Almost 30 years ago, my country was facing the need to rebuild everything from scratch. After years of Soviet occupation, Estonia regained its independence, but we were left with nothing. No infrastructure, no administration, no legal code. Organizational chaos. Out of necessity, the state leaders back then had to make some daring choices. The ones that our country could afford. There was a lot of experimentation and uncertainty but also a bit of luck involved, particularly in the fact that we could count on a number of brilliant visionaries, cryptographers and engineers. I was just a kid back then. Today, we are called the most digital society on earth.
I'm from Estonia, and we've been declaring taxes online since 2001. We have been using digital identity and signature since 2002. We've been voting online since 2005. And for today, pretty much the whole range of the public services that you can imagine: education, police, justice, starting a company, applying for benefits, looking at your health record or challenging a parking ticket — that's everything that is done online. In fact, it's much easier to tell you what are the three things we cannot yet do online. We have to show up to pick up our ID documents, get married or divorced, or sell real estate. That's pretty much it. So, that's why don't freak out when I tell you that every year I can't wait to start doing my tax declaration.
Because all I have to do is sit on my couch with a mobile phone, swipe a few pages with prefilled data on income and deductions and hit submit. After three minutes, I'm looking at the tax return amount. It actually feels like a quite rewarding experience. No tax advisors, no collecting receipts, no doing the math. And have I mentioned that I have not visited a state office for almost seven years?
Indeed, one of the features of the modern life that has no reason to exist anymore, considering technological possibilities of today, is the labyrinth of bureaucracy. We've almost got rid of it completely in Estonia, in an effort coordinated by the government that has also digitized itself. For instance, cabinet of ministers' work in e-Cabinet is absolutely paperless.
The central idea behind this development is transformation of the state role and digitalization of trust. Think about it. In most countries, people don't trust their governments. And the governments don't trust them back. And all the complicated paper-based formal procedures are supposed to solve that problem. Except that they don't. They just make life more complicated. I believe Estonian experience is showing that technology can be the remedy for getting the trust back, while creating an efficient, user-centric service delivery system that actively responds to citizens' needs.
We did not do it by digitizing bureaucracy as it is. But by rather agreeing on a few strong, common principles, redesigning rules and procedures, getting rid of unnecessary data collection and task duplication, and becoming open and transparent.
Let me give you a glimpse into some of the key e-Estonia design principles today. First, it is essential to guarantee privacy and confidentiality of data and information. This is achieved through a strong digital identity that is issued by the state and compatible with everything. In fact, every Estonian has one. The identity is doubled with a strong digital signature that is accepted, used and legally binding both in Estonia and the European Union. When the system can properly and securely identify who is using it, after logging in, it will provide access to the personal data of the citizen and all the public services within one tool, and allow to authorize anything by signing digitally.
A second principle, and one of the most transformative, is called "Once only." It means that the state cannot ask for the same data more than once, nor can store it in more than one place. For instance, if you've already provided your birth or marital certificate to the population registry, this is the only place where this data is going to be held. And no other institution will be ever asking for it again. Once only is a very powerful rule, as it defines the whole structure of the data collection in a country, what information is collected and who is responsible for maintaining it, making sure we avoid centralization of data, duplication of data, and guarantee that it's actually up to date.
This distributed approach also avoids the problem of the single point of failure. But since the data cannot be replicated, or collected more than once, it means that the design has to keep in mind secure and robust access to that information at all times, so the public institution can offer a service.
This is exactly the role of the data exchange platform called the X-Road that has been in use since 2001. Just like a highway, it connects public sector databases and registries, local municipalities and businesses, organizing a real-time, secure and regulated data exchange, saving an auditable trace after each move. Here's a screenshot of a live feed showing all the requests performed on the X-Road and all the services that it actually facilitates. And this is the real picture of all the connections between public and private sector databases. As you can see, there is no central database whatsoever.
Confidentiality and privacy are definitely very important. But in the digital world, reliability and integrity of information is just critical for operations. For instance, if someone changes your medical health record, let's say allergies, without you or your doctor knowing, treatment could be deadly. That's why in a digital society, a system like an Estonian one, when there's almost no paper originals, there's almost only digital originals, integrity of data, data exchange rules, software components and log files is paramount. We use a form of blockchain that we invented back in 2007, way before blockchain even became a thing, to check and guarantee the integrity of data in real time. Blockchain is our auditor and a promise that no access to the data or data manipulation remains unrecorded.
Data ownership is another key principle in the design of the system. Aren't you worried by the fact that governments, tech companies and other businesses around the world claim data they've collected about you is theirs, generally refuse to give access to that information, and often fail to prove how it was used or shared with third parties? I don't know, for me it seems like a quite disturbing situation.
The Estonian system is based on the principle that an individual is the owner of the data collected about him, thus has an absolute right to know what information is collected and who has been accessing it. Every time a policeman, a doctor or any state officer is accessing personal information of the citizens online, first they only get to access it after logging in to the information they're authorized to see to do their job. And secondly, every time they're making requests, this is saved in a log file. This detailed log file is part of the state public services and allows real transparency, making sure no privacy violation will remain unnoticed to the citizen.
Now, of course, this is only a simplified summary of all the design principles that e-Estonia is built on. And now, government is building up to get ready for use of artificial intelligence and building a whole new generation of public services — proactive services that would activate seamlessly based on different life situations that people might be in, such as childbirth, unemployment or starting a business.
Now, of course, running a digital society with no paper backup can be an issue, right? Even though we trust our systems to be solid, but one can never be too cautious as we experienced back in 2007, when the first cyberincident happened, and it literally blocked part of our networks, making access to the services impossible for hours. We survived. But this event put cybersecurity at the very top of agenda, both in terms of strengthening the platform and backing it up.
So how do you back up a country-wide system in a small state where everything is super close? Well for instance, you can export a copy of the data outside the country territory to an extraterritorial space of an embassy. Today, we have those data embassies that are holding the most critical digital assets of Estonia, guaranteeing continuity of operations, protection of our data, and most importantly, our sovereignty. Even in case of a physical attack on our territory.
Some of you might be thinking by now: Where are the downsides? Well, going all digital is administratively, and let's be honest, financially more efficient. Interfacing primarily with computer systems might create an impression that the human factor, elected politicians and participating in democratic processes is somehow less important. And there are also some people who feel threatened by pervasive technology that might make their skills obsolete. So all in all, unfortunately, running a country on a digital platform has not saved us from political power struggles and polarization in the society, as we have seen in the last elections. Well, until there are humans involved.
One last question. If everything is location-independent and I can access all of the services from anywhere in the world, why cannot others tap into some of these services, even if they don't reside within Estonian borders? Five years ago, we launched a governmental start-up called e-Residency program that for today joins tens of thousands of people. These are businessmen and women from 136 different countries, who establish their businesses digitally, who do their banking online, and who run their companies virtually over e-Estonia platform, within European Union legal framework, using an e-identity card similar to mine and all of that from anywhere in the world. The Estonian system is location-independent and user-centric. It prioritizes inclusiveness, openness and reliability. It puts security and transparency at its center. And the data into the hands of the rightful owner, the person they refer to. Don't take my word for it. Try it.