I recently returned from a trip to Estonia where I spent a week meeting various government departments and technology companies to learn as much as possible about one of the most advanced e-Governments in the world. I was travelling with Tony Moretta and Chris Knight from Digital Jersey, Jason Turner from the States of Jersey Health department (also deputy treasurer) as well as John Morlidge from JT.
We spent our first day at the e-Estonia showroom where we were given an overview of the advanced e-government Estonia has been showing off to the rest of the world, and rightly so.
It is possible to conduct any legal transaction online in Estonia apart from three;
This level of e-government is something that most countries aspire to and it was no surprise to see the walls of the showroom decorated with pictures of leaders and dignitaries from around the globe also keen to learn from a country that has successfully implemented e-government and digital identity.
Estonia has setup an e-Governance academy in which we were able to spend half a day learning from some of the original architects of the Estonian e-government and approach, as well as suppliers of the X-Road and Digital Identity systems. It was beneficial to hear of the various approaches that have been taken for successful export of the concepts and systems to other countries; a staggering 60 countries have been in discussions with the e-Governance academy, all wishing to learn.
Much has been written about the Estonian x-road; the backbone that holds the e-government together. This nation-wide service bus for secure tamper-proof exchange of data over the internet between public sector departments as well as private sector organisations has now stood the test of time, with the x-road being on version 6.
We met a few impressive companies that were instrumental in the original architecture and implementation of x-road, one of which has developed a product based on this concept.
When speaking to technology companies, it was good to hear that it’s rarely a case of “copy & paste” – as expected, application of a pattern however effective, needs to take into account local context of systems. The approach is solid and one that all organisations with a need to have a level of trusted secure integration with external parties should consider.
Number of X-Road hits
As Rome wasn’t built in a day, neither was the Estonian e-Government; starting small but with a blueprint for growth, reaching 600 million hits on the x-road in 2016
p>Estonia is also the first country to offer e-residency. This does not mean traditional citizenship, or confer any rights of residency however, Estonian e-residents now number approximately 18,000. Estonian e-residents have had to have their identity proofed by visiting an Estonian embassy with their passport or other national identity card in order for e-residency to be granted. E-residency is a relatively new concept but today allows citizens who are physically based elsewhere to conduct their business with Estonian organisations, the Estonian government or Estonian citizens themselves. It is even possible to set up a business online if you are an e-resident (I’m told this can take just 17 minutes) and subject to additional due diligence you can even setup a bank account as an e-resident. This provides a really effective option for individuals and businesses wishing to conduct their business within the European Union who are physically based elsewhere (Jersey, Guernsey or even the UK post-Brexit spring to mind!)
The identity card in use by Estonians today could be branded legacy in terms of the need for physical card, and from a technology perspective is relatively dated and static. The general feedback from the identity card providers was the comfort that everyday citizens have from their physical card being in their possession outweighs the risks of data protection and the “big brother” abuse. Openness of access to data (as seen when we discussed the sensitive issue of health records) has helped significantly with this.
The challenges in selecting an identity model are technical and cultural, as well as budgetary (cards aren’t cheap). The Estonians were honest enough to admit that without private sector buy-in (initially by all the banks) the digital identity and signing implementation would not have been cost-effective. The concept of identity also varies around the globe; in Estonia and various other continental countries it is assumed that identity is provided to the citizen by the state along with a physical card. In the UK and USA identity cards have been largely rejected and identity is sometimes thought of as owned by the citizen with minimal information shared with the state for conducting transactions. These cultural differences are important to factor into how effective different schemes and indeed e-government could be in the Channel Islands. However, the easier one’s life is made by sharing personal data and/or signing up to a digital identity scheme, the more likely it is to be successful.
A meeting with the Estonian connected health cluster highlighted how well the government and health providers are working together to promote effective use of technology within the health industry, and promote Estonian products and services for export. The cluster is made up of over 70 partners including 43 companies from start-ups, medtech, biotech, pharmaceutical, health IT and R&D as well as service providers. This wasn’t the first or last time we heard that Estonia is too small to only serve its own market… Anything that Estonian companies are doing is done with a view to export potential. A global mindset was evident throughout the trip and something that our little islands could adopt – we are leaders in some areas but could do so much more.
A trip to the biggest Estonian hospital, the North Estonia Medical Centre showed us how patient records in specialised hospital systems are summarised for the patient’s portal where summary data is shared across primary and secondary care via the X-Road.
Mr Ain Aaniksoo, the CIO for Ministry of Social Affairs with responsibility for e-Health confirmed that the control of this data remains with the patient who can opt to keep records private and not available to anybody. Not even a “break glass” scenario allows health professionals to access data that you wish to remain private (with the associated legal disclaimer if you choose this option). With all access to data audited and logged visibly, health professionals who access data illegally can face severe penalties including custodial sentences. This approach has helped significantly with trust and adoption of the system, resulting in 97% of prescriptions being digital, and 5% of the population voluntarily being gene donors for biotech research – by far the biggest biobank in the world that may help to identify causes and cures for diseases in the future.
In Jersey, C5 has been working on a few IoT projects including the Bus Tracker, Car Park Monitoring, an Air Quality proof of concept and a wider strategy for a smart island. It was useful to discuss approaches with a number of Estonian suppliers;
We also had the privilege of meeting Thinnect and CEO Jurgo Preden, whose boardroom doubles as a lab – the “mist computing” mesh network that his company has developed is the kind of innovation that will allow IoT to thrive with lower power connectivity and efficient use of local vs cloud resources:
One evening we were hosted by Mari Vavulski, the head of Startup Estonia at Lift99, a Startup co-working space that was originally founded by five prominent Estonian startup entrepreneurs (the Estonian Mafia, in reference to the Paypal Mafia).
Lift99 Board room complete with swings for chairs.
The famous $8.5B Skype exit and subsequent success of TransferWise has certainly helped as a catalyst in the local startup community with angel funding available, however what struck me was the global attitude of anybody we spoke to. There is no point in developing anything just for the local market or even just for the Baltic states; go big or go home!
On our last evening we had the opportunity to meet with Ave Lauringson, responsible for addressing the ICT skills shortage locally; a global issue of course, but one that the successful startup community and thriving digital sector are compounding in Estonia. I was surprised to hear that a short 3.5 month cross-training program for individuals wishing to enter the digital sector had been a roaring success. Supported by the Estonian version of Digital Jersey, ITL and its members, applicants should have a minimum degree qualification and have graduated for a minimum of 5 years. This selection process resulted in motivated students looking for a career change as they spotted the opportunities in technology that their original qualifications didn’t afford them. A surprisingly short induction to IT that could likely be replicated in the Channel Islands if there was appetite to do so and calibre of applicants.
There is a lot to learn from anybody who has successfully implemented e-government & identity solutions, start up ecosystems and training programs. I’m hoping to develop closer relationships with suppliers we met in order that we can build on successes (and failures!) of others where appropriate; there is always a local context and need for adapting approaches not least from a cultural perspective. However the gulf between the Channel Islands and countries like Estonia is evident and growing; to keep up with the pace it will be largely necessary to copy and adapt rather than attempt to re-invent the wheel.
Finally, a big thank you to all the individuals and companies we met, all of whom were extremely helpful and engaging, none more so than our host, the newly-appointed Estonian Government CIO Siim Sikkut – we couldn’t have been better looked after or had a more productive schedule 🙂
We take security seriously which is why we’ve been assessed and certified for addressing cybersecurity effectively and mitigating the risk from Internet-based threats.View our certificate