‘Government as a data model’ : what I learned in Estonia
I’ve just got back from a few days in the Republic of Estonia, looking at how they deliver their digital services and sharing stories of some of the work we are up to here in the UK. We have an ongoing agreement with the Estonian government to work together and share knowledge and expertise, and that is what brought me to the beautiful city of Tallinn.
I knew they were digitally sophisticated. But even so, I wasn’t remotely prepared for what I learned.
Estonia has probably the most joined up digital government in the world. Its citizens can complete just about every municipal or state service online and in minutes. You can formally register a company and start trading within 18 minutes, all of it from a coffee shop in the town square. You can view your educational record, medical record, address, employment history and traffic offences online – and even change things that are wrong (or at least directly request changes). The citizen is in control of their data.
So we should do whatever they’re doing then, right? Well, maybe. There is a fairly unique set of circumstances in Estonia that have allowed them – and to some degree forced them – into this model of service delivery. More on that in a bit.
So, how does it all work then?
Underpinning the entire state system are two crucial things:
- a national register (called the Population Database), which provides a single unique identifier for all citizens and residents
- identity cards that provide legally binding identity assurance and electronic signing
The UK has a fundamentally different approach to identity from many of our continental colleagues. One that doesn’t involve ID cards, big government databases or general identifiers – more on the UK identity assurance work here. However, that doesn’t mean there aren’t wider lessons to take from Estonia’s digital ambition.
Government as a data model
As a general rule, government systems in Estonia are not allowed to store the same information in more than one place. Basic personal details are the most obvious example of this. So everything starts with the Population Database. Within this database for each person is a unique identifier, name, date of birth, sex, address history, citizenship, and their legal relationships. It is, quite literally, a relational database – the entire nation’s family tree can be visualised back until about 1950. The Estonians are confident the database is as close to 100% complete as it’s practically possible to get.
This profile of basic personal data doesn’t need to be held in any other system: they just need to hold the unique identifier. This distribution of data provides some degree of data protection – there is no one place where all the information about someone is held. Of course it’s useful to have someone’s basic details to hand when using local systems – like their name and address – and that’s where the data sharing layer, or the ‘X-Road’, comes into play.
The X-Road is a secure data sharing network, much like the Government Secure Intranet (GSi) used by the UK government. Each data owner determines what information is available and who has access to it. Couple this with some enforced data and messaging standards, et voila; you have joined up government. It’s basically how you would architect software, but on a macro level.
As can be seen in the diagram above, some parts of the private sector can also utilise the X-Road – allowing the principle of not duplicating data in different locations to flow out from government.
Putting people in control of their data
Citizens and residents can access nearly all of their own data online through the State Portal. There are around 400 municipal and state services integrated, and more are coming. You can log in, using your identity card and view all your data, even correcting things that are aren’t right.
Citizens can be associated with their employers, so it’s possible to transact and sign documents commercially using your personal identity. Business owners and board members are associated with their companies, and this data is openly available. Even land and property records are open for anyone to view. To demonstrate this, we were able to look at the President’s information and see the nice big block of forestry he owns in the countryside. Such transparency seems to increase trust in the whole system.
The volume and richness of this data, coupled with the common standards used to publish it, lead to some very impressive visualisations and visualisation tools for people to use. It’s possible to enquire about a company, see who the directors are, see what other businesses they have an interest in, see what the turnover and financial reports are, what land they own etc. It’s not just that all this data is publicly available: it’s also that the data is made easy to traverse with well designed visualisation tools.
How Estonian electronic identity cards work
Identity cards serve as both a physical identity document (they contain a photo and biometric data) and an electronic identity. Each card contains a chip. On this chip there are 2 digital certificates: one for identity and one for digital signing. The two digital certificates are each protected by 4 digit PINs.
The typical usage pattern is to log in to a service using your ID card and identity PIN (card reader required). A positive – or negative – response is then sent to the service. Then if you need to submit something during the session that would normally required a signature, you enter your electronic signature PIN. Finally, your time-stamped digital signature is created.
More recently they have introduced a SIM card equivalent, so you don’t need a card reader. You get a special SIM card containing the digital signatures, and your phone acts as the card and card reader combined. People can just sign in to services using their mobile phone number. This is expected to be very popular.
This identity assurance is also used commercially, initially by banks, but its use is now pretty widespread. It’s used for travel on public transport, so you don’t need to carry an additional card. Just purchase your ticket or weekly pass in advance and if a transport inspector wants to check you’ve paid, they just can scan your card to find out.
Who’s watching the watchers?
There’s an open register showing the profile information that is held in each government system, what reason it is held for, and who it can be accessed by (well, it’s open if you read Estonian). This register also shows the formats and data standards that each system is using.
People in Estonia can also see which officials have viewed their data. It’s against the law to view someone’s data without appropriate reasons (you could go to prison), and all access is logged. I looked at some of these logs and they show you clearly who has been looking at your information: in the example I was shown, I could see that a doctor had accessed this person’s health records, followed by a pharmacist to get details of the prescription required. No bits of paper are needed.
Of course, it’s technically possible that some official somewhere could have access that doesn’t leave a footprint. I was assured this isn’t the case and that the systems as a whole are independently audited regularly to ensure trust remains high.
They quite literally can’t afford for people to lose trust in this system.
So, how has Estonia managed to do this? Well, a number of reasons. Firstly, it’s a small nation – with just over 1 million people living there – so it’s relatively quick to roll out change. They are also not a nation with large tax revenues, and there are not a lot of natural resources (forests aside). So the state needs as much efficiency and as little bureaucracy as possible.
Possibly driven by the timing of their independence from the Soviet Union (1991), the Estonians saw technology as crucial to establishing and running the country. It was, and continues to be, an astute group of political and civic leaders with the vision and determination to make the most of the technological opportunities available.
So what’s next then?
Much of what Estonia has achieved was possible because they started with a clean slate.
We don’t have that in the UK, but the visit convinced me that we need to increase our focus on two really important things:
- collating, documenting and publishing details of the data the government holds (and what format it’s in) for each of our systems
- publishing an agreed set of open data and messaging standards and protocols, to allow easier communication between systems (where that’s appropriate)
Work is underway on both of these things – expect to hear more very soon.
It’s important to get this right: along with our identity assurance work, it will make joined up digital services much easier and cheaper to deliver. So we’ll be able to really focus on making the services as good as possible for our users.
Pete Herlihy is a Product Manager, GDS
You should follow Pete on Twitter now: @yahoo_pete