Estonia has evolved a remarkable digital society. Here we'll explore key aspects of the technical infrastructure behind Estonian digital governance and provide some theories as to why they have emerged.
1. The Evolution of the Estonian
Digital Ecosystem
Opportunities and Challenges of E-Governance
Andres Kütt
Information System Authority, chief architect
June 9, 2015
2. Agenda today
Framing the discussion, not defining it
• What does Estonian digital infrastructure consist of?
• How we think about our solutions
• What solutions exist and why
• Holistic view of the digital government
• Estonian digital enablers and where do they come from?
• Trust & cooperation between stakeholders
• Ubiquitous electronic identity
• “Breathing room“
• Critical competences
• Conclusion
3. How we developed our solutions is more
interesting than the solutions themselves
Solutions to complex problems are usually much harder to transplant
than the ways of approaching them
4. We should talk about digital-embracing
government, not e-government
E-government implies a separation between the “e“ and the government
while the point is to embed digital into all aspects of governance
6. Agency Agency AgencyAgency
Electronic identity
Citizens/Officials/Enterprises
Delivery channels
Integration
Infrastructure
Financeandportfoliomanagement
Informationsecurity
Information System Registry
7. Electronic identity
• Implemented using PKI, CA service provided externally
• The certificates live on a chip (smart card or SIM)
• Digital signature legally equivalent to a physical one
• Depends on the personal id-code of the citizen for much of the
usefulness, the chip does not contain much
• A bank-driven federated identification scheme widely adopted by
stakeholders
8. Channels
• Central service portal eesti.ee with 800+ services accessible
• Relies on services from the next layer
• In addition, hundreds of direct contact points with authorities
• Main challenges
• simultaneously maintaining service ownership and central
coordination
• making people think in terms of customers
• No central UI/UX guidelines although a recommended web site
template exists
• Mobile is very small but growing
9. Integration
• Distributed service bus called x-road
• all communication happens peer to peer
• no central authority with access to traffic
• no central development/operations bottleneck
• x-road provides standardised
• channel crypto
• access/identity control
• service discovery
• audit logging
• protocol support
• Massive deployment, 1000+ usable services
• Constantly developed, version 6 getting ready to roll
• De facto enables once-only and privacy policies
10. Infrastructure
• Being expanded aggressively
• currently mainly consolidated network access
• government cloud in the works
• PaaS as a vision
• Government cloud is a combination of
• private cloud
• public cloud
• data embassies
• Security and service availability major drivers: we no longer can run
this country without e-services
• Scalability and cost are also becoming an issue
12. The described model is lacking
No technical solution exists in a vacuum
• A democracy needs different tools from a theocracy
• Structure of the government and the legislation has a strong impact
• What registries and other systems exist in a legal sense?
• What are the physical constraints?
How to build a governance model encompassing all
of these aspects while making technical sense?
13. Enterprise Architecture view of the government
Business architecture
Organisational architecture
Functional architecture
Technical architecture
Physical architecture
15. Trust and collaboration between stakeholders
An (externally guaranteed) trust framework between citizens,
businesses and the government as well as cooperation
• Information systems involved are too complex to comprehend, thus
the need for explicit trust
• An external (cryptographic or legal) guarantee to the trust helps
avoid trust erosion
• Only wealthy countries can afford not to have that trust: IRS lost
$5.2 billion to identity theft in 2013
• Ability to find common ground between engineers, politicians and
administrators but also banks and the government
16. Ubiquitous electronic identification
On the internet, nobody knows you are a dog
• The assurance level of services provided is dependent on the
assurance level of the electronic ID
• The British way of using utility bills etc. can only go so far
• For simple cases e-mail and password are sufficient
• Digital signature requires a PKI-based solution
• Ubiquity stems from people using various e-services on a daily
basis and realising their benefit. It is needed so that
• electronic service can become dominant
• the users are acquainted with the risks involved
• the users actually find it convenient to use it
17. ”Breathing room”
The players must have the ability and capability to change their
operating model with reasonable effort
• By definition: if everything is in place, any change would go against
the well-established rules
• Stability means things happen tomorrow as they do today
• Innovation means the exact opposite
• Many of the decisions underpinning our e-government would be
impossible to execute in a well-controlled environment
• Risk management processes alone would be a sufficient deterrent
• It is also about mental barriers: what do people have to loose?
• Progress needs a controlled level of chaos
18. Critical levels of critical competences
Without the following competences, it is not feasible to build an
e-government as they are neigh to impossible to outsource
• Ability to procure development
• Basically, one must be able to act as a responsible customer
• Vendor management is big part of it
• Ability to provide input and validate the output
• Ability to procure operations
• Operating the service means controlling the data
• Weak operations lead to low service levels and loss of trust
• Information/cyber security
• Who will work out your electronic identity scheme?
• Whose cryptography do you trust and can you make your own?
• How do you protect your service?
19. Sources of these enablers
Where do these enablers stem from in case of Estonia?
• Trust & cooperation between stakeholders
• Our independence process
• Small society
• Ubiquitous electronic identity
• Tiger Leap & Look@World projects
• Banks pushing for electronic channels
• “Breathing room“
• Simple ineptitude
• Nordic cynicism and practical mindset
• Critical competences
• Soviet STEM-oriented education system
• Local banks relying on local “intelligent amateurs“
21. Main conclusions from Estonian experience
• “Digital“ rather than “e“-government
• it must not be a separate thing on top of “usual“ practices and
processes
• technology is only as useful as the business change it drives
• Holistic approach is required to
• understand success and failure
• drive change
• Benefits stem from the ecosystem not from individual systems
• Building a website is simple, getting people to use it is not
• For traction, all stakeholders must benefit