involving experts as well as key stakeholders which for us is parliament, members of Estonian parliament. You can actually see some of the pictures from our workshops. So we had experts from all the (inaudible) universities from Estonia but also (Inaudible) who actually had a position of Marten before him and who was kind of administrative (inaudible) on this (inaudible) from ICP to (inaudible) these discussions.
And whenever we had some kind of (inaudible) ready or some ideas ready we went and also discussed that with members of parliament in the committees. And in addition to Estonian experts we also had some of the international experts contributing for that. We had Helen Margetts who at that time was running Oxford Internet Institute. We had ( Inaudible) from University of (Inaudible) and (Inaudible) Fountain from Amherst as well as we also benefited a lot from collaboration with some of the top public governance scholars, (Inaudible) Bookhardt (phonetic) from (Inaudible) Young from (inaudible).
So this was basically the products that we — this was our first project finished in 2018 and in order to do scenarios we came up with (inaudible) and one was the question about decentralizations and (inaudible) which is kind of a more internal factor. This is something that Estonia had pretty much decided on its own.
Then we talked about the speed of decision making and that was more analytical and would take a lot of time. Or is it really quick? And this is again up to Estonian administration and then the issue was (inaudible) constraint in the sense that it can be both external as now, because you know, you (inaudible), but expenses of the public sector because of the COVID-19. Or it could be also internal, that people basically decided they — in the government didn’t want to allocate money to a certain extent. For instance in Estonia we have been very prudent fiscally (inaudible) very loud that the GDP rate is around 8 percent which is quite unique in Europe or in the world in general.
And we came up with sort of five scenarios and those scenarios are here. I will just sort of quickly walk through it and emphasize maybe some aspects of this (inaudible).
And first we have the scenario called “Ad-hoc governance” which basically applies centralized decision making very quick decision making but at the same time under quite serious budget constraints which implies if you look at the utilization and you would prioritize some areas. But the overall aim of this scenario is to set costs so you might have standardized solutions but then you would also experiment in some areas with the digital solutions and the development basically would be uneven.
I mean, the second scenario was a night watchman state which is kind of a scenario of minimalist state. You have relatively a centralized government, a very (inaudible) constraint which is kind of self-imposed but at the same time you have great principal decision making, very (inaudible) that some areas are not the government (inaudible) so you have this sort of very much concerned about the risks of government excessive intervention and maybe misusing or overusing data but at the same appreciate the opportunities of digital technologies to save costs.
And the third scenario is the entrepreneurial state where you have actually a relatively relaxed (inaudible) constraint. It’s a centralized system with quick decision making where you actually would not just build up platforms, government platforms, within Estonia but you would also try to expand them globally so it would be more similar to some of the things that maybe Dubai or Singapore have been doing.
For instance, in Estonia there are some people that need residency so we — under this scenario we would see that E-residency would get a very strong push and sort of investments from the government. So in that sense it would be very favourable for the expansion of the (inaudible) service in Estonia would be a kind of global platform basically, offering various sites of solutions, not only for Estonians but also from people outside.
And our scenario is a caretaker state and this scenario basically is also about a relatively centralized government. You have a generous budget constraints in the sense that you have enough money to invest in different solutions, but at the same time the decision making processes are kind of more analytical and here you would focus primarily on the needs of the country. So rather than expanding the overseas — and you kind of think also in terms of public services and all kind of risks might come when actually offer Estonian digital platforms all over the world. And here you would use the data for a lot of sort of preventing policies and but at the same the government would be probably somewhat reluctant to collaborate with big private platforms.
And then the last scenario is a network governance which is different from the previous four because it’s a scenario of sort of decentralized governance. So the previous ones were all kind of centralized but here you have the decentralized governance with relatively sufficient (inaudible) and this really about some very diverse cooperation of solutions. If previous scenarios were very much sort of a (inaudible) utilization of services which actually has been the emphasis in Estonia since the 1990s and this scenario also wants to emphasize digital democracy and participation engagement. And you would have very different sort of diverse models more (inaudible) utilization may be open source and also very diverse sort of digital identification methods and more use of open data.
So I would say that currently the middle of COVID-19 and which scenarios kind of reinforce by COVID-19 I would say that probably it is reinforcing ad-hoc governance because what has happened obviously in the last months is that everywhere that we have more sort of centralized executive branch centric administration, where the parliaments (inaudible) and other stakeholders take a sort of back seat, and then also it’s not very much kind of like network driven and so on, the decision empowerment obviously is not encouraged. Plus you also have a budget constraint which is sort characteristic for this scenario.
So you may have some really cool digital projects emerging from this scenario but at the same time that (inaudible) is not as systemic as maybe under some other scenarios that I highlighted.
So if you have an interest in reading more about those scenarios and they also have been published most recently by this — in this book, “European Perspectives from Public Administration”, it’s open access book available online. And also (inaudible) I can send the slides here as the publication is in English. But on this project I have published over time some of them are behind the (inaudible) but some of them are open access and there are more details about these scenarios.
As a sort of quick conclusion, I also want to say that what I have doe recently is that I have compared our scenarios with some of the other scenarios developed by OECD, E.U., various Finnish organizations, American organizations, Singaporean organizations. And if you do that type of kind of meta analysis and comparisons of scenarios you basically get three types of scenarios where the future might be heading. And (inaudible) correspond quite well to that, even more to the private platform driven ecosystems and you have more governments of public private (inaudible) ecosystems. And then you get more (inaudible) decentralized ecosystems.
And obviously all those meta scenarios have also very different indications and more private platform driven system, small states, such as Estonia have a weaker bargaining power and this sort of private (inaudible) making. You have more to the privatized data which maybe — if the data is the key in this governance ecosystem then you have a difficult (inaudible) access all this data hat you need for development of AI and so on.
However, if you have a kind of big government driven ecosystems then you also start getting all kinds of technology wars and (inaudible) and all other things (inaudible) facts and so on. And you have a danger that larger countries will dominate the smaller ones in this regional ecosystems. And in a decentralized ecosystem which is (inaudible) when the internet came about in the 1990s, it seems now the least likely scenario, you do get some sort of adversity competition sort of robustness from decentralization but you also get the difference of capacities and capabilities to deal with (inaudible)and risks such as cyber secure.
All right. So that was my short presentation. I would be happy to answer any questions that people have with my email that I can obviously (inaudible) as well and if there is more interest you are welcome to read some of that readings that are highlighted where the scenarios have been basically got more details. Thanks a lot.