A lesson in public e-policy

By Frederic Filloux
April 15, 2013

Estonia is run like a corporation, but its president believes government must play a crucial role in areas of digital policy such as secure ID.

Toomas Hendrik Ilves must feel one of a kind when he attends international summits. His personal trajectory has nothing in common with the backgrounds of most other heads of state. Born in Stockholm in 1953, where his parents had taken refuge from Soviet Estonia, Ilves was raised mostly in the United States. There, he got a bachelor’s degree in psychology from Columbia University and a master’s degree in the same subject from the University of Pennsylvania.

In 1991, when Estonia became independent, Ilves was in Munich, working as a journalist for Radio Free Europe (he is also fluent in English, German and Latin.) Two years later, he was appointed ambassador to … where else? … the United States. In 2006, a centrist coalition elected him president of the republic of Estonia (1.4 million inhabitants).

One more thing about Ilves, above: he programmed his first computer at the age of 13. A skill that would prove decisive for his country’s fate.

Last week in Paris, Ilves was the keynote speaker at a conference organised by Jouve Group, a French company specialised in digital distribution. The bow-tied Estonian captivated the audience with his straight speech, the polar opposite of the classic politician’s. Here are abstracts from my notes:
“At the [post-independence] time, the country, plagued by corruption, was rather technologically backward. To give an example, the phone system in the capital [Tallinn] dated back to 1938. One of our first key decisions was to go for the latest digital technologies instead of being encumbered by analogue ones. For instance, Finland offered to provide Estonia with much more modern telecommunication switching systems, but still based on analogue technology. We declined, and elected instead to buy the latest digital network equipment”.

Estonia’s ability to build a completely new infrastructure without being dragged down by technologies from the past (and by the old-guard defending it) was essential to the nation’s development. When I later asked him about the main resistance factors he had encountered, he mentioned legacy technologies: “You in France, almost invented the internet with the Minitel. Unfortunately, you were still pushing the Minitel when Mosaic [the first web browser] was invented”. (The videotext-based system was officially retired at last in … 2012. France lost almost a decade by delaying its embrace of internet protocols.)

The other key decision was introducing computers in schools and teaching programming on a large scale. Combined with the hunger for openness in a tiny country emerging from 45 years of Soviet domination, this explains why Estonia has become an energetic tech incubator, nurturing big names like Kazaa and Skype (Skype still maintains its R&D centre in Tallinn.)

“Every municipality in Estonia wanted to be connected to the Internet, even when officials didn’t know what it was … And we played with envy … With neighbours such as Finland or Sweden, the countries of Nokia and Ericsson, we wanted to be like them.”

To further encourage the transition to digital, cities opened internet centres to give access to people who couldn’t afford computers. If, in western Europe, the internet was seen as a prime vector of American imperialism, up in the newly freed Baltic states, it was seen as an instrument of empowerment and access to the world:
“We wanted a take the leap forward and build a modern country from the outset. The first public service we chose to go digital was the tax system. As a result, not only did we eliminate corruption in the tax-collection system – a computer is difficult to bribe – but we increased the amount of money the state collected. We put some incentives in: When filing digitally, you’d get your tax refund within two weeks versus several months with paper. Today, more than 95% of tax returns are filed electronically. And the fact that we got more money overcame most of the resistance in the administration and paved the way for future developments”.

“At some point we decided to give to every citizen a chip-card … In other words, a digital ID card. When I first mentioned this to some Anglo-Saxon government officials, they opposed the classic Big Brother argument. Our belief was, if we really wanted to build a digital nation, the government had to be the guarantor of digital authentication by providing everyone with a secure ID. It’s the government’s responsibility to ensure that someone who connects to an online service is the right person. All was built on the public key/private key encryption system. In Estonia, digital ID is a legal signature. The issue of secure ID is essential, otherwise we’ll end-up stealing from ourselves. Big brother is not the state, Big Brother lies in big data.”

“In Estonia, every citizen owns his or her data and has full access to it. We currently have about 350 major services securely accessible online. A patient never gets a paper prescription, the doctor will load the prescription in the card and the patient can go to any pharmacy. The system will soon be extended to Sweden, Denmark, Finland, Norway, as our citizens travel a lot. In addition, everyone can access their medical records. But they can choose what doctor will see them. I was actually quite surprised when a head of state from southern Europe told me some paper medical records bear the mention “not to be shown to the patient” [I suspect it was France]. As for privacy protection, the ID chip-card works both ways. If a policeman wants to check on your boyfriend outside the boundaries of a legal investigation, the system will flag it – it actually happened.”

As the Estonian president explained, some good decisions also come out of pure serendipity,:
“[In the 90s], Estonia had the will but not all the financial resources to build all the infrastructure it wanted, such as massive centralised data centres. Instead, the choice was to interconnect in the most secure way all the existing government databases. The result has been a highly decentralised network of government servers that prevent most abuses. Again, the citizen can access his health records, his tax records, the DMV [Department of Motor Vehicles], but none of the respective employees can connect to another database”.

The former Soviet Union had the small Baltic state pay a hard price for its freedom. In that respect, I recommend reading CyberWar by Richard Clarke, a former cyber-security adviser in Bill Clinton’s administration, who describes multiple cyber-attacks suffered by Estonia in 2007. These actually helped the country develop skillful specialists in that field. Since 2008, Tallinn harbours NATO’s main cyber-defence center in addition to an EU large-scale IT systems centre.

Ilves stressed the importance of cyber-defence, both at the public- and private-sector level:
“Vulnerability to a cyber attacks must be seen as a complete market failure. It is completely unacceptable for a credit card company to deduct theft from its revenue base, or for a water supply company to invoke cyber attack as a force majeure. It is their responsibility to protect their systems and their customers. … Every company should be aware of this, otherwise we’ll see all our intellectual property ending up in China”.