e-governance in practice e-estonia
TRANSCRIPT
e-Governancein Practice
e-ESTONIA
2
e- Society Introduction
Overview of Electronic Services in Estonia
eesti.ee-Gatewaytoe-Estonia e-Banking e-TaxBoard e-Cabinet m-Parking e-Geoportal e-School e-Ticket e-Police i-Voting e-Notary e-Business e-Health e-Prescription e-Residency
E-Society Management
e-SocietyManagementinEstonia CyberSecurityManagement
Interoperability Enablers
BroadbandNetworks ElectronicID X-RoadEnvironment
5
7
91011121314151617182021222324
26
2730
36
404458
Contents
3
Estonian e-Government Legislation
PublicInformationAct DigitalSignaturesAct ArchivesAct PopulationRegisterAct IdentityDocumentsAct PersonalDataProtectionAct InformationSocietyServicesAct ElectronicCommunicationsAct PublicProcurementAct StateSecretsandForeignClassifiedInformationAct
Institutions and Organizations
GovernmentInstitutions Non-GovernmentalOrganisations AcademicInstitutions BusinessEntities
Knowledge Development
E-Democracy
Estoniane-Democracy OpenGovernmentPartnership
e-Governance Academy
Contacts
68
70
71
73
75
76
77
79
80
82
83
84
4
President of Estonia,H.E. Mr Toomas Hendrik Ilves
5
Estonia is one of the most advanced e-societies in the world. An incredible
success story that grew out of a partnership between
a forward-thinking government, a pro-active ICT sector and a switched-on, tech-savvy population. Estonia boasts the world’s
leading IT infrastructure and e-services.
e-SocietyWhat It Is & How It Works
6
Today, the Internet is such a regular fixture in our lives
that we only notice it when it disappears. Decision-makers in almost all developed countries
have understood the impor-tance of the Internet for the economy, and people’s well-
being, but also its overall role in the development of
modern states.
In addition to the Internet, mobile networktechnologies are also constantly evolving andkeep coming up with better solutions. Overtheyears,thedevelopmentoftheInternetandmobile communication has led to the emer-genceofcompletelynewareasofbusiness,aswellasbringingaboutdrasticchangesinhowmodernstatesaregoverned.Nowadaystheciti-zensofacountryareprimarilyconnecteddigi-tallyratherthanphysically.Estoniaisauniquecountryintheworldintermsofthespeedandlevel of e-society development. “e-Estonia”is the termcommonlyused todescribeEsto-nia’semergenceasoneofthemostadvancede-societiesintheworld–anincrediblesuccessstorythatgrewoutofthepartnershipbetweenaforward-thinkinggovernment,aproactiveICTsector, and a switched-on, tech-savvy popu-lation. In addition to fast broadband connec-tions, the rapid development of this digitalsocietywasalsobolsteredbytheapplicationofsecureddataexchangesolutionsandtheintro-ductionofanelectronicidentity(eID)–twokeyICTprojectsthathavebeenoperatingsmoothlyformorethan15years.Asaresult,e-serviceshave become routine for citizens of Estonia:i-Voting,e-taxes,e-police,e-healthcare,e-no-tary, e-banking, e-census, e-school andmuchmore.
How is thispossible?Firstmagic ingredient isthedataexchangelayerX-Road.It istheenvi-ronmentthatallowsthegovernment’svarious
Estonian e-Society indicators:
100% of schools and local governments havecomputers
99% ofbanktransfersaremadeelectronically
98%of tax returnsaremadeviae-TaxBoard
95%of medicationisboughtwithadigitalprescription(2014)
80% of familieshaveacomputerathome
88%of homeshaveabroadbandconnection
66% of the population participatedinthecensusviainternet(2011)
30%of votes werecastovertheinternetduringthelastParliamentelections(2015)
databasesandregisters,bothinthepublicandprivatesector,tolinkupandoperateinharmonyregardless of the technical platform they use.Almost 15 years of active dutywith no downtime,andasaresultwehaveover170databasesoffering their services via X-Road. Secondly, inEstoniadigitalsignaturesandauthenticationarelegallyequivalenttohandwrittensignaturesandface-to-face identification. The eID opens thedoor to alle-serviceswhile guaranteeing thehighestlevelofsecurityandintegrity.Currently,the eID is actively used by 60% of Estonianswithout a single security incident since itslaunchin2002.(Reference:e-Estoniawebsite)
Themain question is- shouldwe protect theking (i.e. theperson) or the route (where theking is travelling)? InEstonia,wehave chosentheking,meaningweprioritisetheprotectionof personal data.We use public Internet, butthe data that is exchanged is encrypted anddigitally signed. However, all other alternativesystems have high-level security requirementsaswell.Whatismore,in1997the“onlyonce”principle became a legal imperative, meaningthattheauthoritiescouldnotaskanindividualto provide information she or he had alreadyprovided to any part of the administration.(Reference: Public Governance And TerritorialDevelopment,OECD,Paris,Https://Www.Oecd.Org/Gov/Key-Findings-Estonia.Pdf)
This publication provides an over-view of the creation and manage-
ment of the information society, implementing cyber security
measures, setting up electronic identity and secured data exchange,
developing a new generation of broadband networks, formulating necessary regulations, educating
citizens, and many other important aspects of establishing an e-society.
7
1996
2000
2000
2003
2004
2005
2007
2010
2014
2000
2001
2003
2005
2006
2008
Overview of Main Electronic Services
in Estonia
e-Banking
e-Tax Board
e-Cabinet
e-Geoportal
e-School
i-Voting
e-Notary
e-Health
e-Residency
m-Parking
Eesti.ee
e-Ticket
e-Police
e-Business
e-Prescription
TIMELINE
8
99%of all state services are online.
9
1 2
3
The official Estonian State e-Services Portaleesti.ee is a secured gateway to 99%
of e-services offered in Estonia.
ProcurementInitiative:MinistryofEconomicAffairsandCommunicationsandEstonianInformationSystemAuthority(www.ria.ee)
Furtherinformation:www.eesti.ee
singlepointofcontact easieraccesstoalle-services
convenientplatformforpromotingnewservices
eesti.ee – Gateway to e-Estonia
Since 2003
The portal provides users with easy access and gives thegovernment a better platform for integrating and promotingnewservices.
In 2014 eesti.ee offered access to 815 e-services, and wasvisited by Estonians from over 200 countries in the world.Altogetherthee-servicesreceivedca7millionviews,whichisfivetimesmorethanthepopulationofEstonia.
10
1
4
2
53
e-BankingOur leading banks (Hansapank and Ühispank, now Swedbank and SEB) played an invaluable
role in developing the first electronic solutions, and helped
move the Estonian population online by offering high-quality e-banking services. By giving
away free ID-card readers, and encouraging their customers to use ID-cards for securing trans-
actions, the banks helped to promote more frequent use and wider application of the national
e-identification document.
ProcurementInitiative:Estoniantwoleadingbanks,SwedbankandSEB,werethemaindrivingforcesbehindthedevelopmentofonlinebanking.
Furtherinformation:Swedbankwww.swedbank.eeSEBwww.seb.ee
noneedtovisitthebranchofficeinperson
transactionsarecheaperwhenmadeonline
savestimeandmoneyforboththecustomerandtheserviceprovider
accessible24/7 securedaccessfromanyplaceonearth(withInternetconnection)
Since 1996
NowEstonia isnown throughout theworld foritsuser-friendlyandsecureonlinebanking.AsofJune2016,onlytheinitialprocedureofopeningan account requires a personal appearance atthe bank (there has been talk of changing tosecuredfirstonlineidentification),andafterwardallsubsequenttransactionscanbemadeonlinebyconfirmingthemwithyourelectronicidentity.Whatismore,banksareconstantlyloweringthedailytransactionlimitsforonlineuserswithpass-word cards tousemore securedeIDmethods.Asaresult,theexpression“goingtothebank”isslowlydisappearingfromtheEstonianlanguage.
In addition, Estonian banks have partneredwith telecommunications companies to investin Look@World, a project that provides basiccomputer literacy courses to adults free ofchargealloverthecountry.Asmuchas10%ofEstonia’s adult population has participated inthese courses, which were organised in 2002,2009and2010.Theresultsofalltheseeffortsarequite staggering- today, an incredible 99.8%ofallbankingtransactionsinthecountryaremadeonline.Whatismore,accordingtotheEuropeanCentral Bank, the banks operating in Estoniaare significantlymore efficient than the rest in theEurozone.
11
21
53 4
e-Tax Boarde-Tax Board is the electronic tax filing system set up by the Esto-
nian Tax and Customs Board. It has become one of the growth drivers of e-ID usage in Estonia. Since its
introduction in 2000, it has helped drastically reduce the time spent by private individuals and entre-
preneurs on filing taxes.
In2002thesystemreachedamajordevelopmentalmilestone with the introduction of automated taxdeclarationforms.Usingasecuree-ID,thetaxpayer
ProcurementInitiative:EstonianTaxandCustomsBoard(ETCB)Furtherinformation:www.emta.ee
loweradministrativecostfortheTaxBoard
easyandconvenienttouse
taxreturnscanbefiledin3-5minutes
taxpayersreceiverefundsinfivedays
transparentandefficienttaxcollection
logs onto the system, reviews their datain pre-filled forms, makes the necessarychanges,andfinally,approvesthedocumentwiththeirdigitalsignature.Theprocesstypi-cally takes three to five minutes, and as aresult,over97%oftaxdeclarationsinEstoniaarenowfiledelectronically.Inadditiontoindi-vidualtaxreturns,thesystemalsoallowsfor:
●corporatetaxreturns, incl.allrelevantemployeetaxes●value-addedtaxreturns●excisedutyreturns (eg.alcohol,tobacco,fuel,packaging,etc.)●INFdeclarations●customsdeclarations
Since 2000
12
1
4 5 5
2
3
e-CabinetThe Information System of
Government Sessions, better known as the e-Cabinet, is a
powerful tool that the Estonian government uses to streamline its decision-making process. It
enables ministers to prepare for and conduct cabinet meet-
ings, review minutes, and perform other relevant tasks
entirely without the need for paper.
ProcurementInitiative:GovernmentOffice,RepublicofEstoniaFurtherinformation:www.riigikantselei.ee/e_cabinet/
ministersarebetterorganised possibletotakepartinmeetingsremotelyusingaudio-visual
equipment
noneedtocarryaroundlargestacksofpaper
averagesessiontimedrasticallyreducedfrom4to5hourstojust30to90
minutes
lowerenvironmentalimpact
decision-makingprocessismoretransparentand
understandable
Atitscore,thesystemisamulti-userdatabaseand scheduler that keeps relevant informationorganised and updated in real time, givingministers a clearoverviewof each itemunderdiscussion. Well before the weekly cabinetsessionbegins,theministersaccessthesystem
Since 2000
to review each agenda item and formulatetheirpersonalpositions.Shouldtheyhaveanyobjectionsorwouldliketospeakonthetopic,thentheyjustneedtochecktherelevantbox.Asaresult,theministers’positionsareallpublicprior to the cabinet meeting, and decisionsthathave receivednoobjectionsareadoptedwithoutdebate,savingconsiderabletime.Whatis more, the decisions made at the cabinetmeetingscanbee-mailedtointerestedpartiesorpostedonawebsiteevenwhilethemeetingisstillinsession.
13
1 2
m-ParkingMobile parking, or m-Parking,
is a convenient system that enables drivers to pay for their city parking via mobile phone.
Today it’s the most widely used method of payment for parking,
with 90% of parking fees paid via mobiles.
ProcurementInitiative:TallinnCityGovernmentincollaborationwithaleadingmobilenetworkoperatorFurtherinformation:www.parkimine.ee/en
convenience–farewellparkingforms
localmunicipalitiessaveonparkingmeter
infrastructure
Driverswishing to park their cars can eitheruse a location-based application or send anSMS with the parking zone’s code. Whenthe agency checks the vehicle’s registrationnumber in their database, they will receiveconfirmationthatparkingisregistered.Uponleaving, the driver discontinues the parking
serviceusingtheapporsendsanotherSMS.At the end of eachmonth, the total cost ofmonthly parking is added to the driver’smobilephonebill. Thesystem is suitable forbothpublicandprivateparkinglots.
The Estonian m-parking system has beenadopted,copied,replicatedandmimickedallovertheworld(e.g.theUS,Canada,Austria,SwedenandDubai),andthus ithasbecomepractically impossible to trackall thevariousmodes of implementation. However, as ofJune2016,Estoniaremainstheonlycountrywheremobileparkingistheprevalentmethodof payment and is applicable in all the paidparkingareasalloverthecountry.
Since 2000
90%of parking fees are
paid via mobile.
14
21
3 4
e-GeoportalThe Geoportal administered by the
Estonian Land Board is a convenient tool pooling information from a
variety of map servers and spatial data services, eg. the portal links
to the electronic Cadastral Register, containing information on the value,
natural status and use of land.
ProcurementInitiative:EstonianMinistryofJustice,CentreofRegistersandInformationSystemsFurtherinformation:EstonianLandBoardGeoportalwww.geoportaal.maaamet.ee,
e-LandRegisterwww.rik.ee/en/e-land-register
convenientaccesstolandregistrydocuments
easytomakeinquiriesregardinggeneralpropertyinformation
savestime,administrativecosts,andallowspaper-free
administration
transparentsystemcurtailingrealestatefraudandcorruption
Since 2003
Paired with thegeographical informationsystem (GIS), the e-Geoportal delivers real-timegeographicaldataviatheX-road,enablingadvanced map-based visualisations thatpower many of the location-based servicesinEstonia.TheEstoniane-Geoportalisapartof the Estonian Spatial Data Infrastructure,whichinitsturnisapartoftheInfrastructureforSpatialInformationinEurope(INSPIRE).
Another important e-service is the e-LandRegister that links to the official propertyownership database, pooling informationrelated to ownership and limited real rightson immovable property in Estonia. Thiselectronic registry has transformed the wayproperty transactions transpire in Estonianowadays, eliminating the need to visit apublic office and spend hours waiting for acivilservanttoreviewrecords.Thispaper-freesystemhas significantly reduced theprocesstime for land transactions. As a critical toolfor the real-estate market, it ensures trans-parency, listingtheregisteredownerofeachpropertyholding,indicatingpropertybounda-riesandprovidingotherrelevantinformation(incl. cadastral information, encumbrances,mortgages, etc.) for potential buyers. Whatis more, businesses also benefit from theconvenienceofhaving instantaccessto landregistryinformationandtheabilitytoconfirmownershipwithjustafewclicksofthemouse.
15
1 2
e-SchoolThe e-School has become
one of the most widely used e-service in Estonia.
ProcurementInitiative:[email protected]/lookworld
Furtherinformation:www.ekool.eu
kidshaveanoverviewoftheirgradesandoverallprogress,andtheycanalsoaccesstheir
homeworkassignments
parentscanbemoreactivelyinvolvedintheirchildren’seducation
moreefficientorganisationandrecord-keepingfor
teachers
improvedcommunicationbetweenteachersandparents
The main goal of the e-School is to makestudy-relatedinformationeasilyaccessibleforbothchildrenandtheirparents,facilitatetheworkofteachersandtheschoolmanagement,andgenerallyengageparentsmoreactivelyintheirchildren´seducation.
3 4
The system offers a range of different functions for its various users:
● teachers can enter grades and attendance
Since 2003
● information for individual students, post homework assignments, and evaluate students’ behaviour. The system also acts as a convenient communication channel for sending messages to parents, students or entire classes.
● parents can use it to keep themselves up to date with regard to their children´s academic development. Thanks to round-the-clock access via the internet, they can check their children’s homework assign-ments, grades, attendance information (incl. SMS if child absent) and get feedback from teachers. It also provides a channel for communicating with teachers directly.
● students can review their own grades and keep track of assigned homework. In addition, they can keep their best school projects in a personalised e-portfolio.
● school district administrators have access the latest statistical reports, making it easy to consolidate data across the district’s schools.
16
1
2
ProcurementInitiative:TallinnCityGovernmentFurtherinformation:www.ridango.com
e-TicketThe e-Ticket is a ticketing solu-
tion introduced in Tallinn in conjunction with the implemen-tation of personalised tickets in
the local public transportation system. As a result, nowadays only tourists buy paper tickets
when using public transport in Tallinn.
Themainreasonforintroducinge-ticketinginTallinnonsuchalargescalewasthenewpolicylaunchedbyTallinnCityGovernmentaimedat
Since 2004
localresidents,andofferinganewschemeofdiscountsandconcessionaryfaresforspecificgroups (eg. students, seniors, and disabledpeople,etc.). Inordertohaveabetterover-viewofpassengersandtheirstatus,theinitialidea was to issue new personalised travelcards for specific user groups, which wouldhave entailed high auxiliary costs as well asinconveniencefortheuser.
However, the process of transitioning topersonalised ticketingwas facilitated by tworelated developments. Firstly, the Govern-ment launched the ID-card with electronicidentity initiative.Secondly, itcoincidedwiththe wider implementation of secured dataexchangelayerX-Road,whichenablesqueriestodifferentdatabases.Eventually, these twodevelopmentsformedthebasisfortheID-cardbased e-ticketing solutions implemented inthepublictransportationsysteminTallinn.
moreconvenientandstream-linedsystemforthecustomer,i.e.noneedtopurchasea
physicalticket-allyouneedisaphoneoracomputerwith
anInternetconnection
easiertocheckthevalidityoftickets,i.eticketsarestoredonID-cards,andmustbevalidateduponeachentry
17
1
2
e-Police Estonia’s electronic police
system is based on the idea, that providing the
best possible commu- nication and coordination
will lead to the most effective policing.
ProcurementInitiative:EstonianPoliceandBorderGuardBoardMoreinformation:www.politsei.ee
thecontrolcentreknowsthelocationofeachpatrolcarat
anygiventime
improvedefficiency,eg.70%increaseinoffensereports
handledperday,roadfatalitieshavedecreasedbyover400%,1000%increaseinvehicle
queriesperformedpermonth.
The e-Police system comprises two maintools:amobileworkstation installed ineachpatrol car, and a positioning systemused inthe headquarters, showing each officer´slocation and status. As a result, each policevehicle is equippedwith a computer in theluggage compartment, a monitor, a posi-tioning device, and access to a digitalmap.Inaddition,themobileworkstationsinstalledinpatrolcarsgiveofficers inthefieldnearlyinstantaneous access to vital information,enabling aggregated queries from policedatabases, Citizen and Migration Board,MotorVehicleRegistry,TrafficandInsuranceFund,etc.
Since 2005
18
i-VotingInternet voting (i-Voting or online
voting) is a system that allows voters to take part in national or
local elections by casting their ballots online via an Internet-con-
nected computer, from anywhere in the world. It is used as an additional
voting method to improve accessi-bility to elections, and should not be confused with other electronic
voting systems used elsewhere that rely on special voting devices set up
at the polling station.
ProcurementInitiative:ElectronicVotingCommitteeoftheNationalElectoralCommissionFurtherinformation:www.valimised.ee
The Estonian solution is simple, convenient andsecure,allowingvoterstocasttheirballotsfromalocationof their choosing (home,office, abroad),without having to go to a polling station. Thereis a special designated pre-voting period duringwhich the voters can log onto the system usingtheir ID-cards or Mobile-ID which establish thevoter’sidentity.However,uponcastingaballotthevoter’sidentityisremovedfromtheballotbeforeitreachesthefinalcountingstageperformedbytheNationalElectoralCommission,andthus,eachvoteremainsanonymous.
Thesystemalsoallowsonlinevoterstore-casttheirvote during the designated online voting period,which leads to theirpreviousvotebeingdeleted.Aftertheonlinevotingperiodends,pollingstationsreceivealistofconfirmedonlinevotersinordertopreventthemfromvotingforthesecondtimeonelectionday.
In Estonia, Internet voting was first introducedduringthelocalelectionsin2005,whenabout2%of all participating voters cast their ballot via theInternet.Thusfar, i-Votinghassubsequentlybeenused eight times in Estonia, with the number ofonline voters increasing each time, with ca 31%of votes cast online in parliamentary elections in2015. What is more, during the 2015 elections,voteswerereceivedfrom116countries.
Since 2005
eGA Senior Expert andPolitician Liia Hänni
Over10 years
of secured internet voting.
19
2005Local
1,9
2009Local
15,8
2013Local
21,2
2009EUParliament
14,7
2014EUParliament
31,4
2007 Parliament
5,5
2011 Parliament
24,4
2015 Parliament
30,5
35
30
25
20
15
10
5
02005 2015
Share of Internet Voters in Estonia Elections
% of internet voters
0 5 000 10 000 15 000 20 000 25 000
690 Agedover90
1484 85-89
2227 80-84
3383 75-79
4978 70-74
7683 65-69
10667 60-64
13724 55-59
15493 50-54
18081 45-49
20330 40-44
22307 35-39
22850 30-34
Number of e-votes by age of voter
20879 25-29
10476 20-24
1268 Upto19
PARLIAMENT
ELECTIONS 2015
20
1
4
2
5
3
6
e-NotaryThe e-Notary system is an online
platform created specifically for notaries, and helps them in
everyday work, also enabling electronic communication with
government agencies (incl. registry queries).
ProcurementInitiative:EstonianMinistryofJustice,ChamberofNotariesFurtherinformation:www.rik.ee/en/other-services/e-notary
keepingascheduleofnotarisingactivities
preparingagreementsandallowingdigitalsignatures
makingreliablequeriestostateregistries
reductionofredtapebetweennotariesandclients,fasterwayofdoingbusinesswithnotaries
forwardingrecordstostateregistries
minimisingpaperwork,printingandrepeated
dataentries
ThesystemisownedbytheChamberofNotariesandtheserversareadministeredbytheCentreofRegistersandInformationSystems;the latteralsoprovidesusersupport,usertrainingandcontinuedsystem development. The e-Notary platformcan only be used by notaries and notary officeemployees (eg. deputy notaries, lawyers, secre-taries,receptionistsandarchiveemployees).
Since 2006
eGA Associated Expert Sandra Roosna
21
1
4
2
53
e-BusinessThe e-Business Register is an online platform linked to the official database comprising
the real-time data on all legal entities registered
in Estonia.
ProcurementInitiative:EstonianMinistryofJustice,GovernmentOfficeofEstoniaFurtherinformation: e-BusinessRegisterwww.ariregister.rik.ee,
CompanyRegistrationPortalwww.ettevotjaportaal.rik.ee
reviewcompany’sgeneraldataandtaxarrearsdata
accesstoannualreports,statutes,personalandcommercialpledge
data,etc.
real-timemonitoringofprocessingdataandrecordamendmentsofcompanies
verifyingofbusinessandentrepreneurshipprohibitionsof
Estonianpersons
visualiserelationsbetweenvariouscompaniesandpersons
In addition, the e-Business Register alsohosts the online Company RegistrationPortal, which is an Internet platform thatallows entrepreneurs to submit electronicapplications,documentsandannualreportsto the Commercial Register. Applications
Since 2007
can only be signed using an ID-card orMobile-ID. Thanks to this paperless busi-ness platform, Estonia has significantlyreduced administrative costs and is moreattractive to foreign investors, with theopportunity to start a business within 18minutes (as opposed to five days whenusingtraditionalmethods).
ServicesavailableviatheCompany RegistrationPortal● establishingnewbusinessesandnon-profitorganisations,andsubmittingapplicationstoamend,liquidateordeleteregistrydata● e-platformforcompiling,signingandsubmittingannualreports● web-basedaccountingsoftwaree-billing,whichhelpsstart-upsandsmallbusinesstoorganisetheiraccounting
22
e-HealthThe Electronic Health Record is a
nationwide system that integrates data from different health care
providers to generate a single elec-tronic file providing a comprehensive
record for each patient. The system contains information on diagnoses, visits to the doctors, tests, hospital
treatments, prescribed medications, etc. What is more, in emergency
situations doctors can use a patient’s ID card to review time-critical infor-
mation, such as blood type, allergies, recent treatments, on-going
medication, or pregnancy.
ProcurementInitiative:EstonianeHealthFoundation(fundedbytheMinistryofEconomicAffairsandCommunications)Furtherinformation:e-Healthwww.etervis.ee
PatientPortalwww.digilugu.ee
1
4
2
53
significantlyreducedadminis-trativebureaucracyfordoctors
accesstotime-criticalinforma-tioninemergencysituations
healthcareservicesaremorepatient-friendly
increasedefficiencyinthehealthcaresystem
collectionofdataonhealthtrendsisautomated
Thoughitmaylooklikeacentralizednationaldatabase,itactuallyretrievesdataasneededfromthevariousserviceproviders,whomaybe using different systems themselves, andpresents it inastandard format.Asa result,the documentation process is streamlined,and health care providers have access torelevant information (including image filessuchasX-rays),which facilitates thedeliveryof high quality patient-centered health care.The system also compiles data for nationalstatistics, so that relevant ministries canmeasurehealthtrends, trackepidemics,andmakesurethatnationalhealthresourcesare spentwisely.
The eHealth system also includes a PatientPortal, that gives patients access to theirown records, as well as those of their chil-dren.By logging into thePatientPortalwithanelectronicID,thepatientcanreviewtheirpersonalhealthcarehistory,incl.nameoftheirfamily doctor, past doctor visits and currentprescriptions, and even receive general healthadvice.
Since 2008
23
1 2
3
e-PrescriptionThe digital prescription is one of the key
innovations in Estonia’s cutting-edge e-health care system, and a survey
conducted in 2015 revealed that the elec-tronic prescription service was the most
popular e-service among citizens.
ProcurementInitiative:EstonianMinistryofSocialAffairs,EstonianHealthInsuranceFundFurtherinformation:www.digilugu.ee
medicalappointmentsaren’trequiredforroutinerefills,savingtimeforbothpatient
anddoctor
patientsdon’tneedtokeeptrackofpaperprescriptions
reducedpaperworkin hospitalsandpharmacies
TheDigitalPrescriptionServiceisacentralized,paper-free system for issuing and handlingmedicalprescriptions,which isdoneelectroni-callyviaanonlineform.Allhospitalsandphar-maciesinEstoniaareconnectedtothesystem,and in 2015, over 95% of all prescriptions inEstoniawerebeingissuedelectronically.
All thepatientneeds todo is topresent theirID-cardat thepharmacy.Thepharmacist thenretrieves the patient’s information from thesystem and fills the prescription. The systemdrawsondatafromtheEstonianHealthInsur-ance Fund, and therefore any state subsidiesthatthepatientisentitledto,arealsoavailable,andthemedicineisalsodiscountedaccordingly.
Anothermajoradvantageofthesystemisthatroutinerefillsdonotrequirevisitstothedoctoranymore. Patient can contact their doctor bye-mail,Skypeorphone,andthedoctorcanissuerefillswithjustacoupleclicksofamouse.Thishelpssavetimeforbothpatientsanddoctors,andreducestheoveralladministrativeburden.
Since 2010
24
e-ResidencyEstonia made history by launching the first supranational e-residency
scheme in the world – a state-issued electronic ID for non-residents that allows secured authentication and
digital signature of documents – thus moving towards the idea of a
country without borders.
ProcurementInitiative:EstonianMinistryofEconomicAffairsandCommunicationsFurtherinformation:www.e-estonia.com/e-residents,www.apply.e-estonia.com
Alle-residentsreceiveasmartID-cardwhichprovidesdigitalidentificationandenablesthedigital signing of documents. The e-residentID-card and services are built on state-of-the-arttechnologicalsolutions,containingtwo
Since 2014
Pleasefollowe-residencyindetailsfrompage52.
security certificates: one for authentication,andanotherfordigitalsigning.However, it isimportanttonotethate-Residencydoesnotconfercitizenship,taxresidency,residenceorright of entry to Estonia or to the EuropeanUnion. The issued e-Resident smart ID-cardis not a physical identification or a traveldocument.
Estonia’s first e-resident was Edward Lucas,senioreditoratTheEconomist,whocalledthee-resident’s card an “Estonian Express” thatoffers a degreeof security, convenience andprivacyunlike anyothernational ID-scheme.Inashortperiodoftime,thousandsofforeignentrepreneurs, professionals and mediafigures have followed Lucas’s example tobecome Estonian e-residents, among themShinzōAbe,thePrimeMinisterofJapan.
1
4
2
53
digitallysigndocumentsandcontracts
verifytheauthenticityofsigneddocuments
encryptandtransmitdocumentssecurely
establishacompanyinEstoniaonline,andadministeritfrom
anywhereintheworld
conducte-bankingandremotemoneytransfers
25
6 7
accessdifferent e-services
declaretaxesonline, NB!e-residencydoesnotautomaticallyestablish
taxresidency.
*InEstonia,digitalsignaturesandauthenticationarelegallyequivalenttohandwrittensignaturesandface-to-faceidentification,andalsobetweenpartnersuponagreementanywherearoundtheworld.
RecentchangesinEUlawmeanthatwithinthenextfewyearsEstoniane-residentswillbeabletoeasilyidentifythemselves,accessonlineservices,andconductbusinessacrossEuropeanUnion.
Prime Minister of Estonia Taavi Rõivas and the Minister of Economy
of Japan Akira Amari
26
E-Society Management
eGA Chairman of the Management Board Arvo Ott and Indian Ocean Commission Secretary General Jean Claude de l’Estrac
27
e-Society Management
in EstoniaModern technology contributes consider-ably to the facilitation of communication
between citizens, businesses and the state. The state-level IT architects in Estonia often
jokingly say that the public sector should proceed in its activities from the principle
“Let us have less state”. Indeed, the devel-opment of the information society has
significantly reduced the need for citizens to turn physically to state institutions.
Since the 1990s Estonia has had remarkable success in information society development. The major factors that have
affected the evolution of the information society in Estonia include the economic factors, the active role of the public
sector, technological competency, and socio-cultural factors.
Movingtowardse-Governanceindailypublicadministration, however, requires extensiveorganisational and administrative changes,without which the expected benefits willremain justadream.Formationof theEsto-nian information society was full of chal-lenges. Through the e-Governance Academy, Estonia shares its lessons with the world.
28
Digital Policy Adviser at Government
Office of Estonia Siim Sikkut
In Estonia, the development of the information society is based on the Principles of the Estonian Information Policy, adopted by the Estonian Parlia-ment in 1998. These principles were reviewed and updated in 2006 in the course of preparing the Esto-nian Information Society Strategy 2013. Most of these principles remain relevant today:
• The development of the information society in Estonia is a strategic choice to improve the competi-tiveness of the state and to increase the overall well-being of people.
• The public sector leads the way in pursuing the prin-ciples for the development of the information society.
• The protection of fundamental freedoms and rights, personal data and identity will be ensured. Individ-uals are the owners of their personal data and will have an opportunity to control how their personal data are used.
• The public sector will organise its processes so as to ensure that citizens, entrepreneurs and public bodies will have to provide any information only once.
• The information society will be developed in coop-eration between the public, private and third sector as well as all with other parties, including the users of ICT solutions.
• When developing the information society, the continuity of the Estonian language and culture will be ensured.
• The information society will be created for all resi-dents of Estonia, while particular attention will be paid to the integration of social groups with special needs, to regional development and to the strength-ening of local initiatives. Everybody should have access to the internet.
Cyber Security Management
Interoperability Infra-structure and Enablers:
• Internet network • Electronic Identity• Secure Data Exchange• Environment X-Road
Legislation
e-Democracy
Institutions and their roles in e-Governance
Educational programs
Estonian Information Policy
The objective of further chapters is to share knowledge, best practice and competence on creating and managing the information
society by developing widely accessible, relevant, innovative and sustainable corner-stones of e-Governance:
29
• Centralised policy development
• Decentralised implementation
• Transparent and efficient public sector
• Neutrality of technological platforms
• Citizen / customer orientation
• Functioning model for protection of personal data
• Measures against digital divide
Wehelp to increase government leaders’awarenessandskillsinallaspectsofe-gov-ernment, by focusing on e-governmentpolicy and planning issues, organisationalandmanagement frameworks, legal regu-lations, budgeting of ICT implementation,andbasicconceptsofe-governmentinter-operabilityandarchitecture.
Formoreinformationoncentrale-governmentandchangemanagement,
pleasecontactMrArvoOtt.E-mail:[email protected]
Web:www.ega.ee
At the e-Governance Academy,we understandthe vital role of regional governmentsin thedevelopmentofe-administrationande-democ-racy. Local and regional governments are theclosest governmental units to citizens in everycountry.Theyalsoprovidethemajorityofpublicservices. With this, local and regional govern-mentscanplayanactiveroleinthedevelopmentofe-administrationande-democracy.
Formoreinformationonlocale-government,pleasecontactMrHannesAstok.E-mail:[email protected]
Web:www.ega.ee
Main principles behind e-Estonia:
e-Government developments are done mainly by responsible minis-tries and state agencies. Every government department, ministry or business, gets to choose its own technology, based on commonly agreed principles.
Ministry of Economic Affairs and Communication developed prin-ciples of information policies and supportive legislation, also took responsibility for supervision of relevant state organisations starting from 1993.
30
Cyber Security
Management Cyber Security is one of the most
important topics in Estonia. Estonia has developed its information
society science 90’ and has become highly dependent on its ICT infra-structure and electronic services.
Therefore, Estonia has ensured that electronic solutions are not the
Achilles heal for the society but vice versa, the enabler of digital innova-
tion and smart solutions.
Estonia has been set as an example of notonlyhowtomanagecyberincidents,butfirstofall,howtomakeelectronicsystemssecureby design.Due to this approach Estonia hasimplemented a national electronic identityscheme, a legally valid electronic signaturesystemanda securedataexchangeenviron-ment X-Road for electronic services. Thesesystemsarefundamentalforensuringnationalcybersecurityathehighestpossiblelevel.
Estonian national cyber security arrange-ments allow public and private sectors andcitizens to interact securely in a commondata exchange environment while ensuringconfidentialityandprivacy.The result is thatEstonia has thousands of e-services, whichareaccessibleworldwide.
In 2007 theEstonian cyber security conceptandimplementedtechnologieswererobustlytested inreal life.Estoniaexperienced large-scalecyberattacksagainstitswholeICTinfra-structure. Internet service providers wereunderattackaswellasgovernmentwebsitesand e-mail systems, online banking andother electronic services. The whole worldwitnessed,thatEstoniasurvivedwithoutanysignificantdamage.ThisprovedthatEstoniancyberspaceiswellprotectedandtrustworthy.
Cyber Security is the enabler of rapid digital innovation.
We use the term “Cyber Security” as a general word for digital data/information protection,
personal data protection in electronic format, computer security, network security, e-ser-
vices security, ICT security, cyber safety, etc.
31
Cyber security and the information
society In Estonia, Cyber Security doesn’t exist inisolation.Itisafundamentalpartofinforma-tion society development and supports thedigital innovation. Cyber Security is not the
National Cyber security framework
Wehavedevelopeda framework fornation-al-level cyber security. This frameworkhelpsto understand how the cyber security areashouldbeorganisedandrolesandresponsibil-itiesshared.TheEstoniannationalcybersecu-ritystrategyfrom2014followsthisconcept.
brake,whichdoesn’tallowdigitalisation,butthe enabler, which makes the rapid digitalinnovationpossible.
Withtheimplementationofbasiccybersecu-ritymeasuresaselectronicIDandsecuredataexchange environment X-Road, Estonia hassolved the fundamental security problem ofthe cyber environment. The X-Road systemcould be understood as the Estonian officialterritory in thecyberspaceandelectronic IDcardasthepassporttothisvirtualterritory.
eGA Head of National Cyber Security Domain Raul Rikk
32
Onthetopofthefigure,thefundamentalcyberthreatsarepresented:
●Denialofservice–informa-tionservicesarenotavailableifneeded.Example: large-scale cyber attacks against Estonia in 2007
●Dataintegritybreach–dataismodifiedinanunauthorisedmanner.Example: the Stuxnet operation against an Iranian nuclear facility in 2010.
●Dataconfidentialitybreach–dataisavailableforunauthorisedentities.Example: WikiLeaks 2010 and the disclosures by Edward Snowden in 2013.
Someoftheincidentsaresimpleaccidentsortech-nical failures.Other incidentsmightbeorganisedbycriminalsorterrorists.Also,nation-statescouldusecyberoffensivecapabilitiesaspartofspecialormilitaryoperations.
These threats directly affect the normal func-tioningofnationalinformationandcommunicationsystems and through the ICT systems, the elec-tronic services (including critical e-services). Theconsequence is that the informationsocietydoes
not work properly andthe country’s governanceefficiency,economyandlifestyleisharmed.
Inordertomanagethesecyberthreats,acountrymust have appropriate legislation and govern-ment entities that are responsible for baselinecyber security and incident management. Alsothe country needs legal acts and agencies forcombatingcybercrimeandterrorism.Inaddition,themilitary shouldhave specific legislation,unitsandcapabilitiesforprotectingnationalcyberspace.
33
Cyber Security Highlights
X-RoadX-Road is the secure backbone of e-Es-tonia, the Estonian “protected territory” inthe cyberspace. It’s the environment thatallows the nation’s various databases, bothin the public and private sector, to link upand operate in harmony. All of the Estoniane-solutions that use multiple databases useX-Road. All outgoing data is digitally signedandencrypted.Allincomingdataisauthenti-catedandlogged.
Formore information,pleasesee theX-roadchapter.
eID and Digital SignatureEstoniahasbyfarthemosthighly-developednationalIDsystemintheworld.ThedigitalIDservesasthepassportofEstonia’s“territory”inthecyberspace,andaccesscardforsecuree-services. Estonians have an official ID-cardandMobile ID,whichallow themto identifythemselvesinanonlineenvironmentandgivelegally binding digital signatures worldwide.In Estonia, eID is actively used by 60% ofpopulationwithoutasinglesecurity incidentsinceitslaunchin2002.
For more information, please see the eIDchapter.
National Cyber Security Index TheNationalCyberSecurity Index isaglobalindex which measures countries’prepared-nesstopreventtherealisationoffundamentalcyberthreatsandreadinesstomanagecyberincidents,crimesandlarge-scalecybercrises.
TheNCSIdescribesstrategicmeasureswhichare necessary for securingpublic e-services,informationandcommunicationsystemsandthedigitalsociety ingeneral.TheNCSIcouldbeusedasa tool fornational cyber securitycapacitybuilding.
Formoreinformation, pleaseseethewebsitewww.ncsi.ega.ee
NATO Cooperative Cyber Defence Centre of ExcellenceTheNATOCooperativeCyberDefenceCentreof Excellence is an International MilitaryOrganisation located in Tallinn, Estonia withamission toenhance thecapability, cooper-ation and information sharing amongNATO,its member nations and partners in cyberdefencebyvirtueofeducation,researchanddevelopment, lessons learned and consulta-tion.
Formoreinformation,pleaseseethewebsitewww.ccdcoe.org
X-road is the Estonian protected territory in the cyberspace and eID is the passport to that territory.
34
How it works?InEstonia,themostimportantcybersecurityrolesandresponsibilitiesaresharedbetweentheMinistryofEconomicAffairsandCommu-nications,theMinistryofInternalAffairs,andtheMinistryofDefence.
TheMinistryofEconomicAffairsandCommu-nicationsisresponsibleforinformationsocietydevelopmentandbaselinecybersecurity.Thenational cyber security policy coordinator isplaced in theministry, at thedepartmentofstateinformationsystems.
The ministry has the State InformationSystem’s Authority, which is responsible forpractical implementation of interoperabilitytechnologies and cyber protection. Thenational Computer Emergency ResponseTeamis locatedattheAgencyaswellastheCritical Information Infrastructure Protec-tionUnit. For furtherdetails, please see thechapterInstitutionsandOrganisations
TheMinistryofInternalAffairsisresponsibleforcombatingcybercrime.Theministryhasdifferent units for the fight against cybercrimeanddigitalforensics.Also,theministryhasitsownICTAgencyforpoliceandnationalinformation systems. The ministry is alsoresponsibleforcrisismanagement,includingcybercrisis.
The Ministry of Defence is responsible forcreating military capabilities. The MinistryhasestablishedtheNATOCooperativeCyberDefenceCentreof Excellence and supportsits administrative operations through theEstonian Defence Forces. Also, under theministry,thereisavoluntarymilitaryorgani-sationDefenceLeague.TheDefenceLeagueis the home for voluntary cyber securityexperts.InEstoniathecybervolunteersareorganised into theCyberDefenceUnit andthey provide support during large-scalecyberincidents.
35
For national cyber security coordination,Estonia has established the Cyber SecurityCouncil. It works under the Government’sSecurity Committee and deals with cyber
How to start?eGAprovidesvariousservicesforcybersecu-ritydevelopment.Wefocusonorganisational,regulativeandtechnicalmeasuresofnationalcybersecurityandprovidebestpracticefromaroundtheworld.Weassistgovernmentandspecific sectors in improvingcyber securityknowledge,developingpoliciesandlegislation,raisingorganisationalandpersonnelcapacity,andimplementingsecuritytechnologies.
We provide the following services for governments, ministries and organisations:
Policy Development
●CyberSecurityStrategyandImplementationPlan
●CyberSecurityRoadmapandDevelopmentPlan
●SpecificPolicydocuments
Legislation Development
●CyberSecuritylegislation,regulationsandguidelines
●CyberSecuritystandardsandBaselineSecurityFrameworks
Organisational Capacity
●Organisationalframework(structure,rolesandresponsibilities)
●CERT/CIRTcapacitybuilding
●CriticalInformationInfrastructurecapacitybuilding
Formoreinformationoncybersecurity,pleasecontactMrRaulRikk.E-mail:[email protected]:www.ega.ee
securitypolicyissues.Inthecouncildifferentstateinstitutions,businessentities,academicorganisationsandcybersecurityexpertsarerepresented.
Our products include policy documents, recommendation papers, consultancy, trainings and seminars, study visits for delegations, awareness raising events and materials, analyses and research papers, organisational change management and technology implementation.
●Crisismanagementsystemforcybersecurity
●CyberPolicecapacitybuilding
●CyberDefencecapacitybuilding
Security Technologies
●ElectronicIdentificationSchemeimplementation(IDcard,mobileID)
●Digitalsignaturesystemimplmementation
Education and Awareness
●CyberSecuritybriefingsandtrainings(policies,frameworks,etc.)
●Coursecurriculumdevelopmentforuniversities,schoolsandorganisations
●CyberSecurityexercisesanddrills(incidentandcrisismanagement)
●Awarenessraisingactivities(demos,campaigns,events,materials)
36
37
Interoperability Enablers
“Estonia ranks among the most wired and
technologically advanced countries in the world.”
Freedom on the Net 2015
38
Freedom House report “Freedom on the Net 2015” posits Estonia
as one of the most wired countries in the world, with
increasing internet access and online participation
among citizens.
With a high internet penetration rate,wide-spread e-government services, and e-com-merce, integrated intothedaily livesof indi-vidualsandorganisations,Estoniahasbecomeamodelforfreeinternetaccessasadevelop-ment engine for society. Indeed, access tothe Internet is considered a human right inEstonia. Certified WiFi internet connectionsare available in thousands of public places,and Estonia is completely covered by digitalmobile phone networks (3G and 4Gmobilebroadband coverage). The area of WiFiinternet is constantly growing and encom-passesallofEstonia:www.wifi.ee
Estonia is completely covered by digital mobile phone networks
(100% advanced 3G mobile broadband coverage)
Estonia is completely covered by digital mobile phone networks (100% advanced 3G mobile broadband coverage)
Introduction InEstonia,thefirstinternetconnectionswereintroduced in 1992 at academic facilitiesin Tallinn and Tartu. The national telecom-munications monopoly was subsequentlyprivatised with the inclusion of Finnish andSwedish telecommunicationcompanies,andafibre-opticbackbonewasbuiltwithmodernfixed and mobile communications services.The government continued collaboratingwithprivateandacademicentities,whichled
totheTigerLeapinitiativelaunchedin1996,whichaimedtobringcomputersandInternetconnectionstoallEstonianschoolsby2000.Thisprogramhelpedtobuildageneral levelof technologicalcompetenceandawarenessof the importance of ICT among Estonians.Ref:FreedomHousereport“FreedomontheNet2015”
Theadvancesmadeinthefieldofinformationtechnology have facilitated the increasinglyexponential use of the Internet. Among16–24-year-olds the share of Internetusers has already reached 100%, andthe number of Internet users amongthe elderly is on the increase as well.(StatisticsEstonia).
Some facts:
100% EstonianschoolsareconnectedtotheInternet
99%ofthepopulationaged16-74yearsusestheinternet(StatisticsEstonia,2015)
98% ofhouseholdswithchildrenhaveInternetcapabilities(StatisticsEstonia,2014)
83%ofhouseholdshaveinternetcapa-bilities(StatisticsEstonia,2014).
39
Figure above depicts the share of Internetusers in the Estonian population by agegroups,andthechangesthathaveoccurredduringthelast10years.
Nowadays, computer studiesare introducedquiteearlyon inEstoniangeneraleducationschools. On one hand, young people havealways shown greater interest in Internetusethantheoldergenerations.Ontheotherhand, the share of Internet users amongpeople aged 65–74 remained low althoughITequipmentwasalreadywidelyusedatthetime and Internet service was available inmost regionsofEstonia.Yearafteryear, thepopulationaged65–74hasalsobeguntousetheInternetmoreactively.Thishasbeenfacil-itated by the decreasing service costs, andthegeneralconvenienceofusinge-services.Asof2009,thedeliveryofpensionpaymentsismadeonlydigitallytotherecipient’sbankaccount, which may have also contributedto the increased usage of internet bankingservices by the elderly. Family support isimportantaswell:oftentheelderly learnto
useacomputerandtheInternetwiththehelpofyoungerfamilymembersorrelatives(e.g.children,grandchildren).(Reference:StatisticsEstonia)
Overthepastyears,theissueofensuringtheprivacy of individual users on the InternethasbecomeahotlydebatedtopicinEstonia,with a particular focus on the privacy poli-cies of global service providers. The DigitalAgenda 2020 for Estonia, formulated by theMinistry of Economic Affairs and Communi-cations,outlineshowbothtechnologicalandorganisationalconditionswillbedevelopedtoensure thatpeoplewill always knowandbeabletodecidewhen,bywhom,andforwhatpurpose their personal data is being usedin thepublic sector.By2020all residentsofEstoniawillhaveaccesstofast(30Mbit/sorfaster) Internet,with at least 60%of house-holds using ultrafast (100 Mbit/s or faster)Internet on a daily basis. (Reference: MKM,DigitalAgenda2020)
Estonia is completely covered by digital mobile phone networks
(100% advanced 3G mobile broadband coverage)
Share of internet users among population
40
Broadband Networks
The nation-wide base network connects theregional base networks in cities and largercentres.Theequipmentutilisedinthenation-widebasenetworkmakesitpossibletotrans-port and exchange information betweendifferentlocationsanddifferentoperators.Thedevicesofend-usersarenotdirectlyconnectedto the nationwide base network. Nationwidebase networks are constructed using fibre-opticcablesandusuallywithduplicatecirclesto guarantee sufficient transmission capacityand performance, so that connections areautomatically rerouted in caseof cable faultsandtherearenointerruptions.
Regional base networks connect the accessnetworks in one specific region (eg. city or acertain rural area)with the nation-widebasenetwork. It is the connecting link betweentheaccessnetworkandthenation-widebasenetwork. The regional base network alsoconnectsthenetworkdevicesintheregiontoeachother,therebyallowingfordatacommu-nication traffic between them. Similarly tothe nation-wide base network, regional basenetworksarealsobasedonfibre-opticcablesandareoftencreatedas circles toguaranteetherearenointerruptionsincaseoffaults.
The new general broadband network generally consists of three parts:
• nation-wide base network• regional base network• access network
41
Theaccessnetworkisthepartofthenetworkthat is the closest to the end-consumer andconnects the consumer’s devices to theconnectionpointofthenearestregionalbasenetwork. Access networks utilise differentdevicesand technologies,and their transmis-sioncapacity,quality,user-friendliness,accessi-bility,etc.differconsiderably.Accessnetworkscanbedivided into two:wirednetworks andwirelessnetworks.
Wired Networks ● Over the last couple of decades’ varioustechnologies(eg.xDSL,vectoring,GFast)thatmakeitpossibletotransportmoredatawithhigher quality through copper cables havebeen in constant development. As a result,thetransmissioncapacityofcoppercableshasincreasedmanifold.Unfortunately,thisdevel-opment has now reached the stage wherethelawsofnaturecomeintoplayandfurtherincreases in data transmission capacity viacoppercablesoverlongdistancesisnolongerpossible.
●ThespreadoftheInternethasalsoledtotheadoptionoftechnologiesthatmakeitpossibleto transport data via cable-TV networks (eg.coaxialcable).Thistechnologycreatedcompe-tition for historical telephone companies inregions that had a cable-TV network. Coaxialcables boast a bigger transmission capacitythancoppercables,butacable-TVnetworkisanetworksharedbetweenconsumersintermsof its structure. This means that in contem-porary cable-TV networks, coaxial cables aremainlyusedinnetworksinsideblocksofbuild-ings. All parts of networks located outsidebuildingshavebeen replacedwithfibre-opticcables. Data transmission technologies havealso developed rapidly and cable-TV compa-niesarecurrentlyofferingexcellentbroadbandconnectionstoend-consumers.
●Theaccessnetworkwith thebiggest trans-missioncapacityandthebestqualityisbasedon fibre-optic cables. The limits of the trans-mission capacity of fibre-optic cables cannot
yet be foreseen, as laser technology keepsdeveloping and coloured light can transportincreasingamountsof information.Thereareseveral types of optical cable-based accessnetworks and their common name is FTTX(fibretothex).Themostperfectopticalcableaccess network is such where a direct fibregoestotheconsumerfromthenetworkdeviceof the base network, i.e. FTTH (fibre to thehome).
Wireless NetworksWireless access networks are mainly meantforconnectingthemobiledevicesofend-con-sumers. Wireless technology is also used toconnectbuildingsinplaceswheretheconstruc-tion of infrastructure for a wired network isimpossibleduetonatural,economicorotherreasons. The main advantage of a wirelessnetworkisthatit’sconvenienttouse.
Severaldifferenttechnologiesareused.Sometechnologies(eg.Wimax,WiFi,CDMA)enablethe so-called point tomultipoint connection,whichmeansthatthereisabasestationonamastthatcanbeusedbyseveralusersatthesametime.Sometechnologies(eg.radiolinks),however, enable point to point connection.Radio linksneeddirectvisibility,whichmeansthat using them in the midst of forests andmountainsmaybeproblematic.
Mobilewirelessaccessconnectionsormobilenetworksaremainlymeantforconnectingtheportabledevicesofpeople(eg.mobilephones,tablets, etc.) to the internet.Mobile networktechnologies are in constant developmentandkeepcomingupwithbetterconnections.Today,newmobilecommunicationgenerations(eg.NMT,2G,3G,4G,5G)areupgradedmorefrequently than ten years ago. Radio wavesguarantee data communication in mobilenetworks. There is only a limited number ofradiowavesthatfitintheairsothattheywillnotinterferewitheachother,andthereforeaninternational agreement has been concludedregarding the radio frequencies that may beusedformobilecommunication.
42
A new generation broadband PPP project can be divided into the following stages:
Establishment of goals
Mappingouttheexistingsituationinbroadbandinfrastructure,market,services,competition,etc.andforecastingdemand,marketandtechno-logicaldevelopments.
Creation of models,
whichmustbebasedonaclearunderstandingofthedesiredextentofmarketinterventionandtheriskstobetaken.Subsequentlythedecisionon the typeof intervention canbemade, includingabout the level onwhichinterventionwilloccur-willitbethewholesalemarket(infrastruc-tureandconnectionlevel)orretailmarket(servicelevel),andtheextentoftheproject(nationwide,regional,completenetwork,basenetworkoraccessnetwork).
Business plan and financing
The project can be implemented on the basis of a long-term businessplan.AlthoughearningdirectmonetaryprofitmaynotbethegoalofPPPprojects,abusinessplanisthebasisofbothfinancingaswellasopera-tion.Afinancingpackageofnetworkuserfees,grantsandlong-termloansmustbeassembledinordertofinancetheproject.
Action plan and implementation
The action planmust cover detailed network planning, organisation ofconstruction andmarketing activities. Project supervision, resultmoni-toring and the procedure for making potential changes must also beagreedonrightatthestartoftheproject.
43
How to start?Manycountryleadershavecometotheunder-standingthatbroadbandcannotbeofferedtoall people and companieswithout the inter-vention of the public sector. However, pastlessons have taught us that excessive stateintervention is not beneficial for the overalldevelopment,becauseitdecreasesthemoti-vationoftheprivatesector.
Thepublicsectormusthaveanexcellentover-viewofbroadbanddevelopmentandtheplansoftheprivatesector.Ingeneral,theinterven-tion measures of the public sector shouldincrease competition, i.e. it is necessary toavoidthesituationwheretheprinciplesofafreemarket are sacrificed for the benefit of
achieving rapid results. Market interventionby the public sector should follow the prin-cipleoflessismoreorasmuchasnecessary,butaslittleaspossible.
Modern ICT regulation is built around theunderstandingthatdevelopmentsaremainlymarket-driven and all necessary agreements(on interconnection, access, infrastructuresharing, etc.) are made primarily throughagreement between market participants.However,inorderforthistowork,itisimpor-tantthatthere isaregulatorwithpowerstointerveneifandwhennecessary.Inaddition,auniversalserviceobligation isstipulatedbylawinallEUMemberStatesandmanyothercountries, to ensure that basic services areavailableinallpartsofthecountryatreason-ableconditions.
InEstonia,severaldiscussionshavebeenheldby the executive, and legislative branches,small and large operators, and local author-ities.All partieshavedifferent interests, andconsequentlyalsodifferentopinions.Inordertomake a public-private partnership projectinbroadbanddevelopmentapossibility, it isnecessary to reduceoppositionand look foropportunitiesforcollaboration.
A reasonable option would be the draftingof the broadband development plan by anindependentorganisation,suchasthee-Gov-ernance Academy. The plan should includeproposals for the creation of the environ-ment required for broadband development,suitable models, financing options anddifferent support measures considering the localsituation.
44
In Estonia, the eID is actively
used by 60% of the population
without a single security incident since its launch
in 2002.
The Electronic ID
eGA Senior Expert in Digital Identity Mari Pedak
Please examine visual concept on the inner
side of main page.
45
Estonia has a comprehensive system for elec-tronic identification, authentication, and digital signing which includes the following elements:
InEstonia,theuseoftheeIDisregulatedbytheIdentity Documents Act and the Digital Signa-tures Act, replaced by EU regulation eIDAS. Itis essential that digital signatures are legallybinding as hand-written signatures. At the EUlevel,in2014aRegulationoneIDwasadopted
Increase in the number of digital signatures
(Regulation 910/2014)which repealsDirective1999/93/EC. Regulations are directly appli-cableforallMemberStates,andtheaimofthisspecificregulationistoenableharmonisationtosuchanextentthatelectronicidentificationcanbeacceptedinallEUMemberStates.
• ID-card• Digi-ID• Mobile-ID • digital stamp• residence permit card• e-residency card
e-IDstatisticsperperson/permonth24IDcardtransactionsversus38mobile-IDtransactions
46
In Estonia the identity of a person is basedon a permanent individual ID called thePersonalIdentificationCode(PIC),whichwasintroduced in 1992. The PIC is generated inaccordance with the Estonian Standard EVS585:2007 „Personal Code. Structure“, thePopulation Register Act and a regulation onthegenerationofPICs.PursuanttothePopu-lationRegisterAct,thepersonalidentificationcode is a unique combination of numbersformedonthebasisof theperson´ssexanddateofbirth,thatallowsfortheidentificationofaspecificperson.
All certificates contain the PIC. The PIC is used as a primary key in the majority of databases containing personal information, both in the public and private sector.
Moreover,digitallysignedfilescontainacertif-icateofthesignatory(whichinturncontainstheirPIC),whichallowsforadefiniteidentifi-cationofthesignatory.
The data on the ID-card (i.e. the data fileand certificates) is available to every cardterminalastheyarenotread-protected.Theauthentication certificate is available to theserviceprovideruponasuccessfullogin.Thedigitalsignaturecertificateisavailableinthedigitally signed document to everyonewhoseesthedocument.Asaresult,thePICinthedatafileorinthecertificateismadeavailablewitheveryelectronicuseoftheID-card.
Personal IdentificationCode
As of June 2016, the digital documents bearing the electronic identity of Estonian residents are plastic cards (ID-card, Digi-ID, e-residency card, residence permit card) and mobile phone (Mobile-ID).
47
Reference:eid.eesti.ee,e-Estoniashowroomportal.
Thepublickeyinfrastructure(PKI)enablessecuredigital authentication and digital signing. Theinfrastructure also provides means for securedatatransferbyusingencryption.EstoniausesanationalPKI,meaningthatthestateundertakestoassuretheexistenceand functioningof thepublickeyinfrastructure.AlthoughalargepartoftheservicesrelatedtothePKIarepurchasedfromtheprivatesector(e.g.certificateissuance,certificate validity information,distributing the
publickey);aswellaspreparingthekeygenera-tionenvironment(e.g.chipofcarriersofID-cardtype, SIM card) and personalising the docu-ments(carriersofID-cardtype),themostimpor-tantaspectsrelatedtothePKIarestillhandledbythestate:
● Police and Border Guard Board: issuingpersonal (digital) identity documents enablingsecure electronic authentication and digitalsigning(ID-cardoranothersmartcard).● Ministry of the Interior: drafting legislationthatdeterminesthetypesandrequirementsforthedigitalidentitydocuments.● Information System Authority (RIA): devel-opmentofsoftwareapplicationsnecessary forusing the PKI (ID-card middleware includingdrivers,utilityandclientsoftware).● Ministry of Economic Affairs and Commu-nications (Department of State InformationSystems):determinesthequalityandreliabilityrequirementsofPKIservices.
TheEstonianeIDfeaturesalsotheprovisionofa unique state-issuede-mail address allocatedto each card holder. There are currently twoformats [email protected] [email protected], whereNNNN represents a sequential number toprovideuniquenessifthereareseveralcitizensbearingthesamename.Thise-mailaddress isintendedasa lifetimeaddress. It isnotassoci-atedwith a real e-mail service but is rather arelay address forwardingmails to the holder’s‘actual’ address. These e-mail addresses arepublicly available through Estonia’s NationalRegistryofCertificationServiceProviders’certif-icatedirectory.
Public Key Infrastructure(PKI)
eGA Project Manager Triinu Raigna
48
ID-Card General Overview
The ID-card is the only mandatory ID document in Estonia. Thus far, ID-
cards have been issued to more than 1.2 million active users, which makes up nearly 94% of Estonia’s 1.3 million
residents. This makes the Estonian system the most used national ID-card
system in the world
ESTONIANID�CARD
THEFRONTSIDEOFTHECARDCONTAINSTHEFOLLOWINGINFORMATION:●cardholder’sname●cardholder’ssignatureandphoto●uniquepersonalidentificationcode(nationalID-code)●dateofbirth●gender●citizenship●cardnumber●dateofexpiry
THEREVERSESIDEOFTHECARDCONTAINSTHEFOLLOWINGINFORMATION:●cardholder’splaceofbirth●dateofissue●residencepermitdetails(ifapplicable)●cardandholderdatainmachine●readableformat(exceptforthephotoandsignature)
CHIPThechipon
thecardcarriesembeddedfiles
which,using2048-bitpublickeyencryption,enableittobe
usedasdefinitiveproofofIDinanelectronicenvironment.
THEREVERSEOFTHECARDCONTAINS:AnIDcardissuedbefore1January2007isvalidfor10yearsandthecertificatesonitarevalidforthreeyears.Uponexpiration,certificatescanberenewedwithoutcharge.OnIDcardsissuedafter1January2007,thecertificatesarevalidforaslongasthecarditself,i.e.fiveyears,andthereisnoneedtorenewthecertificates.
THEREARETWOCERTIFICATES savedontheIDcard
1)acertificatefordigitalpersonalidentificationanddatasigningandencryption;
2)acertificatefordigitalsigning,enablingthecardholdertoissueadigitalsignature.
TheID1-shapeddocuments-definedbyISO/IEC7810standard-arebasedonPKItechnology,andincorporate two certificates: one for authenti-cation,andtheotherfordigitalsignatures.EachprivatekeyisdependentontheuseofadifferentPIN-code. In addition, the card also contains asingle user-readable data file, replicating datafrom the visual layer. There is no electronicallyusablebiometricinformationonthecard.
Since 2002
Chip FeaturesThe Estonian ID-card serves as thedigital access card to all secure e-ser-vices offered in Estonia. The chip onthecardcarriesembeddedfileswhich,using 2048-bit public key encryption,allow for it to be used as definitiveproof of ID in an electronic environ-ment.Itcanbeusedforpersonaliden-tification, signing documents digitallyandfordataencryptionfunctions.TheID-card requires a special card-reader,for digital signatures special DigiDocsoftware is also required. (Reference:eid.eesti.ee)
The ID-cardasohasadigital supplementcalledthe Digital-ID (Digi-ID), which is a state issueddigitaldocumentforelectronicidentificationandproviding digital signatures. Unlike the ID-card,the Digi-ID is not designed for visual personalidentification;therefore,itdoesnotcarryaphotoor any physical security elements – simply theperson´s name, personal identification numberandendofvaliditydate.Electronicallyandcryp-tographically, it is identical to the ID card, andin electronic environments they are treated asequivalentcertificates.
49
TheID-cardsare issuedinclosepublic-privatepartner-ship.Therearethreemainorganisationswhoareassoci-atedwithissuingandoperatingtheID-cardandtheasso-ciatedinfrastructure:PoliceandBorderGuardBoardisthegovernmentagencyresponsibleforissuingpersonalidentificationdocumentstoEstoniancitizensandotherresidents, as required by the IdentityDocuments Act.Certification Centre (AS Sertifitseerimiskeskus, SK)functionsasCA,maintainstheelectronicinfrastructurenecessaryforissuingandusingthecard,anddevelopsthe associated services and software. Trüb Baltic AS(subsidiaryofGemaltoAG)isthecompanythatperson-alisesthecardintheterritoryofEstonia.
The ID-Card contains two certificates (standard X509v3 certificates): 1) a certificate for digital personal identification, datasigningandencryption;2)acertificatefordigitalsigning,enablingthecardholdertogenerateadigitalsignature.
The ID-card along with corresponding certificates isissuedforfiveyears,andthereisnoneedtorenewthecertificates. Digi-ID and its certificates are issued forthreeyears.Reference:eid.eesti.ee.
Certificates and Validity Digi-ID – How to start?
The Process of Issuance
The main steps inID-card issuing process include:
● personal application● identity verification (when applying for the first
time personal appearance is mandatory)● personalisation and activation of certificates
● issuance and handing over
While according to the law the issuing of an ID-card may take up to a month, the Digi-ID cards are issued
within 30 minutes from the service offices of the Police and Border Guard Board. (Issuance process as of June 2016) (Reference: https://www.politsei.ee)
TheEstoniane-GoverenanceAcademy,incooperationwithitspartners,offersafull-packageservicetopilotanelectronicidentitysolution.Ourservicewilltakecareofallthecomplicatedprocessesforyou,andallowsyoutotestdrivetheEstonianDigi-IDsolutionwhichboaststhehighestapplicationratepercitizenintheworld.
Piloting Electronic IdentityThescopeofthepilotprojectistointroduceandexplaintheconceptofelectronicidentityanditsapplicationtoaselectedtest-group.Partiesagreeonthenumbersofplasticcardstobeissuedintheframeworkofthepilotproject, and the relevant application shall be loadedontothechipduringthepre-personalisationstage.
Subsequently the plastic card will be personalisedboth physically and electronically. The level of phys-icalpersonalisationdependsonthetechnicalandthepracticalpointofview.Theelectronicpersonalisationentails the generation of two asymmetric keys: oneforauthentication,onefordigitalsignature.ThepublicpartofthekeysshallbecertifiedbytheCertificationCentre based on specific certification requests. Testcertificates are loadedonto the smart card chip andalsostoredinthesystem.
The Digi-ID Pilot Package includes: ●marketreadysolution:thebestwaytofindouthowDigi-IDworks●duration:2-3months●pilotingincludes:mappingthemarketsituationtrainingthetest-groupandserviceproviderscompilationofDigi-IDimplementationblueprintsupportforPRactionsfullprojectmanagement
Getting started:●localpartnerprovidesdataontest-group●choosingonee-serviceintegrationtoaccesssecurelywith Digi-ID or possibility to use customised demoportalfortestingbothauthenticationanddigitalsigna-ture●testcertificatesareissued●plasticcardsareproduced●24/7customersupport
Forfurtherinformation,pleasecontactMrsMariPedak
50
Mobile-IDGeneral Overview
Originally introduced in 2007, the Mobile-ID is an electronic
personal identification document that can be used for electronic
personal identification and digital signatures with
a mobile telephone.
The Mobile-ID becomes operational after ithasbeenactivated in theelectronicapplica-tion environment administered by the Esto-nian Police and Border Guard Board. Unlikethe ID-card, the Mobile-ID cannot be usedfor document encryption, only for accessingsecure e-services and generating digitalsignatures to documents. However, it hastheadvantageofnotrequiringaspecialcardreader.
In2007,theEstonianMobile-IDsolutionwasawarded “Best New Product” by InnovationCenter InnoEurope. In 2011 the Mobile-IDwaspromotedtothestatusofnationalelec-tronic IDdocument inEstonia,whichmeansthat theMobile-ID canbeusedonanequalbasis with the ID-card (Reference: eid.eesti.ee,BalticIT&TReview”ISSN1691-4694).
Since 2007
In this configuration themobile phonewithitsSIMcardfunctionssimultaneouslyasanIDcardwithanID-cardreader.
Chip FeaturesThe Mobile-ID requires a special SIM card that enables the service. SIM cards with Mobile-ID readiness must fulfil the following requirements:
● Javacard 3.0.4 ● Java Transaction 0F82 Bytes ● Java Stack Default 01F0 Bytes
Private keys are stored on the mobile SIM card along with a small application for authentication and digital signing. SIM cards are furnished with special Mobile-ID Applets during production (applet size is 39912 Bytes). The Esto-nian PKI-based Mobile-ID solution corresponds to the following security crypto algorithms: ECC, SHA2. Evalua-tion level: EAL4+ (Reference: SK.ee)
eGA Project ManagerTriin Rast
51
TheprocessofissuingaMobile-ID,aswellasitsfurtheroperation,iscarriedoutinaclosepublicprivatepartner-ship.TherearethreemainorganisationsinEstoniathatareinvolvedinissuingandoperatingtheMobile-IDandtheassociatedinfrastructure.
● Police and Border Guard Board is thegovernmentorganisationresponsibleforissuingidentificationdocu-mentstoEstoniancitizensandotherresidents,asstipu-latedintheIdentityDocumentsAct.
● Certification Centre (AS Sertifitseerimiskeskus, SK),maintains the electronic infrastructure necessary forMobile-ID
● Mobile Network Operators (MNOs, eg. Telia,Tele2,Elisa)–allleadingMNOsinEstoniaofferSIMcardswithMobile-IDcapabilities.
The Estonian Certification Centre (SK) generates two certificates for Mobile-IDs (standard X509v3 certifi-cates): 1)certificatefordigitalpersonalidentification2)certificate fordigital signing,enablinggerenationofdigitalsignatures
Unlikeotherdocuments,theMobile-IDcertificatesarenotsavedontheSIMcard.TheMobile-IDcertificatesarevalidforthreeyears,andwhentheyexpire,theSIMcardhastobereplaced.(Reference:SK.eeandpolitsei.ee)
Certificates and Validity Mobile-ID – Where to Begin?
The Process of Issuance
The process of obtaininga Mobile-ID
●onemandatorypersonalappearance(+validID-card)●Mobile-IDagreement(signedwithanEstonianMNO)●SIM-cardsareissuedbyallleadingMNOsinEstonia
●cardholderinsertsID-cardorDigi-IDintothecardreaderandentersEstonianPoliceandBorderGuardBoardwebsiteforfiling
anapplicationforaMobile-ID●theapplicationisprocessedandtheactivationofcertificatesis
completedonthePoliceandBorderGuardBoardwebsite
TheissuanceprocedureofMobile-IDsisinlinewiththeEstonianDigitalSignaturesActandtheEURegulation910/2014onthe
CommunityFrameworkforE-signatures.
TheEstoniane-GoverenanceAcademy,incoop-eration with its partners, offers a full-packageservicetopilotaMobile-IDsolution.Ourservicewilltakecareofallthecomplicatedprocessesforyou,andallowsyoutotestdrivetheMobile-IDsolution and generate digital signatures in anycountry.
eGA Mobile-ID Pilot Package includes: ● market-ready solution: the best way to●findouthowMobile-IDworks●duration:2-3months
Getting started●localMNOprovidesinformationonSIMvendor●testSIM-cardsincludeSIMApplet(supportedbyallleadingcardproducers)●onee-serviceintegrationinordertotestsecureaccesswithMobile-ID●portalfortestingdigitalsignature●Estonianinternalinfrastructureisusedduringpilotandpublictesting
Forfurtherinformation,[email protected]
52
e-ResidencyThe Republic of Estonia is the first country to offer
e-Residency — a transnational digital identity available to anyone in the world interested in administering a
location-independent business online.
Whatismore,e-Residencyenablesaccesstosecure and convenient e-services that facili-tateintegrityandreliabilityonline.
NB!e-Residency isnotequivalent to citizen-ship or permanent residency. It does notguarantee the right to vote inelections,nordoes it give permission to enter Estonia orthe European Union without a visa. Please
Over
10 000e-Residents from 130
countries
bear inmind that e-Residency is a privilege,notaright,andtherefore,Estoniashallscreenallapplicantsandreservetherighttorefuseapplications.
First results are impressive:●over10000e-Residentsfrom130countries●over600newcompaniesestablishedbye-residents
Steve Jürvetson, Tim Draper andPrime Minister of Estonia Taavi Rõivas
53
Over
10 000e-Residents from 130
countries
Theapplicationfor thee-Residencycardcanbe submitted personally at Estonian Policeand Border Guard Board service bureaus,atforeign representations of the Republic ofEstonia,bypostorbye-mail.
The decision to issue a Digi-ID card for ane-Residency applicant shall be made within30working days. For security purposes, theapplicantmustprovidetheirfingerprintuponreceiptofthecard,inordertolinkaparticularindividualstotheirdigitaldata.(Reference:PoliceandBorderGuardBoard).
The e-Residency card is based on the Esto-nianDigi-IDsolution, i.e. theofficialnationaldigitaldocumentforpersonalidentificationinanelectronicenvironmentandforgeneratingdigitalsignatures.However,unliketheID-card,thee-residencycardisnotdesignedforvisualpersonalidentification.
Electronically and cryptographically, theDigi-IDisasmartcardidenticaltotheID-card.Therefore,when issuing aDigi-ID certificate,theCertificationCentreusesthesamegeneralprinciples, certification policy and certificateprofileaswithEstoniannationalID-cards.
Thee-Residencycardanditscertificatesareissuedforadurationofthreeyears.The card lists the card holder´s nameandissuedpersonalidentificationcode,alongwiththedocumentnumber.
The Digi-ID application must include the following documents:
● application form (online fill-out possible; or print and fill out on paper)● national identity document or a copy of the document if application is submitted by post and by e-mail● colour photo (min. 40x50 mm or 600x800 pixels (JPG)● receipt certifying payment of applica-tion fee● free-form written explanation regarding the purposes for applying for the Digital-ID and the circumstances of its use (holders of a service card or diplomatic card exempt) ● in case the applicant is an diplomatic officer, they must additionally provide relevant credentials
Main Features
Certificates andValidity
The Process of Issuance
54
The digital stamp is a service that allows legal persons
(e.g. companies) sign documents digitally.
Thedigitalstampconfirmsthatthedocumentcomes from the company that has signedit (i.e. the digital document is confirmedby the institution, not by an authorisedphysicalperson.
Signaturescanbeattached(alsoinlargequan-tities) to invoices, payment orders, confir-mations, certificates, bank statements, etc.DigitalstampisavailableonUSBcrypto-stickthathasanX.509certificate(theareaofappli-cationshallbedeterminedbythenameofthecertificate).Theissuingprocessandevidentialvalueofthedigitalstampareregulatedbylaw(EstonianDigitalSignaturesAct),certificationpolicy(specifictotherespectivecertificationservice,andmoredetailed)andmoregeneralcertificationprinciples.
Digitalstamp
The Processof Issuance The digital stamp certificate is issued totheauthorisedrepresentativeoftheinsti-tution on a smart card or crypto-stick.The use of the digital stamp is similarto the ID-card, because the documentis furnished with the time of giving thestamp certificate and the validity infor-mation.Thedigitalstampsolutioncanbeintegratedintomostinformationsystems.(Reference:SK.ee)
Advantage:people come and go,institutions remain.
eGA Project Manager Martin Lään and Assistant of the Management Board Evelin Sõluste
55
Every eID user can upload any document, sign it digitally, and send it to other parties. While the users have the DigiDoc soft-ware, the e-service providers use software called DigiDocService. The DigiDocService is a SOAP-based web service which enables furnishing an e-service or an appli-cation with such funcitionalities as personal identification, digital signatures, signature identifica-tion and Mobile-ID.
How it works? 1
3
2
reductionofdirectandindirectbusiness
expenses
fasterexchangeofdocuments=>improved
cashflow
securityprovidedbytimestampingand
certificates=>reducedriskofforgeryandfraud
The DigiDoc Client, a piece of software included in the eID package, is a system that’s widely-used in Estonia
for sharing and digitally signing documents. Because in Estonia, digital signatures carry the same legal weight as
hand-written signatures, a secure, easy-to-use platform is needed to give government agencies, businesses and
private persons a way to transfer files.
DigitalSignature Tool
56
Furnishing solutions with ID-card andMobile-ID functionality is simple andallowsfor:
●digitalsignaturesusinganID-card(oranothersmartcard)●identificationanddigitalsigningusingMobile-ID●verificationofcertificatevalidity(identificationviaID-cardoranothersmartcard)●creationofdigitallysignedfiles●verificationofcontentandsigna-turevalidityfordigitallysignedfiles(DigiDoc).
The basic software components usedfor digital authentication are publiclyavailabletoalldevelopers.Anyorgani-sationcan thereforebuildapplicationsand business processes based on theeID card as the central identificationdevice.ThishasresultedinwidespreadadoptionofthefunctionalitiesoftheIDcard.
The Estonian Certification Centreconducted a cost-benefit analysis ofdigital signing, which showed that itentails remarkable financial benefits,eg. by replacing handwritten docu-mentswithdigitallysignedonesEstoniahassavedover200millioneuros.
Calculate your prospective savings:
● Digital signature cost-profit calculator www.eturundus.eu/digital-signature
● Digital document cost-profit calculator www.eturundus.eu/digital-document
These calculators are helpful tools for institutions and companies who sign contracts with their clients, partners and suppliers or exchange other formal docu-ments (subscriptions, acts, invoices, etc). (Reference: www.sk.ee)
Customer support
The customer support is organised by the EstonianCertification Centre (Sertifitseerimiskeskus AS, SK).Themain channel for all eID, andMoblie-ID relatedquestionsisthe24/7helplineservice.
The Certification Centre provides the following additional services in its customer service points:●verificationofcertificates●activationofcertificates(terminationofsuspension)●suspensionofcertificates●revocationofcertificates●changeofPINcodes
Information channels:●PoliceandBorderGuardBoardwww.politsei.ee/en●e-Estoniawebsite:www.e-estonia.com●ID-cardhelpcentrewww.id.ee●Mobile-IDhelpcentrewww.mobiil.id.ee
Customer service points ●PoliceandBorderGuardBoard●banks:Swedbank,andSEB
TRY OUT
57
Main Actors On the political level, two major Estonian ministries are involved
in the development of eID:
Ministry of the Interior (MoI) is responsiblefor the legal framework regulating identitydocuments.Inaddition,itisalsotheauthoritysupervising the Police and Border GuardBoard, directly responsible for issuance andmaintenance of identification documents,and for maintaining electronic identities ofresidentsatlarge.
Ministry of Economic Affairs and Commu-nications (MEAC) is responsible for the legalframeworkand implementationof theDigitalSignaturesActandeIDASregulation,aswellasandissupervisingtheInformarmationSystemAuthority(ISA), thatcoordinatesthedevelop-mentandadministrationofthenationalinfor-mation system, to help the state provide thebestpossibleelectronicservicestocitizensinasecureenvironment.● RIHA, responsible for administrating thestate information system, guarantees thetransparency of the administration of thenationalinformationsystemandhelpstoplannationalinformationmanagement.● The State Register of Certificates, func-tioningundertheMEAC,isasupervisorybodyfor certification and time-stamping serviceproviders. Since the number of such serviceprovidersisquitelow(1CSPand2TSPsinJune2016) the register has been rather passive,functioning mainly as a registrar receivingcompulsoryannualauditreportsfromserviceproviders.● e-Identity Working Group was originallyestablished under the auspices of MEAC,and comprised different stakeholders fromthepublicandprivatesector.Thegroupheldmeetings when necessity addressing topicalissuesregardingeIDmatters.
In addition to the public sector, the privatesector also plays a significant role in theEstonian eIDMS. Both card manufacturingand certification are carried out by privatecompanies,withalmostadecadelonginten-sivecollaboration.Thus,PPPhasservedasanessentialdrivingforcebehindtheevolutionoftheEstonianeID.
There are two private companies that have essential role in the delivery and manage-ment of the Estonian eID:●TRÜBBalticAS (ownedbyGemaltoAG) isthe company responsible for manufacturingofplasticID-cards,andalsotheirpersonaliza-tion.● Certification Centre (AS Sertifitseerimiske-skus,SK)functionsasacertificationauthorityand maintains the electronic infrastructurenecessary for issuing and using ID-cards. Italso functionsasancentreofexcellence forelectronic usage of the ID-card providingsoftware, including a digital signature soft-wareframework,end-usersupportaswellassupport and services to e-service providers.Inaddition,theCertificationCentreactsasaMobile-IDtechnologyproviderinclosecollab-orationwithmajorlocaltelecomoperators.
SKisownedbythe“bigthree”oftheEstonianeconomy—twomajor banks (Swedbank andSEB bank) and the largest mobile networkoperator(MNO)TeliaEesti.Thisset-upallowsSK to act as a unique roundtable bringingtogether the public sector, MNOs and thebanks.Thiscollaborativeframeworkmaydefi-nitelybecreditedasoneofthemainreasonswhyID-cardandMobile-IDhavebeenestab-lishedassuitableeIDtokensacrossallsectors.This configuration has also facilitated thecomprehensive application of digital signa-tures.
58
Please examine visual concept on the inner
side of main page.
59
Description of the X-Road Environment
X-Road is the data exchange layer that forms the backbone of e-Estonia. Its creation was originally
launched by the Estonian government in the 1990s in order to create a secure and standardised environment for interconnection, enabling data exchange between a multitude of different information systems, both in
the public and private sector, incl. providingservices to each other.
Statistical Data for X-Road in 2015.●morethan1,700services●morethan900connectedorganisations,publicregistriesanddatabases●morethan500milliontransactionsperyear●morethan1millionrequestsperday
X-Road has been live since 2001with no downtime.
ThemaingoaloftheX-Roadprojectwastobuildaninfrastructurethatwouldalloweffortlessaccesstothedatainstateregistrieswithoutcompromisingthesecurityofthedataandwithminimalimpacttotheexistingsystems.
Background Thestartingpointwastounitevariousgovernmentregistries–andthereweremany,managedanddevelopedbydifferentorganisations,andfinancedsepa-rately.Registriescontainmostlypersonaldatathatisinsomecasesorusedtomake high-value decisions, that are in some casesneededinrealtime(eg.healthcaresituations).Thesituationwascomplicatedby the factthattherewereevenmoreusers,mostof them small organisations withoutrelevant security know-how andlimitedIT-budgets.
60
TheX-Roadexperience servedasoneof themodelsindesigningtheconceptualmodelfortheEuropeaninteroperabilityframework.ForthatreasontheEstonianmodelmatchesfullywiththeEUconceptualmodelofservices(seeFigure above). (Ref: Estonian InteroperabilityFramework www.mkm.ee/sites/default/files/interoperability-framework_2011.doc)
The Population Register, maintained anddevelopedbytheMinistryoftheInterior,isadatabase which contains the main personaldataonEstoniancitizens,EUcitizensresidinginEstonia,andalienswhohavebeengrantedaresidencepermit.Theregistrydataincludesnames, uniquepersonal identification codes,birth dates, places of residence, and otherstatisticaldata.
ThePopulationRegister isconnectedtoothersystems and databases via the X-Road, andallowsforsmoothexchangeofup-to-datedata.Forexample,when individualsapply forstudyallowances,discountedticketsonpublictrans-portorgivetheirvotesonline,alltherelevantdata is retrievedfromthePopulationRegister.Thesystemretrievestheinformationautomat-ically–noneedtosubmitextradocumentsorfilloutonlineforms.Eachpersoncanaccesstheregistry with their with ID-card or Mobile-ID,andrevieworcorrecttheirdataintheregistry.(Reference.MinistryoftheInterior).
Conceptual model for public services
61
ThetechnicaldesignprinciplesfortheX-Roadcore technology Unified Exchange Platform(UXP) provide a distributed, secure, unifiedinter-organisationaldataexchangeplatform.
Distributed:UXPisacompletelydistributed,resilient system with distributed manage-ment.UXPdoesnot centralise thedata anddoesnotchangetheownershipofthedata.
Secure: Designed to satisfy the securityrequirements for governmental and organ-isational interoperability, UXP ensures theauthenticity, integrity and non-repudiationof exchanged data; resulting in high availa-bility of services and the confidentiality ofexchangeddata.
Heterogeneous: UXP connects informationsystems built on any platform. UXP doesnotprescribeany toolsand technologies forinternalusefororganisations.
Reliable: UXPdoesnothaveasinglepointoffailure. All components in the infrastructurecan be made redundant for high resiliencyagainstfailuresandattacks.Componentsthat
Consultation and system support are available for the development of organisational procedures and legal framework. Our expertise is based on two decades of practical experience in the development and deployment of the relevant technology and auxiliary solutions. Partner organisations: e-Governance Academy, Cybernetica, Aktors, Estonian Information System Authority.
Technical Design
The X-Road is an advanced and highly secure interoperability framework that connects all main public sector registries and databases, for example:
areavailableoverasharedorpublicnetworkemployprotectivemeasuresagainstdenialofservice(DoS)attacks.
Federation support: UXP supports bi-lateralagreements between different UXP instal-lations. Any single UXP installation has thecapabilityfor interoperabilitytoanotherUXPinstallation.
Ease of implementation: UXP infrastructuredeployment is fast and efficient. We offera pilot version of UXP which can be imple-mented very conveniently and which offerspromptinstallationandreviewopportunities.
Ease of use:UXPiseasytoadapt,allcommu-nication is based on web-services and cantherefore be easily used by all developersthroughtheuseofUXPAdapter. Inaddition,accesstoallotherorganisations isuniform–thereisonlyoneAPIandonesetofrulesthatmustbefollowedbyalldevelopers.
●PopulationRegister●MaritalPropertyRegister●SuccessionRegister●CriminalRecordsDatabase●e-BusinessRegister●EuropeanBusinessRegistry
●e-LandRegister●RegisterofConstructions●CentralProcurementsRegistry●CentralRegistryofSecurities●ShipRegister●RecreationalCraftRegistry
62
X-Road Technical Components
In the X-Road system, certified memberscommunicate directly without intermediariesusing secure peer-to-peer connections. Allthe messages (requests and responses) aredigitally signed and time-stamped and sentoveranencryptedandmutuallyauthenticatedchannel.
Core Components of the Unified eXchange Platform (UXP)
TheUXPCoreComponents formthetechnologicalbasisforrunningtheX-Roadframework.Itconsistsofthethreeintegralcomponentsthat provide the technologicalcapability for the X-Road dataexchangelayer:●UXPSecurityServer●UXPRegistry●UXPMonitoringSystem
63
UXP Registry
The UXP Registrymaintainsinformationaboutapprovedcertificateauthorities,approvedtrustservices,UXPmembers and security servers. This information is distributed to the securityservers.TheUXPregistryismaintainedbytheGoverningAuthority.
UXP Security Server
The UXP Security Server acts as a gatewaybetweentheorganisation’sinformationsystemandtheUXPinfrastructure.Thesecurityserverrelays request and response messages whileproviding a protective layer. All messagesare exchanged via a cryptographically securechannel.Whatismore,themessagesaredigi-tallysignedandtime-stampedtoensurelong-termauthenticityvalueofthetransactions.
●Securityserversimplementsecuritygatewaysforweb-services.Allweb-servicerequestsandresponses are digitally signed, time-stamped,encryptedandarchivedbysecurityservers.● Security servers implement organisationallevelaccesscontrolforweb-services.●Securityserversencapsulatethecomplexityof highly available PKI-based infrastructrureand provide developers with transparentlysecuredinter-organisationalwebservices.● Security servers provide meta-services fordiscoveringthestructureoftheinfrastructure,includingorganisationsandservices.
UXP Monitoring System
The UXP Monitoring System receivesmoni-toring information from the security serversand makes it available to central systemadministrators. The X-Road comprises localmonitoring stations, each continuouslycollecting information (status information,errormessages,andquery information)fromthelocalgateway.Statusinformationcontainsdetailed system information, such as CPUusage, memory usage, number of pendingqueries, and much more, giving the systemadministrator a complete and accurate over-viewoftheirserver(s).
GlobalmonitoringoftheX-RoadinfrastructureenablesthecollectionofstatisticaldataaboutusageandwillhelpmaintainX-Roadservices.Analysingcollectedstatisticscanhelpdiscoverand mitigate misuse. What is more, alertingX-Road members about invalid states of thesecurity server will facilitate X-Road serviceavailability.
64
Universal Portal
UniversalportalMISP(MiniInformationSystem/Portal)isanapplicationthatallowsorganisationsto execute X-Road services that are openedto them. Consumers can create and use fourdifferenttypesofportalsintheMISPapplication.Theportaltypesarethefollowing:
Organisational information system ●oneconsumerorganisationislinkedtotheportal●usercanonlyusee-servicesonbehalfofthelinkedorganisation.Usermustalsohaveuser●roleandquerypermissionsgivenbythisorganisation.●ServicesofX-Roadproducersareopenedtothelinkedorganisation.
Citizen portal●aportalforpublice-services.●specialconfigurationoftheorganisationalportalwherepublicusergroupisused.Allauthenticatedusersareconsideredtobeinpublicusergroup.●useraccountisnotrequiredtoentertheportalandusee-services.●authenticatedusermayusealle-serviceswhichareavailableintheportal.
Universal portal●onlyoneorganisationislinkedtotheportal(theorganisationmanagingtheportal).Applicationofunitconcept,i.e.userrolesandpermissionsarelinkedtotheportalunit.Theserolesandpermissionsarevalidonlyunderthelinkedunit,eg.inthefamilyphysicianportaltheportalunitisadoctor.●e-servicescanonlybeusedasaunit’srepresent-ative,meaningquerypermissionsanduserrolearerequiredtobeperformedfromundertheunit.●inordertousetheportal,anewunithastoberegis-teredbytheunitrepresentative,whoserepresenta-tionrightsarecheckedusingX-Roadproducersstandardrepresentationrightsquery.●undertheportal’sorganisationrights(whilenotrepresentinganyunit)onlymeta-servicesareexecuted.●servicesofX-Roadproducersareopened(dependingofportalconfiguration):●tothelinkedorganisation.●totheportalunitorganisation
Business portal●specialcaseofuniversalportal,unitsareregisteredintheEstonainBusinessRegister●duringunitregistration,checkqueryissenttoCCR.Theresponsemayincludebusinesseswithsingleorunknownrepresentationrights.Unknownrepresenta-tionrightsmeanthatadditionalconfirmationsarerequiredfromotherunit’srepresentativestosetunitspermissionsmanagers.
X-Road´s operation is ensured by centralgoverning,specificallybytheEstonianInforma-tionSystemAuthority(RIA),whichservesasitsgoverningauthority.ThemostimportanttaskoftheX-RoadgoverningauthorityistoensurethelegalstatusoftheX-Roadsystemandtheinformation exchanged by enforcing relevantpolicies.TheX-Roadgoverningauthorityisalsoresponsible for steering the further develop-mentof theX-Roadandensuring its consist-encyandintegrity.
TheX-Roadgoverningauthorityisalsoresponsibleforformulatingtheinfrastructure’ssecuritypolicywhichincludes:●securityrequirementsformembersoftheinfrastructure(eg.userauthenticationrequirements)●securitycategoriesapplicabletoservicesandinformationsystems.Securitycategoriesallowtheserviceproviderstoformallyspecifylistsofsecurityrequirementsthatserviceusersmustcomplywith.●listoftrustedcertificationandtime-stampingserviceproviders.
X-Road Governing Authority
65
Trust Services
Trust services providecertification and time-stamping services. Insimpler cases, trustservicescanbeprovidedbytheX-RoadgoverningagencyorbyanyCertifi-cationAuthority.Gener-ally,certificationauthor-itiesofferstandardcerti-ficationservices:●issuecertificatesfordigitalsignatureandwebservers●offercertificatevaliditycheckingservices●offertime-stampingservices
X-Road Members
TheX-Roadmembersareentitiesthatwishtocommunicatewith eachother. Theprerequi-site is thateachmemberhasan informationsystemthatwillbeconnectedwithsystemsofothermembersthroughasecurityserver.Thus,all X-Road members need to add a securityservertotheirinfrastructuresanduseX-RoadandPKIinfrastructureservicesformakingtheirservices available to different types of users.In order to join the X- Road community, allprospectivemembersmust ensure that theyhavesufficientsecuritymeasuresinplace.TheX-Roads governing authority retains the rightto review security policies and operationalprocedures.Finally,afterconcludingcontractswith service consumers, access rights to usetheservicearegrantedtoclientorganisations.The access rules are always defined by theserviceproviderandregulatedbytheX-Roadgoverningauthority.
In contrast to consumers, who make requests via the X-Road, data providers use the X-Road to answer requests and share data. Therefore, data providers must meet two extra requirements to use the X-Road:
●dataprovidersmustoperatearegistry(database),whichmustberegisteredwiththeX-Roadgoverningauthority(Informa-tionSystemAuthorityinEstonia).● data providersmust have an AdapterServer, commonly known as integrationcomponents.
eGA development partners
66
Main Actors in X-Road
On the political level the major Estonianinstitutions that are involved in the X-roaddevelopment:
Ministry of Economic Affairs and Communi-cations (MEAC) is the supervisory authorityoftheEstonianInformationSystemAuthority(SIA), that coordinates the development andadministration of the national informationsystem, to help the government provide thebestpossiblee-servicestocitizens.●RIHA,theadministrationsystemforthestateinformationsystem, servesasa catalogue forthenationalinformationsystem.RIHAguaran-teesthetransparencyoftheadministrationofthenationalinformationsystemandhelpsplannationalinformationmanagement.
In the private sector two companies are involved in the X-road delivery and manage-ment:● Aktors develops information systems andotherspecificsoftwaresolutions,offeringthewholepackagefromanalysistotheimplemen-tation of the system and consulting servicesrelated to software development. Aktors hasbeeninvolvedfromthebeginninginthedevel-opmentofseveralX-Roadinterfacedatabases.In addition, Aktors handles the maintenanceanddevelopmentoftheX-RoadportalMISP.
● Cybernetica: researches, develops andmanufactures software solutions, light signa-lingandtelematicsproducts,maritimesurveil-lance and radio communications systems;investigates and applies the theoretical andpractical security solutions. Cybernetica isfocused on spreading its expertise on UXPtechnology, currently enabling e-Governmentservicesformorethan35millionpeopleacrosscontinents.IntegratedmanagementsystemofCyberneticaiscertifiedaccordingtothestand-ardsISO9001:2008andISO14001:2004.
X-Road Community
The community was created in 2013,andmeets twice a year. They discussissuesrelatedtothe
X-Road, and seek solutions to theseissues.Thecommunity includesdevel-opers, administrators and businessprocess managers that want to beinvolvedinthedevelopmentofX-Road.
67
How to start? Why use the X-Road solution?●X-RoadisamajorsteptowardstheInforma-tionSociety●X-RoadoffersbestpracticesfromEstoniaandEuropeintheutilisationofnewtechnologies●X-Roadprovidessecuredandtopqualitye-Servicestocitizens,governmentagenciesandtheprivatesector
Currently,theX-RoadisusedastheofficialgovernmentinteroperabilityframeworkinEstonia,AzerbaijanandFinland.Inaddition,theEstoniane-GovernanceAcademyhashelpedseveralcountries(eg.Namibia,Tunisia,Pales-tine,Faroe,Haiti,Ukraine,Kyrgyzstan,etc.)toimplementandadjustX-Roadtotheirneeds. The implementation process comprises the following activities:●creationofthecentralagency/governingauthority●establishinglegalstatus●settinguptechnicalsystems●creationofe-services
Prerequisites for X-Road ●uniqueidentifierperentity●eIDframework●technicalandregulatoryframeworkfordigitalsignaturesdigitisedregistries●regulatoryframeworkforelectronicdataexchange(toensureuniformdataexchange)●trustedandlegitimategoverningauthorityproceduresandregulationswithsufficientresources
Ongoing: Federation EE-FI
Formoreinformation,[email protected]
68
e-Governance does not entail a comprehensive system of
specialised legislation. Actually, it might even be dangerous to
have too many regulations, be-cause it runs the risk of creating a parallel system of governance,
and might lock in technologies when they would actually need
flexibility in order to facilitate on-going development.
The regulations should address the natureof transactions, and the sensitivity of data,while leaving the technology itself relativelyuntouched. The essential legal work lies inanalysingexistinglegislationandidentifyinggapsaswellasareaswherelawmayposeobstaclestothedevelopmentofe-governance.However,certainaspects,suchaselectronicidentificationand digital signatures, need special regulationbecause these are the concepts that have noequivalents in the non-virtual paper-basedworld. In addition, special focus should be ondata protection legislation because electronicdataisgenerallyperceivedaslesssecure.
Therefore,itisessentialtoengagelegalexpertsearly intheplanningprocess inordertoavoidregulatoryobstacles,andalsopreventsituationswherelateimplementationofregulationscouldhindertheapplicationofe-services.Over-regu-lationshouldbeavoidedandparadoxically,therisk isgreater ifthelegalanalysis ispostponed
toalaterstage.ThemostpressingmattersthatneedtobesolvedinfirstorderareICTlegislationandcompetitionlaw,inordertoensureaccesstotheinternet,butalsotheonlineprotectionofrights.However,thisdoesnotnecessarilyneedtotaketheformofnewlaw,butshouldprefer-ablybesolvedvialegaldiscussions.
e-Government Legislation
eGA Member of the Management Board Hannes Astok and Founder of e-Governance Academy Ivar Tallo
69
Estonia does not have specific e-governancelegislation, but there are a number of legalactsthathaveaneffectone-governance.Thisoverviewoutlinesthemostimportantacts,thedifferentstepsthatneedtobetaken,aswellastheassistancethattheEstoniane-GovernanceAcademycanprovideinthisprocess.
Basic Principles
The following principles outline the key elements related to the legal side of e-governance:
● avoidover-regulation,becauseitentailstheriskofcreatingparallelgovernancestructures● itisessentialtoreviewexistinglawstoensurethate-governancemethodsareapplicable● itisimportanttolegallydeterminetheresponsibleauthority(i.e.forcarryingoutreforms,monitoringthequalityandaccessibilityofservicesandforreceivingcomplaints,etc.)● stipulationofdataprotectionrulesandalsoasystemofenforcement● thelawmustestablishasecureformofonlineidentification● informationandcommunicationtechnology(ICT)lawaswellascompetitionlaw(sectorspecificand/orgeneral)isimportanttoensurethatproperaccesstotheinternetissecured● e-governancecanbeanimpor-tanttoolforensuringbetteraccesstoinformationandfacilitatingdemocraticparticipation,butthetechnologyshouldbeseenprimarilyasthetoolandnotthedeterminingfactorforhowtostructuresuchaccessandparticipation
70
Archives Act Theactstipulatestheprinciplesforcollecting,evaluating, archiving, preserving, andaccessing archival documents, as well asthe general regulation for archiving activi-ties.What ismore, it laysout theguidelinesfor private records entered in the archives’register and the transfer of ownership ofprivate records entered in the archives’register.TheArchivesActappliestoelectronicdocuments as well as to documents in anyotherforms.
Population Register ActTheactsetsouttheprinciplesforoneofthemaincornerstonesofthedigitalsociety–theuniquepersonalidentificationcode.Pursuanttothisact,theEstonianidentificationcodeisauniquelifelong11-digitcodethatismandatoryforeveryoneworkingandlivinginEstonia,alsoe-residents.TheIDcodeisafundamentalelementoftheelectronicauthenticationprocess.Inadditiontoelectronictransactions,thesamecodeappliesinallothercontextswherepersonalidentificationisnecessary,i.e.eachpersonhastheirownuniquecode.
Digital Signatures Act
This act bestows equivalent legal status tobothdigitalandhandwrittensignatures,andstipulates a requirement for all public insti-tutionstoacceptdigitallysigneddocuments.It also includes a special chapter regulatinggovernmental supervision over certificationand time-stamping service providers. For amore detailed overview, please refer to thesubsectiononPublic Key Infrastructure. Thisact is superseded by the EU regulation No910/2014 on electronic identification andtrustservicesforelectronictransactionsintheEuropeaninternalmarket(eIDAS).
Public Information
Act The act covers national and localgovernment agencies, and other legalentities both in public andprivate law,thatare responsible for thedeliveryofpublic services inareas suchaseduca-tion,healthcare,socialorotherpublicservices.Peoplehavetherighttomakeinquiries, and the holders of relevantinformation are under obligation toreply.Inaddition,theyarealsoobligatedtomaintainwebsitesandpostrelevantinformation online. These entities arealso required to ensure that the infor-mation is not ‘outdated, inaccurateor misleading’. Currently, this act alsoregulates the subject area that waspreviouslycoveredbythenowdefunctDatabasesAct.Fromtheperspectiveof
e-governance the Public Information Act regulates:● management of the national infor-mation system (by Information SystemAuthority)● dataexchange layerof the informa-tionsystemX-Road●securitymeasuresforotherinforma-tionsystems
71
Identity Documents Act
Thisactestablishesamandatory identitydocument,and regulates the issuanceof identitydocuments toEstoniancitizensandaliensbytheRepublicofEstonia.Inadditiontootherfunctionalities,theidentitydocu-mentcanalsobeusedforelectronictransactions,asexplainedabove.
Electronic Communications Act
Personal Data Protection Act
The regulations provided in this act are infullcompliancewiththeEUDataProtectionDirective 95/46/EC. The act protects thefundamentalrightsandfreedomsofpersonsinthecourseofprocessingoftheirpersonaldata,allinaccordancewiththerightofindi-vidualstoobtainfreelyanyinformationthatismadeavailableforpublicuse.TheEUisintheprocessofamendingitsdataprotectionlegislation,withtheGeneralDataProtectionRegulation adopted in April 2016. The newregime is better suited for electronic data.However, the personal nature of the data,not its form, is still the determining factor.Independentoversight,andclearprovisionsregarding responsibility fordataprocessing,remain the cornerstones of this protectivesystem.
Information Society Services Act ThisactdrawsontheEUDirective2000/31/EConcertainlegalaspectsofinformationsocietyservices,inparticularelectroniccommerce,intheInternalMarket.Itestablishestherequire-mentspertainingtoinformationsocietyserviceproviders,aswellastheorganisationofsuper-visionandliabilityincaseofviolations.
Public Procurement Act Thisactincludeslegalprovisionsfacilitatingthefurtherdevel-opment of electronic solutions in public procurement (e.g.e-Auctions,DynamicPurchasingSystem,eCatalogue,setc.).
State Secrets and Classified
Information of Foreign States Act Thisactensuresthesecurityandforeignrela-tions of the Republic of Estonia, protectingstate secrets and classified information offoreign states fromdisclosure, and becomingaccessible to persons who have not beengrantedaccesstosuchinformation.
Thepurposeofthisactistocreatetheneces-saryconditionsforpromotingthedevelopmentof electronic communications networks andserviceswhile ensuring theprotectionof theinterestsofusersofsuchservices.Theactstip-ulatesrequirementsfor:publiclyavailableelec-troniccommunicationsnetworksandservices;and also state supervision over compliancewiththerequirements.Itservesassector-spe-cificlegislationtotheCompetitionAct.
72
Emergency ActThisactprovidesthelegalframeworkforcrisismanagement, including preparation for anemergencyandresolvinganemergency,aswellas ensuring the continuous operation of vitalservices.Thisactalsoregulatesthedeclaration,the resolving and the termination of emer-gency situations, and the use of the DefenceForces and the Defence League in resolvingan emergency, performing rescue work andensuringsafety.
How to start?The e-Governance Academy offers assistancein analysing and formulating necessary legalregulations.
The first step is to conduct a comprehensivereview of existing legislation, which shouldpreferablybecarriedoutbylocallegalexpertsunder the supervision of eGA´s legal expert.The main goal of this analysis is to highlightareasinneedoflegalmodificationsinordertofacilitatesmoothtransitiontoe-governance(e.g.regulationsondigitalsigna-tures, electronic documents, interoperabledatabases etc.). Ideally, this analysis shouldbecarriedoutconcurrentlywith theplanningof applicable technologies because the regu-lations should complement the technologicalsolutions.Theoutcomeofthiscomprehensivelegal analysis is anoverviewof relevant legis-lation, highlighting necessary changes, themeans to achieve them, and offering sugges-tionsforlegislativemodifications.
The following areas of law need to be reviewed with regard to e-governance related matters:●administrative law (incl. administrativeproce-dure)●competenciesofgovernmentinstitutionsdataprotectionlegislation(protectionofprivacy)●contractlaw●regulationsonaccesstoinformation●ICTlaw(eg.internetserviceprovision)●competitionlaw(incl.general/sectorspecific,●includinglicensesandauthorisations)●publicprocurementlaw●criminalprocedurelaw(rulesonevidence)
The key factor determining successful transi-tion to e-governance is the establishment of agoverning authority responsible for differentaspectsofe-governance.Thecompetenceofthisagencymustbesetoutinlawtoavoidambiguityanddisputes.eGAexperts(legalandinstitutional)areonhandwithknowledgeaboutthebestinter-national practices.We recommend arranging aseminarwithe-governancelegalexpertsintheearlystagesoftransitioningtodigitalsociety.
Formoreinformation,[email protected]
73
Institutions and Organisations
Government Institutions
Estonian Government Office: SupportsthegovernmentandthePrimeMinisterinplanning and implementing policies, and facilitatinggoodgovernancepractices.Responsibleforensuringthatdraftlegalactsproposedbythegovernmentareconstitutionalandinconformitywithotherlegislation.●e-Estonia Council: coordinates thedevelopmentofEstoniandigitalsocietyande-governance,specifi-cally the implementationofnationaldigital agenda.Establishes expert committees, andworking groupsorcommissionsstudiesinthefieldofICTpolicy.●National Security and Defence Coordinaton Unit:responsible for coordinating national security anddefence,includingcybersecurity.
Ministry of Economic Affairs and Communications (MEAC)isresponsiblefordevelopingtheinformationsociety,andsupervisingrelevantgovernmentagenciesInformation System Authority (ISA) main areas of responsibility:●PublicKeyInfrastructure(PKI)●AdministrationSystemfortheStateInformationSystem(RIHA)●DataCommunicationinPublicAdministration(ASO)●StatePortaleesti.ee●DataExchangeLayerX-Road●DocumentExchangeCentre(DEC)●ITInfrastructure
Raising Public Awareness about the Information Society●CriticalInformationInfrastructureProtection(CIIP)●Managementofsecurityincidentsin.EEcomputernetworksCERT-EE●ITBaselineSecuritySystemISKE
Technical Regulatory Authority●improvesthesecurityandreliabilityoftheelectroniccommunicationproducts●overseescertificationserviceprovidersandtime-stampingserviceproviders●adoptsETSI(EuropeanTelecommunicationsStandardsInstitute)EuropeanStandards●managesRoot-CA(EECertificationCentreRootCA)
The Estonian Internet Foundation●maintainsthedatabaseofthecountry-codetopleveldomainname
Enterprise Estonia●promotesregionalpolicy,andprovidescoun-seling,fundingandtrainingforbusinesses●managesthee-Estoniabrand,incl.webpageonoure-governanceand●e-services,andthee-Estoniashowroom-anexecutivebriefinghub
Estonian State Infocommunication Foundation (RIKS)●providescommunication-relatedservicestogovernmentagencies●providesoperative,radioandmaritimecommunications,andtelephoneservices
Ministry of Education and ResearchisresponsibleforthedevelopmentofthenationalITeducationstrategyandtheintegrationofITinalllevelsoftheEstonianeducationalsystem
National Archives●establishingprinciples,standardsandguide-linesfordigitalrecords●developsandimplementsthedigitalarchivestotheirfullpotential
74
Information Technology Foundation for Educa-tion (HITSA)●promotesthedevelopmentofICT-relatededucationinEstonia●overseestheoperationoftheEstonianITCollege,andtheTigerLeapdevelopmentprogrammeforimplementingITinbasicandgeneraleducation
Ministry of the Interiorisresponsiblefordevelopingidentitymanagementpolicies(incl.electronicidentity),andcoordinatingnationalcrisismanagementactivities,incl.cybercrises. Police and Border Guard Board●overseesthenationalsystemforidentification●documents,andmaintainselectronicidentitiesofresidentsatlarge●investigatescybercrimesandterrorism●utilisesdigitalforensics
Estonian Internal Security Service●investigatesoffencesrelatedtointernalsecurity,incl.collectinginformationandimple-menting●preventivemeasures
Centre for Information Technology and Devel-opment Centre●overseestheactivitiesofthePopulationRegister
National Foundation for Civil Society (KÜSK)●supportsNGOsincapacitydevelopmentbyprovidingfunding●fundsprojectspromotingdemocracy
Ministry of Justice is responsible for thedevelopmentofnationallegislativepolicy,andadministrationofnationalregistries,e.g.commercialregistry
Centre of Registers and Information Systems●overseesthedevelopmentandmanagementofnationalregistriesandinformationsystems
Data Protection Inspectorate●independentorganisation,supervisespublicandprivatesectorentitiesinrespecttodataprotectionrightsandobligations.
Ministry of Defence
is responsible for organising national defence bydeterringattacksagainstEstoniaandensuringthatEstoniaiscapableofdefendingitselfagainstexternalthreats.
Estonian Information Board●managestheelectronicsystemforclassifiedinformation
Estonian Cyber Defence League●volunteerorganisationofITsecurityexperts,programmers,lawyersandmanagementspecialistsfromthenation’stopITcompanies,banks,ISPsanddefenseforces,taskedwithassistingthegovern-mentduringcyberattacks
Deputy Secretary General for Communications and State Information Systems Taavi Kotka
75
eGA●establishesanddisseminatesknowledgeandbestpracticesinthefieldsof●e-governance,e-democracy,openinformationsocietiesandnationalcybersecurity
Look@World Foundation● promotes the use of Internet and ICT ineducation,scienceandculture,e.g.projectsonICT-skills,safeusageofICT,andICT-relatedafter-schoolactivities
Estonian Association of Information Tech-nology and Telecommunications● voluntary umbrella organisation uniting Esto-nian IT and telecommunications companiesaimingtopromotetheirmutualco-operationinEstonia’sdevelopmenttowardsthedigitalsociety
Academic InstitutionsUniversity of Tartu●national university, and the leading centre ofresearchandtraininginEstonia●belongstothetop3%oftheworld’sbestuniver-sities
Tallinn University of Technology●theflagshipofEstonianengineeringandtech-nologyeducation●createsandvaluesthatsecureEstonia´sdevel-opmentinaglobalisedworldbygeneratingsyner-gies between natural and social sciences, thusenhancingthedevelopmentofsociety
Tallinn University●thelargesthumanitiesuniversityinTallinnandthethirdlargestpublicuniversityinEstonia●itsinterdisciplinaryfocusareasareeducationalinnovation, digital and media culture, culturalcompetencies, healthy and sustainable lifestyleandsocietyandopengovernance
The Estonian Information Technology College●theleadingproviderofappliedhigherITeduca-tioninEstonia,bringingtogether●high-techknow-howandthepracticalneedsoftheinformationsociety●1/3oftheacademicstaffcomefromITcompa-niesorgovernmentagencies
Non-Governmental Organisations
76
Business Entities Inthissectionyouwillfindalistofcompaniesthatareimportantplayersboth in thedomesticand foreignmarkets, equipped with cutting-edge expertise andspecialisedteams.Theyarereadytobecomeyourreli-ablepartnersintheareasofe-governance.InordertofindasuitablebusinesspartnerfromEstonia,pleasebeginbychoosingthefieldofcompetencefromtheleftcolumn,andthenselectingthematchingcompanyintheupperrow:
Reference:www.e-estonia.com
77
In Estonia, a variety of ICT education programmes have played an essential role in the success and widespread utilisation of the country’s eID system for various transactional processes, as well as overall growth in the number of people using different e-services.
Knowledge Development
Over the years, Estonia has launched severaldifferent projects and programmes in order toimproveaccessibilitytotheInternetandincreasethe relevantmotivationandcapabilitiesamongallagegroups,especiallytheelderlypeople(i.e.55+). The ICT education targeting the youngerpopulation is mainly provided by schools,whereaselderlypeoplehavehadtheopportunitytoobtainbasicICTuserskillsandgetusersupportfor example at post offices, regional offices ofgovernmentagenciesandlocalmunicipalities.
Themain partner organisations participating inICTknowledgetransferprojectshavebeenLook@World and Tiger Leap Foundation. In addition,the Ministry of Economic Affairs and Commu-nications initiated a special programme titled“Awareness-RaisingfortheInformationSociety”,whichaimstoraiseawarenessaboutthebenefitsoftheinformationsociety;promoteactivepartic-ipation in information society policy making;improvetheeffectivenessofpolicymakingintheICTarea;contributetomakingpublicadministra-tionmoretransparentandaccountable;increaseaccessibilitytoICTsandboostactiveuseamongallsegmentsofthepopulation.
The programme comprised trainings offered by different partners, incl. banks and the Tax Office which promoted the popular use of e-services through the utilisation of the electronic ID-card. The programme´s core activities include the cultivation of positive attitudes towards innovation and new tech-nologies in general, more specifically: ●promotionoftheeIDpossibilities●governmentinformationportaleesti.eeandotheronlinepublicservices●introducingcitizenstothepossibilitiesofthestateinformationsystem●increasingawarenessaboutonlinesecurityissues
eGA Head of e-Governance Trainings Annela Kiirats
78
ICT in General Education
In1997,withtheestablishmentoftheTigerLeapFoundation, and the launch of its Tiger LeapProgram(1997-2000),Estoniabeganfacilitatingthe use of ICT in general education, and as aresultallEstonianschoolsnowhave:
●abroadbandconnection●consistentandpracticalICTmethodologytrainingforteachersatdifferentlevels●possibilityforteacherstouseVLEs(virtuallearningenviron-ments)tocreateelectronicstudymaterials.
According to Eurydice’s Key Data on LearningandInnovationthroughICTatschoolinEurope,Estonia has established national strategiescovering trainingaswellas researchmeasuresin all areas of ICT in schools, e-learning, anddigital/medialiteracy.InprimaryandsecondaryschoolsICTisapproachedasagenerallearningtool that can be utilised in all other subjects.Public-private partnerships for promoting theuseofICTarealsowidelyencouraged.Inaddi-tion,insecondaryschoolsICTisalsotaughtasaseparatesubject.
With regard to theuseof ICT, themajority ofteachersinEstoniahavebeenusingICTinclassactivitiesforalmostadecade,andingeneral,theuseofICTbyEstonianteachersiswellabovetheEUaverage.Asaresult,Estoniaranksfirstamongthe leadinggroupofcountriesatallgradesonthis indicator (Reference: www.schoolnet.comSurveyofSchools:ICTInEducation).
e-Governance and Cyber Security Programmes in Estonian Universities
University of Tartu ●InternationalMaster’sProgramme(MSc)inCyberSecurity(jointprogrammewithTallinnUniversityofTechnology)
Tallinn University of Technology●InternationalMaster’sProgramme(MSc)inCyberSecurity(jointprogrammewithUniversityofTartu)●e-GovernanceTech-nologiesandServices(MSc)●TechnologyGovern-ance(MA)
Tallinn University●PoliticsandGovern-ance(BA)●InformationSocietyTechnologies(PhD)●InformationandCommunicationScience(PhD)
IT College ●CyberSecurityEngineering●InformationSystemsAnalysis
79
e-Democracy The development of democracy in Estonia has been similar to other post-communist
countries, characterised by rapid insti-tutional development and a somewhat
slower development of civic society. However, Estonia is exceptional in its tech-
nological development which has been faster than in most other post-communist
countries (Reinsalu and Dobnikar, 2012).
Thebenefitsof e-democracy lie in the supportand enhancement of democracy, democraticinstitutionsanddemocraticprocessesbymeansoftechnology.Itiscomplementaryto,andinter-linkedwithtraditionaldemocraticprocesses,soastowidenthechoicesavailabletothepublicforparticipatinginpoliticalprocesses.
Thebenefitsof implementinge-democracyaremost evident for example in i-voting, that hasbeenused inEstoniasince2005.Estonia is thefirstcountryintheworldtouseonlinevotingasanalternativetothetraditionalvotingprocedure.Itenablespeopletovotefromanywhereintheworldbyusingtheirelectronicidentitycard.
In the early stages of developing e-democracytheroleofICTwasrelativelyweak.However,theconstantly growing popular use of the Internetandavailablee-serviceshave improveddemoc-racy.TheInternetisalsoagreattoolforeducatingpeopleondemocracy,e.g.helpingpeoplestayuptodatewithwhatishappeningintheirgovern-ment.Recently,researchershaveconcludedthatICT has the potential to reach the disengagedpartsofthepopulationandbringthemclosertosocietyandpolitics.(Ref:Alvarez,R.,Hall,T.,andTrechsel,A.)
Other areas of e-Democracy:● e-Participation● government-to-citizen G2C● citizen-to-government C2G● citizen-to-citizen C2C● grass-root activists and social networking● political campaigns● online media● i-Voting
eGA Head of e-Democracy Domain Kristina Reinsalu
80
1996 Tiger Leap Foundation ThisNGOplayedasignificantroleinimprovingaccess to the Internet anddevelopingnewcapabilities among the general populationthroughtheuseofnewtechnologies.
2001 Look@World Foundation ThisNGOservespublicinterestbysupportingeducation, science and culture via encour-aging and popularising the use of Internetand ICT. Look@World, together with theTigerLeapFoundation,helped increasethee-literacy of Estonians and as a result alsoEstonia´soverallcompetitiveness.
2001 TOM A civic participation portal called “Today IDecide”(TOM,acronymbasedontheEsto-nianname) launchedby theEstonianStateChancellery inJune2001,and incorporatedintothee-participation site osale.ee in June 2008.Thispublicparticipationportal allowedciti-zens to engagedirectlywith legislative andpolicy-makingprocesseseitherbyproposingnewlegislationorbysuggestingamendmentstoexistinglaws.BylaunchingTOM,theEsto-niangovernmentwasoneof thepioneersin the field of e-participation. However, inreality,onlyrelativelyfewactiviststookpartinTOMandactualvirtualdebatetookplaceinotherinformalforums.
2005 i-VotingInternetvoting,or‘i-voting’,isasystemthatallows voters to cast their ballots onlinevia an Internet-connected computer, fromanywhere in the world. I-voting has beenapproachedwiththeaimofestablishingthecriteriabywhichtoclassifythedifferentviewson Internet democracy (Reference: KristinaReinsalu. The implementation of InternetdemocracyinEstonianlocalgovernments)
2007 www.osale.ee(“participate.ee”inEstonian)The successor to citizen participationportal TOM was launched in 2007, and isnow the central consultation-participationportal for the Estonian Government. Theportal,managedbytheStateChancellery,isconnectedtotheinter-ministerialelectronicdocumentary system EIS. It aims to facili-tatewiderparticipationofcitizensandcivicorganisations in politics, and also to draftlegislation through discussions and consul-tationinaccordancewithrelevantdevelop-ment plans. The portal is still operational,although several studies have been criticalandconsiderosale.eeafailede-democracytool.
2010 www.petitsioon.ee A participation platform created by theCentral Confederation of Owners, Esto-nian homeowner lobby group, for popularlaunching of online petitions. It enablesraisingapetitionbypayingausagefeewhichcurrently stands at 30 EUR. Authenticity of
TIMELINE:
Estonian e-Democracy
81
TIMELINE:
signatures isprovenbyanelectronic ID-cardinadditiontoidentificationbye-mailaddressor Facebook profile. Because the NGO thatcreated and manages the platform has nottaken responsibility formaking the petitionsofficial(i.e.forwardingthemtotheaddressedinstitutions)itisdifficulttoevaluatetheactualimpact of this tool. Nevertheless, in somecasestheimpactisclearanditcorrelateswiththenumberofpeoplesigningthepetition.Forinstance,thepetitioncalledHarta12initiatedin 2012, which managed to garner 18,210signatures (more than any other petition sofar),hashadatangibleoutcome:itwasthekeydriving force behind starting the Rahvakogu(The People’s Assembly) process describedandanalysedinthenextsection.
2012 RahvakoguThe People’s Assembly was initiated by theEstonianPresidentandactiveNGOswiththeaimtoimprovethefunctioningofdemocracyin Estonia. The Assembly combinedmoderncommunicationtoolswithtraditionalface-to-facediscussions.Inthreeweeks,thewebsitereceived close to 2,000 proposals from citi-zens, and the top 15 ideas were presentedtotheParliamentwithsevenofthosehavingnowbeenadoptedas laws (incl. threewereimplemented fully and four were modifiedor combined with other laws) (Toots, 2015;NavarroandFont,2013).
2013 Participatory Budgeting Participatorybudgeting(PB)isaninnovativewaytomanagepublicfunds,andtoengagepeople in issuesof localgovernment.Tartuwas the first city in Estonia that openedup its budgeting process for citizens andexperimented with participatory budgetingpursuanttothescenariodesignedbythe eGA. From the beginning, electronicparticipation was open to all in order toprovide an opportunity to contribute tothe development of e-democracy. CitizensofTartuweregivenachance todecide forthemselveshowtheircityshouldspend1%oftheannualinvestmentbudgetnextyear.Thiswasdonebypresentingtheirideasonlineorbysendingaletter/e-mailtotheTartupublicrelationsdepartment.Aftereligibleproposalswereselected,theresidentshadthechanceto vote for their favourite projects and themostpopularproposalreceivedfundingfromthecityofTartu.
2016 www.rahvaalgatus.ee The Draft Act on Public Initiatives and thee-platformwww.rahvaalgatus.eewere bornin the process of the People´s Assemblyorganised in 2012. This public participationplatform enables citizens to compile andsend public initiatives (whichmust have atleast 1.000 digital signatures) to the Esto-nianParliament.Whatismore,theplatformprovides an opportunity to followwhetherthesubmittedproposalwillbecomeadraftact.
82
How to start?eGA promotes the balanced development ofe-government,whereine-democracyreceivesdueattentionalongwithe-administrationande-services.Weprovidepolicyadvice,training,andconsultancytopublicauthoritiesandcivilsocietyorganisationswhowanttoenhancethetransparency,accountabilityandcivicengage-mentoftheirgovernments.
Formoreinformation,pleasecontactMrsKristinaReinsalu
e-Governance Academy (eGA)
Focus areas of trainingand consultancy:●impactofICTandothertechnolog-icaldevelopmentsondemocracy●developmentoftransparentandreliablee-services●draftingane-democracypolicy●toolsandpracticesforonlineengagementandonlineparticipation●developmentofe-communities●Estonianexperiencewithe-partici-pationplatforms●i-Votingandgoodpracticesinonlinevoting
Open Government Partnership
The Open Government Partnership (OGP) is a global effort to make governments
more open, accountable, and responsive to citizens. People all over the world want
their governments to be more transparent, effective and accountable, with institutions
that empower people and are responsive to their aspirations.
The Estonian Government is committed toworking towards an open and empoweredsocietywherethecitizens’voicesareheardandcivilsocietyinitiativesareincludedinthepoliticalprocess.TheEstoniannationalactionplancoversactivities in the areas of developing public (e-)services, accessibility to national informationassets(data),engagingcitizensinpolicy-making,and preventing corruption and conflicts ofinterest.
InApril2014,eGAlaunchedanewprojectcalled“OpenGovernmentPartnershipinLocalGovern-ments” which aims to increase the awarenessandcapacitiesofEstonianlocalgovernmentsforimplementing open, transparent and participa-torygovernance,whilealsotoimprovinge-democracyatthelocallevel.
We believe that it is necessary for localgovernments to include specific activitiesrelatedtoopengovernanceintotheiractionplans,andtocreateajointopengovernmentpartnershipplatformforsharingexperiencesand best practices. To that end, a networkof front rank local governments has beenformedandactivated.Thisnetworkshallworkin close cooperation with local civic organi-sations,andestablishkeyprinciplesofopengovernmentforlocalgovernmentsanddesignspecificactionplans.
OGPwaslaunchedinSeptember2011whenthefoundingeightgovernmentsofBrazil,Indonesia,Philippines,Mexico,Norway,SouthAfrica,UnitedKingdom,andUnitedStatesformallyadoptedtheOpenGovernment Declaration and announcedtheirnationalactionplans.Sincethen,thepart-nershiphasgrownto64countriesrepresentingathirdoftheworld’spopulation.
83
e-Governance Academy (eGA)e-Governance Academy – Your Partner in Implementing e-Governance and Open GovernmentIn Brief●activesince2002●morethan60countriesconsulted●morethan3,000participants(publicofficials)intrainingsandconsultations●morethan50ICTprojectsonthenational,localandorganisationallevels●networkcomprisingmorethan100expertsfromgovernmentalorganisations,academicresearchinstitutions,andprivatecompanies
Thee-GovernanceAcademy(eGA)isathinktankand consultancy organisation founded for thepurposeofcreatinganddisseminatingknowledgeandbestpracticesrelatedtoe-governance,e-democracy,cybersecurityandthedevelopmentof an open information society. eGA is an inde-pendent andmission-based non-profit, non-gov-ernmental institution. In the courseof its opera-tion eGA has always maintained high standardsof integrity and performance required for theseefforts.
eGA offers training and consultation services toleaders and stakeholders regarding the use ofinformation and communications technology forthepurposesofincreasinggovernmentefficiencyand improving democratic processes. What ismore,eGAassistsintheimplementationofe-gov-ernmenttechnicalsolutions.
EGAwasjointlyestablishedin2002bytheUnitedNations Development Program (UNDP), OpenSociety Institute (OSI) and the Government ofEstonia. It is governed by a supervisory boardcomposed of representatives from the Office ofthePresidentoftheRepublicofEstonia,RepublicofEstoniaGovernmentOffice,MinistryofForeignAffairs, Ministry of Economics and Communica-tionand internationally recognisede-governanceexperts.
OvertheyearseGAhassuccessfullyundertakenandcompleted contracts with such distinguished part-nersastheOpenSocietyInstitute,UNDP,WorldBank,USAID, Estonian Government, European Commis-sion, and numerous other internationalorganisationsandcompanies.Sinceitsinception,EGAhascollab-orated with a wide variety oforganisations and govern-ment agencies encompassingmore than hundred inter-national projects in morethan 60 countries, such asMoldova, Armenia, Ukraine,Georgia,Tunisia,India,Namibia,Kyrgyzstan,SaoTome&Principe,CaymanIslandsandmanyothers.
eGA’s Core Competenciese-Governance for central governments: We helpimprove the awareness and skills of governmentleaders in all aspects related to e-governance byfocusing on relevant policy and planning issues,organisational andmanagement frameworks, legalregulations, ICT implementation budgeting, andbasicconceptsofe-governmentinteroperabilityandarchitecture.e-Government for local and regional governments: We demonstrate how local and regional govern-mentscanplayanactiveroleinthedevelopmentofe-administrationande-democracy.e-Democracy and e-Participation: Weprovideassis-tance in achieving more transparent, accountableandparticipatorygovernance.
Cyber security policies and frameworks: Through training and technical assis-
tance, we enable governments tounderstand the modern risks ofthe digital society and developnational cyber security policiesandstrategies.Interoperability:Wesupporttheimplementation of interoperablee-service frameworks, proven to
provide necessary flexibility andversatility inexistingdecentralised IT
solutions.
eGA’s offers the following
services:●consultancy●training●research
●implementationofe-governancesolutions
84
Arvo Ott (PhD) ChairmanoftheManagementBoardAreaofExpertise:Centralgovernment,interoperabilityP:+3725088901/E:[email protected]
Hannes Astok MemberoftheManagementBoardAreaofExpertise:Policyplanning,localgovernmentdevelopment,interoperabilityP:+3725091366/E:[email protected]
Annela KiiratsAreaofExpertise:e-governancetrainingsP:+3725258623/E:[email protected]
Mari Pedak AreaofExpertise:DigitalidentityP:+3725156761/E:[email protected]
Raul Rikk AreaofExpertise:CybersecurityP:+37256477520/E:[email protected]
Kristina Reinsalu (PhD)AreaofExpertise:Locale-governance,e-democracyP:+3725281392/E:[email protected]
Publication composed by SandraRoosna,RaulRikkDesign and copywriting by OptimistGroup
Involved experts: ArvoOtt,UunoVallner,KatrinNyman-Metcalf,AnnelaKiirats,MariPedak,KristinaReinsalu,LiiaHänni,
AnuVahtra-Hellat,SiretSchutting,RaulKaidro.Thispublicationwasdevelopedincooperationwith SeedForumEstoniaandNorwayGrantsprogram.
For more information, please contact us:e-Governance Academy Foundation
85
References:Alvarez,R.,Hall,T.,andTrechsel,A.(2009)InternetVotinginComparativePerspec-tive:TheCaseofEstonia.PS:PoliticalScienceandPolitics,42(03):497–505).
Harjo,O.(2016)Lairibaarendusemudelid.
Reinsalu,K.,Dobnikar,A.(2012)e-Democracyinpoliciesandpracticesintransitionsociety–countrycasesfromSloveniaandEstonia,PaperproposalforEuropeanConferenceone-Government2012,14-15June,Barcelona,Spain
Vassil,K.(2015)hp://valimised.err.ee/v/riigikogu_valimised_2015/valim-isuud-ised/927b20d9-118d-4d08-8961-a72e69593f11(Accessed17January2016,inEstonian)
CertificationCentrewebsiteCyberneticawebsiteDigitalAgenda2020,MinistryofEconomicAffairsandCommunicationsEUDigitalAgendaScoreboardEnterpriseEstonia,e-EstoniashowroomwebsiteFreedomHousereport“FreedomontheNet2015”TheEstonianeHealthandeGovernanceSystem
TheEuropeanSchoolnetAcademy,SurveyofSchools:ICTInEducation(2014)PoliceandBorderGuardBoardportal
eGA has trained over 3 000 officials from more than 60 countries
86
87
88