No More Paperwork: Estonia Edges Toward Digital Government

In the Estonian capital of Tallinn, three-day-old Oskar Lunde sleeps soundly in his hospital cot, snuggled into a lime green blanket decorated with red butterflies. Across the room, his father turns on a laptop. "Now we will register our child," Andrejs Lunde says with gravity as he inserts his ID card into the card reader. His wife, Olga, looks on proudly. And just like that, Oskar is Estonia's newest citizen. No paper. No fuss. From a report: This Baltic nation of 1.3 million people is engaged in an ambitious project to make government administration completely digital to reduce bureaucracy, increase transparency and boost economic growth. As more countries shift their services online, Estonia's experiment offers a glimpse of how interacting with the state might be for future generations. Need a prescription? It's online. Need someone at City Hall? No lines there -- or even at the Department of Motor Vehicles! On the school front, parents can see whether their children's homework was done on time.

Estonia has created one platform that supports electronic authentication and digital signatures to enable paperless communications across both the private and public sectors. There are still a few things that you can't do electronically in Estonia: marry, divorce or transfer property -- and that's only because the government has decided it was important to turn up in person for some big life events. This spring, government aims to go even further. If Oskar had been born a few months later, he would have been registered automatically, with his parents receiving an email welcoming him into the nation.

Re:How convenient

[MobaHup]

The data *isn't* kept in one convenient place. On the contrary. Each government agency only keeps data relevant to them. If they need information about, for instance, someone's company's mailing address, then they can request it -- straight from the agency that deals with this information -- over X-Road, a sort of secure intranet/SOA hub. Each agency publishes a set of SOAP services (with various access restrictions) to make use of the information they maintain, and other agencies can securely and directly access these services. Access from/by each agency is protected by standardised security servers that take care of encrypting, validating and logging the data. If a hacker gets access to, say, the local DMV, then they would only have access to DMV's information and could make some individual requests that other agencies allow DMV to make -- no more.

Re:How convenient

[MobaHup]

It's transported over regular (and/or government-only) Internet strictly over TLS with known certificates, but the reference security implementation (software as well as hardware) is provided by the government. Basically, each agency only needs to implement the services and make them available for the security server, which takes care of publishing the service, validation, encryption, logging -- all the tricky and sensitive stuff. The common security solution is of course developed and maintained by competent people. But even if case that gets hacked, then the communication relies on public key cryptography, and the private keys of the security servers themselves are generated and stored in hardware, which is never accessible from server software.

Estonia's System Is Unique and Interesting

[organgtool]

There are a lot of comments here talking about hacking government servers and getting everyone's data. This is based on a misunderstanding of the Estonian digital record system. I've read several articles about it and if I understand it correctly, the system is more of an authentication system and records interface. Your data isn't stored on a single set of government servers - instead, public and private entities store their information about you on their own servers and are required to use the government's digital authentication system for access. The records are required to have access control layers so that citizens can control which people have access to their records. I believe there is also a required interface for presenting history data so that a citizen can see all attempted access to their records. It's a very interesting and pragmatic approach and it'll be something that people should watch closely and learn from.