Why Estonia leads the way in digital identity
While Australia navigates its long and winding road towards a national digital ID scheme, Estonia has been running one for 22 years. It may be a tiny nation (population: 1.3 million), but it’s a digital powerhouse.
When it gained independence from the Soviet Union in 1991, Estonia threw itself wholeheartedly into tech and digitalisation, starting in 1996 with the Tiger Leap initiative, which invested in the nation’s IT infrastructure (including internet access for all schools).
E-banking arrived the same year, e-taxes in 2000, and a mandatory e-ID scheme in 2002.
Since then, Estonia has added online voting (2005), e-health records (2008), e-prescriptions (2010) and e-residency (2014) to attract international talent. When e-marriage was introduced in 2022, Estonia said that left only one thing that people couldn’t do digitally: get divorced.
The Estonian ambassador in Canberra, Kersti Eesmaa, says she’s proud that Estonia is widely regarded as the world’s most advanced digital government.
“Definitely, our competencies in digital and cyber have put us on the map,” she says.
However, she says Estonia doesn’t want to pretend it’s got all the answers.
“When other countries started to notice us, we took a position that we are the best in the world, and everybody should follow our lead. Now we are talking more about, what could you learn from our experience? So I think that’s an important shift … every country is different.”
The card that does everything
Estonians use their e-ID – either via their state-issued ID-card, or their Mobile-ID app – for everything from paying bills to voting, from shopping to signing contracts.
It’s the key that opens the door to services, both public and private. But it’s only one element of the nation’s digital architecture, Eesmaa says. “If it doesn’t give you access to anything, then there’s no point to have that key.”
The different uses built up gradually. “It takes time,” she says. “To build trust, to build it up technically … that would be my number one lesson: it’s not something that you can do quickly.”
Developing digital ID and infrastructure also requires strong leadership, and cooperation between public and private sectors, and between different levels of government, Eesmaa says.
While Estonia doesn’t have a federal system, it does have local governments, which function as part of the digital society. Eesmaa believes the complications of our state-federal relationships should not be seen as an impediment.
She likewise gives short shrift to the argument that it’s harder to develop digital IDs in a larger country such as Australia. “Technology works even better when you have more participants,” she says.
However, she does accept that it was easier to build a digital society in a nation that was essentially starting from scratch. And she acknowledges that one aspect of Estonia’s ID scheme would not go down well in Australia at all: the fact that it is mandatory.
ID from birth
“When a baby is born, government creates a digital identity for that baby,” Eesmaa says. That’s a non-negotiable.
However, adults do have a choice as to whether actually use their digital ID to access services. Seventy per cent of people do so, Eesmaa says. And for the 30% who choose not to, more traditional services are still available.
“It’s not like some dictate to say everybody will use digital services 99% of the time, and … we will close the offices where you can walk in. This would be very hard to communicate to anyone, even back in the 2000s in Estonia.
“I think when the decision was made, that our card will be mandatory, it was not to force people to use it. It was more to make this strategic decision that this is our priority number one, that every service will be available digitally.”
Eesmaa acknowledges the legacy of authoritarian Soviet rule made a mandatory digital ID scheme easier to sell to the Estonian people than it might be today.
“I often think, what would the Estonian people say if that was introduced to them now? I think we would have very similar discussions in Estonia like you are having in Australia because people understand what data is, people understand privacy. People are much better informed.”
Cyber attacks
It hasn’t all been plain sailing on Estonia’s digital journey. In 2007, during a dispute with Russia over Estonia’s plan to relocate a Soviet-era statue, a major cyber attack targeting government, banks, news outlets and businesses was launched by pro-Russian groups and individuals. (The Russian government denied involvement.)
“It was a major wake-up call … ” Eesmaa says. “It really pushed the government to act quickly.
“We adopted a cyber strategy within one year, which is very quick for government. And secondly, we opened the NATO [Cooperative Cyber Defence] Centre of Excellence in Tallinn. And these two things were very important.”
Despite the attack, the government’s response actually increased trust in the system, Eesmaa says.
In 2007, and again in 2017, when a security vulnerability was discovered in ID cards, open communication was key to keeping Estonians on board with the concept of e-Estonia.
“Normally, we are not good communicators as a nation … but the crisis communication was excellent. Government said: ‘We have a problem. We don’t know how to fix it, but we are dealing with it.’
“When we look at different crises in Australia, whether in government or industry, I think there’s something to learn maybe from that experience, as well.”
Protecting privacy in the digital ID age
- Move over big data: Data inventories are the next big thing
- Access to information: The $100m question
- Avoiding bias in automated decision-making
- The logical step towards reducing digital vulnerabilities
- What Australia can learn from Finland’s AI disaster
- Digital ID laws usher in quiet revolution
- Privacy by design: It’s soccer, not golf
- The social impact of digital ID
- ‘Attributes’ that could determine regulatory success
- Why Estonia leads the way in digital identity
- Australia’s overdue digital IDs will help fight online fraud