Slashdot Mirror

← Back to Stories (view on slashdot.org)

No More Paperwork: Estonia Edges Toward Digital Government (apnews.com)

Posted by msmash on from the marching-forward dept.

In the Estonian capital of Tallinn, three-day-old Oskar Lunde sleeps soundly in his hospital cot, snuggled into a lime green blanket decorated with red butterflies. Across the room, his father turns on a laptop. "Now we will register our child," Andrejs Lunde says with gravity as he inserts his ID card into the card reader. His wife, Olga, looks on proudly. And just like that, Oskar is Estonia's newest citizen. No paper. No fuss. From a report: This Baltic nation of 1.3 million people is engaged in an ambitious project to make government administration completely digital to reduce bureaucracy, increase transparency and boost economic growth. As more countries shift their services online, Estonia's experiment offers a glimpse of how interacting with the state might be for future generations. Need a prescription? It's online. Need someone at City Hall? No lines there -- or even at the Department of Motor Vehicles! On the school front, parents can see whether their children's homework was done on time.

Estonia has created one platform that supports electronic authentication and digital signatures to enable paperless communications across both the private and public sectors. There are still a few things that you can't do electronically in Estonia: marry, divorce or transfer property -- and that's only because the government has decided it was important to turn up in person for some big life events. This spring, government aims to go even further. If Oskar had been born a few months later, he would have been registered automatically, with his parents receiving an email welcoming him into the nation.

15 of 93 comments (clear)

  1. How convenient by quonset · · Score: 4, Insightful

    When I need information it's now one-stop shopping in Estonia. All the people's information in one convenient place. No muss, no fuss, Hack once and live a lifetime.

    BTW, what happens when, not if, Russia decides that uppity former republic needs to be taught a lesson? We've seen what they're trying to do in the Ukraine. Imagine a country with a population less than the city of Philadelphia being taken down when nothing works because somehow, mysteriously, large amounts of data are lost or corrupted.

    What's that saying about putting all your eggs in one basket?

    1. Re:How convenient by MobaHup · · Score: 5, Informative

      The data *isn't* kept in one convenient place. On the contrary. Each government agency only keeps data relevant to them. If they need information about, for instance, someone's company's mailing address, then they can request it -- straight from the agency that deals with this information -- over X-Road, a sort of secure intranet/SOA hub. Each agency publishes a set of SOAP services (with various access restrictions) to make use of the information they maintain, and other agencies can securely and directly access these services. Access from/by each agency is protected by standardised security servers that take care of encrypting, validating and logging the data. If a hacker gets access to, say, the local DMV, then they would only have access to DMV's information and could make some individual requests that other agencies allow DMV to make -- no more.

    2. Re:How convenient by Freischutz · · Score: 2

      When I need information it's now one-stop shopping in Estonia. All the people's information in one convenient place. No muss, no fuss, Hack once and live a lifetime. BTW, what happens when, not if, Russia decides that uppity former republic needs to be taught a lesson? We've seen what they're trying to do in the Ukraine. Imagine a country with a population less than the city of Philadelphia being taken down when nothing works because somehow, mysteriously, large amounts of data are lost or corrupted. What's that saying about putting all your eggs in one basket?

      Estonia is a NATO member and an EU member and Britain and Germany have deployed forces in the Baltic nations. They are safe.

      Those are token forces. Unless the Estonian, Latvian, and Lithuanian armies are able to deal with massive armour and airborne invasions and delay the Russians for a significant amount of time while NATO forces deploy to the theatre the Russians can overrun those countries in hours and judging from what I've seen in terms of training of Baltic forces by NATO that seems to be the strategy. Once the Ivans are occupying them these countries will become another frozen conflict like the E-Ukraine or those disputed territories in Georgia ... unless the Russians decides to annex Estonia, Latvia, and Lithuania to 'protect' the inhabitants. After that it becomes a question of whether NATO is willing to put up rather large armoured invasion force to liberate these countries. To that purpose they must first deal with a massive Russian SAM and fighter umbrella and judging from what Trump has been saying I'd be sceptical the US would ever agree to it and they'd be the ones who'd have to provide a large part of the air defence suppression assets in particular (read: cruise missiles and stealth bombers). As for the internet, I suppose the Russians would cause some damage in the event of an war, probably quite a lot, but I don't think it would be win-the-war-in-six-hours type damage and I'd also be surprised if there aren't plans to isolate Russia from the ROW internet by a button press in the event of a war.

    3. Re:How convenient by MobaHup · · Score: 5, Informative

      It's transported over regular (and/or government-only) Internet strictly over TLS with known certificates, but the reference security implementation (software as well as hardware) is provided by the government. Basically, each agency only needs to implement the services and make them available for the security server, which takes care of publishing the service, validation, encryption, logging -- all the tricky and sensitive stuff. The common security solution is of course developed and maintained by competent people. But even if case that gets hacked, then the communication relies on public key cryptography, and the private keys of the security servers themselves are generated and stored in hardware, which is never accessible from server software.

    4. Re:How convenient by 110010001000 · · Score: 2

      Baloney. Anytime you put information on a network it can be accessed.

      "The common security solution is of course developed and maintained by competent people"

      Right.

    5. Re:How convenient by Kjella · · Score: 3, Interesting

      When I need information it's now one-stop shopping in Estonia. All the people's information in one convenient place. No muss, no fuss, Hack once and live a lifetime.

      Actually the reason identity theft is such a big deal in the US is because having the information is generally sufficient. If I doxed myself here in Norway you could certainly do a lot of annoying things, but you'd find that for anything of real importance you'd either have to use an electronic signature or show up in person. Just having my person number (DOB + sex marker + unique counter), name, address etc. doesn't really get you very far. And while all my data is connected through the same unique identifier they're still kept by many different branches of government, you might say one common login gives access to everything but what happens in other nations? Surely there must be some level of standardization that DOB + SSN + whatever = ID. Unless you're going for the "the only way to win is not to play" solution by physically standing in line at a government office for everything.

      Imagine a country with a population less than the city of Philadelphia being taken down when nothing works because somehow, mysteriously, large amounts of data are lost or corrupted.

      Nobody's back end system is paper based anymore. Sure you might say that by exposing it over the Internet you're adding additional threats but the real high level hacks are often still an inside job or targeting the employees. We've had online banking here now for a couple decades, I've still not heard of anyone hacking their way to the core bank systems through the client, it's such an obvious way into the system that the protocol is completely locked down. It could make denial-of-service easier, but you still have to consider a power failure or an idiot with a backhoe and work on contingencies anyway. And don't forget how much else depends on the Internet these days, if it stops tons of B2C and B2B solutions won't work. It's not just the government's problem.

      --
      Live today, because you never know what tomorrow brings
    6. Re:How convenient by dunkelfalke · · Score: 2

      There is simply zero reason to invade since the Baltic states are already in the NATO.
      Ukraine and Georgia both wanted to, but cannot anymore since the NATO statutes indirectly prevent countries with unresolved territorial conflicts from joining.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    7. Re:How convenient by szabo.m.peter · · Score: 2

      I don't know...

      Putting data on a private network, with TLS, with known certificates (i.e. no easy man-in-the-middle), and then putting further encrypted data on it with private/public encryption sounds pretty solid to me... Certainly more dependable than some corporations I've seen.

      Also, AFAIK Estonia has a longer track-record of doing this, gradually adding more-and-more functionality to an existing system.

      What happens in case of a wide scale denial of service is an interesting question. Probably they have thought about this. As we depend on network infrastructure more-and-mode with our economies, I think generally all countries should be prepared for such an event.

    8. Re: How convenient by mardu · · Score: 2

      Estonia had the luck of having no legacy regulations and basically no huge legacy databases when we regained our independence after the Soviet occupation. Everything had to be built from the ground up so it was easy to use new technology and ambitious ideas.

    9. Re:How convenient by Kjella · · Score: 3, Interesting

      Those are token forces. Unless the Estonian, Latvian, and Lithuanian armies are able to deal with massive armour and airborne invasions and delay the Russians for a significant amount of time while NATO forces deploy to the theatre the Russians can overrun those countries in hours and judging from what I've seen in terms of training of Baltic forces by NATO that seems to be the strategy.

      They're token forces in military terms, but not in political terms. Pretty much all the front line troops are there to escalate it to a proper war and invoke Article 5, there's no country in Europe that can defeat Russia alone. And while the US might drag their feet on becoming involved in another overseas war no country in Europe is going to let Russia go on a Hitler-like series of annexations. They can take the Baltics, but then WW3 has begun.

      --
      Live today, because you never know what tomorrow brings
  2. Re:Ivan brings frost piss! by Hognoxious · · Score: 2

    No, it's that place Dilbert keeps visiting. Their economy is 100% based on mud.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  3. Governance is the bottleneck by wisse · · Score: 2

    It sounds really simple: all information in one place, you own your own information (including your health information). And techniscally it *is* simple. But the governance can be made so complicated that no other country has pulled this off yet. Getting all your national institutes to work together on one digital government is no small feat.

  4. Re:First post from Tallinn, Estonia by Applehu+Akbar · · Score: 3, Interesting

    ...and thumbs down on where this country is going.

    In a backward and paper-based country, a cyberattack that disables things properly will hurt. Over here, it will cripple.

    But at the same time, online access to government offices is a huge time saver. When people get it, they don't want to go back, any more than we would want to go back to having to schedule a library visit to look up any kind of reference information.

    We can't avoid having to fix the online security problem.

  5. Re:Ivan brings frost piss! by szabo.m.peter · · Score: 2

    That is Elbonia.

    Other than its climate, Estonia is a pretty nice place...

  6. Estonia's System Is Unique and Interesting by organgtool · · Score: 4, Informative

    There are a lot of comments here talking about hacking government servers and getting everyone's data. This is based on a misunderstanding of the Estonian digital record system. I've read several articles about it and if I understand it correctly, the system is more of an authentication system and records interface. Your data isn't stored on a single set of government servers - instead, public and private entities store their information about you on their own servers and are required to use the government's digital authentication system for access. The records are required to have access control layers so that citizens can control which people have access to their records. I believe there is also a required interface for presenting history data so that a citizen can see all attempted access to their records. It's a very interesting and pragmatic approach and it'll be something that people should watch closely and learn from.