How Estonia paved the way for e-government

Governments worldwide are increasingly exploring ways to use digital transformation to drive efficiency and improve access for citizens. Estonia was the first country in the world to transition to e-government by making decentralized public and private databases interoperable at a national level about 20 years ago with the launch of X-Road.

As a result, Estonia has eliminated virtually all physical paper documents from government processes. Today, the only reasons a citizen needs to show up in person are to get married, divorced or exchange property. Everything else can be done online. What’s more, citizens can opt-in for automated data exchanges between organizations. 

Most citizens can pay their annual taxes in a couple of minutes thanks to data automatically pulled from various government agencies, educational expenses and mortgage accounts. New parents are automatically enrolled in new child subsidies without filing any forms. 

Now Estonia is beginning to export the data infrastructure to help other governments as well. This month, Malaysia launched an ambitious plan to connect more than 400 government organizations on top of an X-Road offshoot called the Unified eXchange Platform (UXP). This builds on the success of other countries using the e-government tech, including Finland, New Zealand, Iceland, Namibia and Colombia. 

Building a decentralized platform

VentureBeat caught up with Arne Ansper, CTO at Cybernetica, who helped design the foundation for X-Road in the mid-1990s. He had been working on secure data exchange tools and realized that this could be applied to a new government bid for digital infrastructure. The organization was transitioning from a government-run lab that had pioneered work on factory control systems and information security during the Cold War. 

Estonia was in a significant transition, having just left the sphere of the Soviet Union. It was building a new government that worked in harmony with Western frameworks for private property. Estonia was exploring ways to leverage its leadership in computer research to improve government. However, these ambitious efforts ran into problems when Imre Perli, a freelance consultant, illegally amassed a massive database that he began selling to the highest bidder. 

“This raised awareness that information security was important, and we needed to build a system that would prevent this kind of abuse,” Ansper said. 

They realized that an extensive, centralized database was ripe for abuse. So, the government began soliciting ideas for decentralizing data services across government agencies that could be secured, audited, and facilitate legal agreements between agencies, businesses and citizens. 

Like all governments, services were defined in terms of the exchange of paper documents that carried a legal meaning. They realized they needed to build on this foundation rather than replace it with something that might be more efficient, but that changed the way bureaucrats were used to working. 

Keeping an open mind

“We did not want to rewrite all the Estonian laws since that would create too much instability,” Ansper explained. “So, we created a system in which all the data is exchanged between organizations in the form of signed digital documents.”

Cybernetica collaborated with the government and partners to help unify all aspects of inter-organizational data exchange. They started with the technical aspects, such as the protocol and security rules to use. They also created draft contracts for e-government authorities that included a template for common security measures. 

“You can have big savings across organizations if all the authorities are using the same approach and documents since you don’t need to analyze them repeatedly,” Ansper explained. 

One of the biggest challenges was that many agencies, such as the population registry, initially resisted sharing data with others. Agencies were concerned about the costs of reformatting and sharing data. 

Also, agencies were often only rewarded for hitting internal business metrics. The groups behind the program collaborated with the Estonian Prime Minister’s office to develop metrics that rewarded agencies for enabling data reuse across other agencies as well. As a result, managers began looking for ways to make their data relevant for other agencies as well. 

A major upgrade

Cybernetica collaborated with several others to launch the first version of X-Roads as a pilot in 1998. The original code took advantage of earlier work on VPNs and digital signatures developed in C/C++. In 2012, they rewrote the entire code from scratch to take advantage of improvements in Java and modern security techniques. 

Ansper said the top-level design goals were federation and support for modern public key infrastructure (PKI). Federation allowed each government agency to run its own version of X-Roads and make bilateral agreements with others that considered security and legal aspects of the data. For example, Finland and Estonia now use the platform to exchange export data across tax organizations while respecting security and privacy considerations. 

The first version of X-roads used a home-grown key management infrastructure that burdened the government. The update took advantage of a new market of open PKI services from commercial providers, reducing costs. 

In 2016, the Estonian Information Services Authority open-sourced the X-Road code under an open-source license. Cybernetic subsequently forked the code to UXP to make it easier to commercialize the platform for governments and business.

Simplifying the onramp to e-government

Ansper stressed there is a big difference between the federated approach to e-government they took and the fully decentralized approach often advocated by blockchain enthusiasts. A federated approach promises better efficiency and allows each agency to maintain control over its own data. 

For example, in Estonia, different agencies maintain control over data related to health, police, taxation and land ownership. This approach has made it easier to get buy-in across agencies in Estonia and also makes it easier to securely share data and workflows across organizational boundaries. 

“This is how our democratic societies are built up. It makes sense that certain government authorities have control over data, but no single authority has all the power,” Ansper said. “The problems that blockchains are trying to solve in a very decentralized manner are better solved by digitally signed documents, contracts and the existing systems we have.”