kantseleis

Speeches

- Reset + Print

President of the Republic at the Aftenposten's Technology Conference

16.10.2017

People do not necessarily see tax reforms, social security reforms and pension reforms as digital, but indeed, there is a digital element. Estonians were travelling around Europe, notably most in Nordic countries, and they were demanding similar level of services from their state. Of course, we could not provide it by traditional means and therefore we started to look at different options.

First thing we did, we took papers away on government level. I was advising the Estonian Prime Minister Mart Laar at that time. We also had a digital advisor. That move actually was nothing special. If you think, then at the turn of the century, every private company already had some digital document management system. We were actually very astonished that removing papers from the government meeting created international attention. If we count the articles, which were written about the paperless government it paid back the price of the advertisements of "Estonia is positively transforming, please come, and visit our country!" I think it took about three months to earn back all the money we had spent. In addition, it was nothing special. The technology was well known and often used. By the way, it still applies that the technology that Estonia is currently using is not cutting edge. Estonian digital society runs on very basic and therefore also tried, tested and reliable technology. It is also true in the normal analogue world – it is the washing machine, which transformed the society not sending a rocket to the moon. In fact, our digital society is very similar.

In Estonia, we have entered the digital world step by step, kind of at the same time. This is important because we did not do it alone from the government side –we did it together with our private sector. I remember the discussions in the Estonian government and it was a three party coalition where not everybody was sure that we would need to do this. We planned to sneak digital identity on everybody's ID-card, so that everybody would have one. Whether they would use them or not was initially not so important. However, there was this exclusive opportunity for everybody to use it if they chose to. It is still like that today – it is possible to use paper but nobody wants to – there is no obligation to use digital government services. However, people are normally quite lazy so they do use digital services if they can avoid visiting government offices. However, those who want to, can do so.

The difference between Estonia and some other countries was that from the beginning it was a public and private cooperation exercise. The government was only able to say that they will take the first step and offer digital identity to everybody. The banks, telecoms and everybody else were promising to also create services on a digital platform. It was the time, when most banks were starting to offer digital banking – internet banking with code cards, which nowadays are considered horribly insecure. At that time, they were widely coming into use as a technological development. Our banks wanted something more secure.

Indeed, the same system was created to be open to both private and public sector services. That means that it has uniform use by all Estonians for all services where they need to use digital identification. In fact, the digital Estonia has a guarantee from the state from the public sector viewpoint. We all have this in the analogue world – it is called your passport. How is it the same thing? A passport is used to identify the other party you are talking to. What we do and have done is that we have offered our people the same safe identification for when they are communicating or transacting over the internet. So again, this is nothing fancy; this is a basic government obligation to provide people with a safe identification.

Even to this day, I sometimes hear questions about if it is safe or should governments do it. I finally feel we have a breakthrough in this understanding and thinking and it comes from the fact that people and businesses are online anyway. They communicate anyway. However, if there is no digital identity guaranteed by the state then they have to rely on companies for safe identification. Google does a great job here and all others who offer the means for identification. First, it is not universal – you cannot use it for all services, you cannot use it for public services. Second, it does not come with the same guarantee. On the other hand, as an Estonian e-citizen I am used to transacting with my own countrymen and own country's company digitally, but if I want to transact across the border I would still need to use some other means of identification. There is not that many identification options for across the border. What should we do in order to overcome this? We talked together with Latvians and Finns to make sure that our digital identification could be used also across borders and therefore there will be a digital heart, which will demonstrate that several sovereign countries can cooperate on this. It is not the same as recognizing each other's digital identities, which is quite common in countries, which have digital identities. However, recognition is one thing and the ability to use them across the border is something else. We are still working on this.

What was the challenge to get everybody to use digital services? Of course, there was a challenge – you have to understand that when the Soviet Union came down majority of our people did not even have bank accounts. The salary in the Soviet Union was distributed from the office. We first had to adjust to the money going to a bank account and then we started using e-banking services – in a short span of couple of years. You can imagine that no government could claim to have done it alone, but we could do it because the banks recognized as well that there were huge savings for them. They did not need so many branches, now that people could go online, and they offered free services to those in the population, whom it was difficult to convince to go digital – mostly retired people. Together with the telecom companies, banks also helped the government to organize the Tiger Leap programme.

The Tiger Leap programme was first directed towards the young to give them digital skills and then towards elderly people to make sure they had digital skills. If you know Estonia and have been there, you know the country is quite big but has only 1.3 million people. Quite soon, our elderly also realized that instead of taking a long bus trip to the centre to go to a bank or some other office, it is much easier to go to a library or a school where the government was offering free Internet services. At that time, people did not have computers at home – not everybody – so the digitalization of society started before we had many Internet connections at home, because you could use free connections at the school and the library. This was also done together with our private sector. As I said, not all what we did can be copied and this is a clear example of it. Our people entered the digital world when the most horrible thing that could happen to you was that a coffee cup could be spilled on your keyboard. Later on came computer viruses that could be quite easily kept off your computer. Societies, which are attempting digitalization now, have to get into the Internet of Things, so it is a very different story. But as I said, there is no other option, because people and businesses are already on the Internet and governments need to follow – you do not want to force your people to take a piece of paper and go somewhere.

Of course, there has always been the question of being safe. We have noticed already, that if you apply cyber hygiene constantly and inclusively, it will teach people to be safe on the Internet. While it is difficult even to measure, nowadays the global Internet is running these worldwide exercises of cyber security – let us say WannaCry. When WannaCry hit the world, we did not have any attacks in Estonia – zero, nothing. Because there were no medical systems at hospitals, which were not updated. Our people have spent already close to 13 years in the Internet, and they have learned cyber hygiene the hard way. Of course, everyone has had incidents we have had to learn. We also came under a cyber-attack in 2007, and I guess we were then at that time the only state that could come under cyber-attack because no one else had that level of digital services. This of course taught people the importance of protecting themselves. The good thing is it is do-able. It might have taken us 15 years, but nowadays it will go quicker. Even if people in other governments may not know, their people have also been on the Internet for 15 years and they have learned by their own harsh experience that they have to protect themselves. So we do not only have to make sure that everyone has access, but also to make sure that everybody knows cyber hygiene. I do not call it cyber defence – that is a military term – in civil society; we should use "cyber hygiene". Sadly, many put their hope on technology to protect them on the Internet. It will not work only this way. Finally, it will always have to be a human brain that will have to take care of the security in the Internet. This is absolutely necessary.

Digital happens in various ways. Sometimes people recognize that you are already a digital citizen. For example, if an Estonian baby is born, the doctors can register the babies already in the hospital. The doctor in Estonia enters the data into the medical system. You know: 3.5 kilos, 52 cm...and when the doctor is doing this, the system is creating a digital identity for this baby in the background. The doctor is the civil register manager, but she or he does not need to know this. They do know, but they do not click on anything. It is automated.

The digital citizen is born when the citizen is born and this happens automatically. Now, of course, parents can already name their baby from the hospital bed, they do not need to go to any office. Then they can put the baby in the kindergarten queue, because there are kindergarten queues in Europe as we know, so they can do it when the baby is three hours old if they so wish, and all this without leaving their maternity ward or their own home. It is economical, it is quick, it spares your nerves, and you do not catch the germs that you might otherwise catch if you leave your home with a small baby. So it has lots of benefits for the society.

Another important thing: we save 2% of the GDP simply by signing documents digitally, not taking into account other digital services. This 2% is heavily skewed toward common people and small businesses. We already know that rich people and big companies have their ways of managing bureaucracy, but it is difficult if you are small and poor. In addition, if you think about people who are disadvantaged in society, people who have low salaries, people who have heavy home life burdens, they cannot go to the offices – it is not easy for them. However, the digital government is open 24/7. None of us in Estonia imagine that they would need to do their taxes during their work time. It takes you five minutes while you are having your evening tea at home or when your babies have gone to bed. You can go to the Tax Board webpage and see all your earnings already listed there and simply sign.

You may ask how to get people to use these systems. Well, nowadays it is very easy because right now we have all these digital systems for all new services to get attention. For Tax Board, we pay you back in five days if we owe you money after your declare. Yes, there are random checks afterwards so that if you have lied or something has escaped the attention of the Tax Board, there may be a need to correct the declaration, but overall it is done in 2 minutes if you have nothing to add. You simply have to decide who gets the deductions in the family and you get the money back in five days. All the digital society is full of such advantages.

We are also asked how do people trust their information to the state. All the information, which the government must have in their computerized files, which they can constantly crosscheck. Our answer is that constant crosschecking has actually been turned into something possible in Estonia. It is called the once-only principle. So if I told government where I lived, no other government office can ask me where I live. They have to be able to check that register, and I allow them to check that register for these purposes. On the other hand, if somebody does check and I know they did, and clearly, we have the biggest misunderstanding with analogue societies – they see digital as dangerous. Data or a digital signature may be falsified; someone may look into my papers, which are online.

Well, there are quite a few white-collar crimes where an analogue signature is falsified. A digital signature is more difficult to falsify. It needs something that is more than a picture of your signature. It needs a physical piece of identity and two codes. Otherwise, it does not function. There is no one big database. It is not a physical check. In addition, we have made it a criminal offence to nose around databases with no reason, so even if my job gives me access to someone's data, I have to be able to justify why I looked at the data. So checking your ex-husband's new girlfriend's income is a criminal offence. Of course, in the beginning we had people who tried. The result and the retaliation by the state were widely publicized and it does not happen anymore. People have recognized that this is not the done thing. So our people have the reason to trust their data to the government, and in addition they know who looked at it. If I lived outside of Estonia and I had my medical records somewhere on paper, I would not know without going and checking for fingerprints, who had read my data or medical file. In Estonia, I would know that it was my family doctor because I would be informed about it automatically.

Another important element to recognize about building a digital society is that sometimes, neither the public or the private side want to take the responsibility for costs. The private side fails to recognize that if the state decides to go digital or use next-generation technology, they also take huge risks. Reputational risk is not a small risk for a politician. Imagine in 2001, taking the decision that everyone will have a digital identity. It cost a lot, because while nowadays chips are very cheap, back then, they were becoming cheap, but they were not that cheap. In addition, you need to constantly upgrade and change your systems because of digital threats. In fact, your reputation as a government is constantly under pressure, which you are not used to, and this is important. Private sector sometimes thinks that the government does not take risks. It does take some risks. It compares very well to the financial risks that we are able to calculate that the private sector has to take. Both sides have to invest in the system together. Preferably, most of the cost of developing services should come from the private sector, because they reap the greatest benefits. Of course, government develops its own services itself, but here again; it also nudges the whole sector forward because of course we have to be a clever buyer. It does go wrong sometimes. I remember several times in the last 15 years when it has gone wrong. However, not every analogue development by government goes right either.

Of course, sometimes you need to pay more to make things right again. How to get the society to accept all this? Exactly this way, talking to people honestly and openly about the risks, about the work we need to do, how government has to be transparent, about how we also sometimes risk and fail. It helps. For example, we had a scare only couple months ago and it is still not completely resolved.

One of the manufacturers of the globally produced chips has a problem, which together with some software development made it possible to create the secret key from the public key, which the digital identity constantly transfers. At a considerably lower cost than would be acceptable. Of course, the risk is low. It did not put the system as such at risk, but access to the system. Luckily, we had an alternative channel, a mobile-ID, which was not under pressure. This risk was only considerably higher than it was, let us say, five months ago, but we did not think it would realize tomorrow. We held a press-conference telling people about this problem. We considered it important that the society knows. If this risk would realize, then it would be mobile-ID, not the chip card ID until we could patch the system.

These things will continue to happen and the only way to fight them is transparency, nothing else works. Of course, we all know, similarly to analogue, that there are crooks out there. Yet we accept these risks. We take the necessary precautions, but we do not leave the street space. For some reason for too long, people have felt that cyber space can simply be left alone. I believe that it is bad not only from security reasons for society and governments, but also if our people and businesses are there, we want governments to be there to be present as well – it is necessary. Which is exactly what we tell our own people and other nations in Europe: it is inevitable. You need to start teaching your people by making it inclusive and have everyone use technology. Making it inclusive – the only way is to do it is in public services. We have to honestly talk of the risks, but also provide people with different services; provide them with four or five working days a year when they do not have to take a day off to register forms.

Thank you.