digital evolution of estonia
TRANSCRIPT
The Evolution of the EstonianDigital EcosystemOpportunities and Challenges of E-Governance
Andres KüttInformation System Authority, chief architect
June 9, 2015
Agenda today
Framing the discussion, not defining it
• What does Estonian digital infrastructure consist of?• How we think about our solutions• What solutions exist and why
• Holistic view of the digital government• Estonian digital enablers and where do they come from?
• Trust & cooperation between stakeholders• Ubiquitous electronic identity• “Breathing room“• Critical competences
• Conclusion
How we developed our solutions is moreinteresting than the solutions themselves
Solutions to complex problems are usually much harder to transplantthan the ways of approaching them
We should talk about digital-embracinggovernment, not e-government
E-government implies a separation between the “e“ and the governmentwhile the point is to embed digital into all aspects of governance
Agency Agency AgencyAgency
Electronic identity
Citizens/Officials/Enterprises
Delivery channels
Integration
Infrastructure
Fina
nce
and
port
folio
man
agem
ent
Info
rmat
ion
secu
rity
Information System Registry
Electronic identity
• Implemented using PKI, CA service provided externally
• The certificates live on a chip (smart card or SIM)
• Digital signature legally equivalent to a physical one
• Depends on the personal id-code of the citizen for much of theusefulness, the chip does not contain much
• A bank-driven federated identification scheme widely adopted bystakeholders
Channels
• Central service portal eesti.ee with 800+ services accessible• Relies on services from the next layer• In addition, hundreds of direct contact points with authorities
• Main challenges• simultaneously maintaining service ownership and centralcoordination
• making people think in terms of customers
• No central UI/UX guidelines although a recommended web sitetemplate exists
• Mobile is very small but growing
Integration
• Distributed service bus called x-road• all communication happens peer to peer• no central authority with access to traffic• no central development/operations bottleneck
• x-road provides standardised• channel crypto• access/identity control• service discovery• audit logging• protocol support
• Massive deployment, 1000+ usable services
• Constantly developed, version 6 getting ready to roll
• De facto enables once-only and privacy policies
Infrastructure
• Being expanded aggressively• currently mainly consolidated network access• government cloud in the works• PaaS as a vision
• Government cloud is a combination of• private cloud• public cloud• data embassies
• Security and service availability major drivers: we no longer can runthis country without e-services
• Scalability and cost are also becoming an issue
The described model is lacking
No technical solution exists in a vacuum
• A democracy needs different tools from a theocracy
• Structure of the government and the legislation has a strong impact
• What registries and other systems exist in a legal sense?
• What are the physical constraints?
How to build a governance model encompassing allof these aspects while making technical sense?
Enterprise Architecture view of the government
Business architecture
Organisational architecture
Functional architecture
Technical architecture
Physical architecture
Trust and collaboration between stakeholders
An (externally guaranteed) trust framework between citizens,businesses and the government as well as cooperation
• Information systems involved are too complex to comprehend, thusthe need for explicit trust
• An external (cryptographic or legal) guarantee to the trust helpsavoid trust erosion
• Only wealthy countries can afford not to have that trust: IRS lost$5.2 billion to identity theft in 2013
• Ability to find common ground between engineers, politicians andadministrators but also banks and the government
Ubiquitous electronic identification
On the internet, nobody knows you are a dog• The assurance level of services provided is dependent on theassurance level of the electronic ID
• The British way of using utility bills etc. can only go so far• For simple cases e-mail and password are sufficient• Digital signature requires a PKI-based solution
• Ubiquity stems from people using various e-services on a dailybasis and realising their benefit. It is needed so that
• electronic service can become dominant• the users are acquainted with the risks involved• the users actually find it convenient to use it
”Breathing room”
The players must have the ability and capability to change theiroperating model with reasonable effort
• By definition: if everything is in place, any change would go againstthe well-established rules
• Stability means things happen tomorrow as they do today• Innovation means the exact opposite
• Many of the decisions underpinning our e-government would beimpossible to execute in a well-controlled environment
• Risk management processes alone would be a sufficient deterrent• It is also about mental barriers: what do people have to loose?
• Progress needs a controlled level of chaos
Critical levels of critical competences
Without the following competences, it is not feasible to build ane-government as they are neigh to impossible to outsource
• Ability to procure development• Basically, one must be able to act as a responsible customer• Vendor management is big part of it• Ability to provide input and validate the output
• Ability to procure operations• Operating the service means controlling the data• Weak operations lead to low service levels and loss of trust
• Information/cyber security• Who will work out your electronic identity scheme?• Whose cryptography do you trust and can you make your own?• How do you protect your service?
Sources of these enablers
Where do these enablers stem from in case of Estonia?• Trust & cooperation between stakeholders
• Our independence process• Small society
• Ubiquitous electronic identity• Tiger Leap & Look@World projects• Banks pushing for electronic channels
• “Breathing room“• Simple ineptitude• Nordic cynicism and practical mindset
• Critical competences• Soviet STEM-oriented education system• Local banks relying on local “intelligent amateurs“
Main conclusions from Estonian experience
• “Digital“ rather than “e“-government• it must not be a separate thing on top of “usual“ practices andprocesses
• technology is only as useful as the business change it drives
• Holistic approach is required to• understand success and failure• drive change
• Benefits stem from the ecosystem not from individual systems• Building a website is simple, getting people to use it is not• For traction, all stakeholders must benefit
Thank you!Andres Kü[email protected]