In three decades since regaining independence from the Soviet Union, Estonia has taken government from “click here” to one-click to, in some cases, zero-click operation. Citizens can file their national taxes online in minutes, zip through signing up for services without dealing with paper forms, and even vote online thanks to digital identities created for them within minutes of their birth.
But while this experiment in digital citizenship offers useful lessons for larger countries than this Baltic state of 1.3 million, one of the biggest may be: Don’t try this at home.
Estonian officials made two points over and over during a press trip to their country that I took in mid-August, with the country’s government covering most of the cost: This e-government journey made sense for a nation of its size, but bigger and more complex countries should not assume they could take the same path. Or as President Kersti Kaljulaid said in one meeting with participants: “Copy nobody in this digital transformation.”
Minimum viable e-government
Estonia’s first distinguishing factor was starting anew in 1991 after decades of Soviet occupation as an independent country without legacy legal systems worth maintaining, but also without much money.
“We had to make the rules from scratch,” said Prime Minister Kaja Kallas in another meeting during the trip.
The first service the government tried to digitize—the minimum viable product of this transformation—was taxes. Letting citizens inspect and correct tax returns online with their own information already incorporated made this faster for both the state and taxpayers.
“Tax attorneys are out of a job here because, of course, one reason is that our tax system is very simple, but the other reason is that it is very transparent, and all is prefilled by the state,” Kallas said.
But supporting these exchanges of data between public and private sectors also led the government to create and issue smart-card digital IDs to ease the required authentication. At first, Kaljulaid said, people saw few uses for these IDs. That changed when the government opened this identity system to private firms for verifying new customers: “They didn’t only have to sign in twice or three times a year when they had to communicate with government,” she said.
These IDs are now available not just as smart cards but as digital and mobile IDs. Citizens can use them for digital signatures and even to vote online—an option introduced in 2005, and which 44% of Estonians used in 2019.
(When I attempted to explain to our hosts what my own experience as a poll worker in Virginia taught me about the importance of paper ballots, they seemed a little amused at our devotion to analog rituals.)
Threats and transparency
Estonia’s digital infrastructure saw its most serious challenge in 2007, when Russian hackers broke into numerous systems and caused extensive disruption. The digital ID system has seen more recent attacks, including a breach this summer of some 300,000 document photos and a vulnerability found in the circuitry of physical ID cards in 2017 that required blocking the digital certificates of about 760,000 of them.
The government has reacted by pushing information-security research and development—and by moving to secure government databases against tampering with what it calls the world’s first implementation of blockchain technology.
This KSI (Keyless Signature Infrastructure) Blockchain, launched in September 2008, is not an open network of nodes like the ones that power cryptocurrencies; instead, it’s a private, “permissioned network” under government control.
Luukas Ilves, head of strategy at Guardtime, the Tallinn firm that developed this system, wrote in an email, “The blockchain generates tokens that provide proof of signing time, data, and entity. The ledger grows at one hash value per second, or around 2GB per year.” An “X-Road” interoperability layer allows for federated government databases to talk to each other and for private companies to request data as needed.
One goal of this system is to ensure nobody has to enter a data point more than once. As government CIO Siim Sikkut said in another meeting: “Whatever happens in your life [is] one interaction unless you want it differently.”
And increasingly, the government has aimed to make its services automatic for citizens—for example, generating digital IDs for newborns once the birth is recorded and then providing child-support funding without further citizen action.
Trusting and verifying
The unalterable log this system generates allows for citizen oversight, as Kaljulaid explained when I asked how Estonians with a living memory of KGB surveillance could trust this much government data processing when Germans with a living memory of Stasi surveillance remain exceptionally wary about privacy.
“Our government promised a few things when it started to create digital Estonia,” she said. “And this was, it will not use my data without my permission, and it will not use my data without my knowledge.”
Estonians can trust but verify by seeing exactly who has accessed their data—and taking the case to court if necessary.
“Estonians quickly learned that government takes this data protection very seriously,” Kaljulaid said. “Estonian citizens, I believe, have less faith, indeed, in the government’s behavior, but the government has made it transparent to citizens.”
(She did not address law-enforcement or national-security investigations; Ilves wrote that Estonia maintains a separate database for covert surveillance that courts can inspect “to ensure proper oversight.”)
Government officials on the trip often emphasized how the state benefited from trust earned over 20 years of competent e-government. That’s allowed it to implement such security enhancements as replacing the PINs used to secure those smart cards against theft with fingerprint biometrics, as required by a European Union mandate.
When pressed, they also admitted that starting this project from scratch would be, as Kallas put it, “definitely more difficult” given today’s heightened anxiety over technology’s impact on privacy. She did not address how government-wary citizens in other countries might view officials taking a “we already know” attitude toward their data, but it’s easy to imagine a U.S. reaction: Cue the shrieking violins.
Probably not suitable for export
U.S. observers separately pronounced themselves impressed by parts of Estonia’s approach and wary of wider applications of it.
Kevin Werbach, a professor at the University of Pennsylvania’s Wharton School and a tech-policy veteran since the Clinton administration, endorsed the idea of using blockchain frameworks to preserve citizen privacy. “A blockchain decouples sharing of data from ownership,” he wrote in an email. “If I need to verify you have a valid driver’s license or a COVID-19 vaccination, I can get a secure confirmation from the government agencies without revealing anything else about you.”
He did not need to draw the contrast between our current habit of letting private companies hoard vast amounts of personal data—often with catastrophic results, although Estonia’s system also allows private companies to retain data provided via X-Road as set out in individual contracts. Werbach did, however, note the limited relevance of Estonia’s example to much larger and more complex countries such as the U.S.: “Examples from small nations without major legacy platforms can be inspirational, but that’s about it.”
Jeremy Epstein, a computer scientist at the National Science Foundation who has spent years researching voting security, credited Estonia for making voting more resistant to intimidation by letting online voters change ballots as often as they want before digital polls close (when the system cryptographically shuffles ballots to preserve their secrecy).
But he warned that the country had failed to document fully such components as the voting apps voters must use on their own machines, a key target for malware. “They aren’t nearly as transparent as they make it sound,” he said.
He also noted that by not just issuing but requiring universal digital IDs—think of the Global Entry or Clear options for frequent travelers, but mandatory from birth—Tallinn had gone far beyond what would fly in Washington, D.C.
Waldo Jaquith, a government technologist and a fellow at Georgetown University’s Beeck Center, wrote in an email that “any national identity system should learn from Estonia’s successes” but ruled out building one here.
“We have a federated identity system here, preferring to leave identity tracking to the states,” he wrote. We just need—as he wrote in an August 19 piece for the Federal Reserve Bank of San Francisco’s Community Development Innovation Review—to make it easier for the feds to verify people’s identities from those state systems to stop fraud and speed benefits delivery.
Not having to provide so many personal data points every time you interact with a government office would represent an upgrade. But so would picking up on Estonia’s 1.0 e-government release of a tax-prep system that didn’t require citizens to spend hours using for-free apps to fill in numbers that the government already knows. And yet you can count on U.S. politicians to block any such advance in the name of rugged individualism against the government.