The Evolution of the EstonianDigital EcosystemOpportunities and Challenges of E-Governance

Andres KüttInformation System Authority, chief architect

June 9, 2015

Agenda today

Framing the discussion, not defining it

• What does Estonian digital infrastructure consist of?• How we think about our solutions• What solutions exist and why

• Holistic view of the digital government• Estonian digital enablers and where do they come from?

• Trust & cooperation between stakeholders• Ubiquitous electronic identity• “Breathing room“• Critical competences

• Conclusion

How we developed our solutions is moreinteresting than the solutions themselves

Solutions to complex problems are usually much harder to transplantthan the ways of approaching them

We should talk about digital-embracinggovernment, not e-government

E-government implies a separation between the “e“ and the governmentwhile the point is to embed digital into all aspects of governance

Estonian digital infrastructure

Agency Agency AgencyAgency

Electronic identity

Citizens/Officials/Enterprises

Delivery channels

Integration

Infrastructure

Fina

nce

and

port

folio

man

agem

ent

Info

rmat

ion

secu

rity

Information System Registry

Electronic identity

• Implemented using PKI, CA service provided externally

• The certificates live on a chip (smart card or SIM)

• Digital signature legally equivalent to a physical one

• Depends on the personal id-code of the citizen for much of theusefulness, the chip does not contain much

• A bank-driven federated identification scheme widely adopted bystakeholders

Channels

• Central service portal eesti.ee with 800+ services accessible• Relies on services from the next layer• In addition, hundreds of direct contact points with authorities

• Main challenges• simultaneously maintaining service ownership and centralcoordination

• making people think in terms of customers

• No central UI/UX guidelines although a recommended web sitetemplate exists

• Mobile is very small but growing

Integration

• Distributed service bus called x-road• all communication happens peer to peer• no central authority with access to traffic• no central development/operations bottleneck

• x-road provides standardised• channel crypto• access/identity control• service discovery• audit logging• protocol support

• Massive deployment, 1000+ usable services

• Constantly developed, version 6 getting ready to roll

• De facto enables once-only and privacy policies

Infrastructure

• Being expanded aggressively• currently mainly consolidated network access• government cloud in the works• PaaS as a vision

• Government cloud is a combination of• private cloud• public cloud• data embassies

• Security and service availability major drivers: we no longer can runthis country without e-services

• Scalability and cost are also becoming an issue

Holistic view of the digitalgovernment

The described model is lacking

No technical solution exists in a vacuum

• A democracy needs different tools from a theocracy

• Structure of the government and the legislation has a strong impact

• What registries and other systems exist in a legal sense?

• What are the physical constraints?

How to build a governance model encompassing allof these aspects while making technical sense?

Enterprise Architecture view of the government

Business architecture

Organisational architecture

Functional architecture

Technical architecture

Physical architecture

Estonian digital enablers andwhere do they come from?

Trust and collaboration between stakeholders

An (externally guaranteed) trust framework between citizens,businesses and the government as well as cooperation

• Information systems involved are too complex to comprehend, thusthe need for explicit trust

• An external (cryptographic or legal) guarantee to the trust helpsavoid trust erosion

• Only wealthy countries can afford not to have that trust: IRS lost$5.2 billion to identity theft in 2013

• Ability to find common ground between engineers, politicians andadministrators but also banks and the government

Ubiquitous electronic identification

On the internet, nobody knows you are a dog• The assurance level of services provided is dependent on theassurance level of the electronic ID

• The British way of using utility bills etc. can only go so far• For simple cases e-mail and password are sufficient• Digital signature requires a PKI-based solution

• Ubiquity stems from people using various e-services on a dailybasis and realising their benefit. It is needed so that

• electronic service can become dominant• the users are acquainted with the risks involved• the users actually find it convenient to use it

”Breathing room”

The players must have the ability and capability to change theiroperating model with reasonable effort

• By definition: if everything is in place, any change would go againstthe well-established rules

• Stability means things happen tomorrow as they do today• Innovation means the exact opposite

• Many of the decisions underpinning our e-government would beimpossible to execute in a well-controlled environment

• Risk management processes alone would be a sufficient deterrent• It is also about mental barriers: what do people have to loose?

• Progress needs a controlled level of chaos

Critical levels of critical competences

Without the following competences, it is not feasible to build ane-government as they are neigh to impossible to outsource

• Ability to procure development• Basically, one must be able to act as a responsible customer• Vendor management is big part of it• Ability to provide input and validate the output

• Ability to procure operations• Operating the service means controlling the data• Weak operations lead to low service levels and loss of trust

• Information/cyber security• Who will work out your electronic identity scheme?• Whose cryptography do you trust and can you make your own?• How do you protect your service?

Sources of these enablers

Where do these enablers stem from in case of Estonia?• Trust & cooperation between stakeholders

• Our independence process• Small society

• Ubiquitous electronic identity• Tiger Leap & Look@World projects• Banks pushing for electronic channels

• “Breathing room“• Simple ineptitude• Nordic cynicism and practical mindset

• Critical competences• Soviet STEM-oriented education system• Local banks relying on local “intelligent amateurs“

Conclusion

Main conclusions from Estonian experience

• “Digital“ rather than “e“-government• it must not be a separate thing on top of “usual“ practices andprocesses

• technology is only as useful as the business change it drives

• Holistic approach is required to• understand success and failure• drive change

• Benefits stem from the ecosystem not from individual systems• Building a website is simple, getting people to use it is not• For traction, all stakeholders must benefit

Thank you!Andres Küttandres.kutt@ria.ee