
An Estonian shares his country's strategy for navigating the digital world - mercenario
http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
======
saraid216
There's two things that jump out at me as worth mentioning:

1) Estonians can imagine losing a war over their territory. It's happened
within recent memory. They have contingency plans. Contrast with the United
States, where such a thing is the stuff of fantasy, mostly to do with China's
military, and our contingency plans seem to involve cutting our leaders off
from the world and waiting it out.

2) Americans wouldn't stand for a unified identification system. The moment
you propose it, you'd have the Moral Majority breathing down your neck about
giving in to the UN and taking a step towards a One World Government. This
kind of religiosity permeates our entire civic culture. The very idea of
modifying the Constitution horrifies even intelligent commentators, because it
was written 200 years ago so it must obviously work well. This is the exact
same logic you see from Bible-thumpers.

I really appreciate both the notion of the "boring European state" and the
"start-up mindset" that Tamkivi brings up, though they're somewhat at odds. A
boring government is a good objective; you don't want the government to be
interesting: you want it to work. It makes little sense to me to think of
growth as an end rather than a means, but I admit I'm not good at economics; I
can see its need when you need a buffer zone for experimentation, but I don't
see why it's any kind of measure of success.

~~~
thaumasiotes
China's military?!? China doesn't exactly have a distinguished history of
conquest. What do they have to show for literally centuries of trying to take
Vietnam?

It would surely make more sense to fantasize about a more militaristic culture
waging the war, no?

~~~
marme
Everyone neighbouring country has fought wars in indochina over the years. No
country has been to successfully control them for long periods of time. In a
land war the chinese have a lot going for them, just look at the korean war to
see the strengths of chinese military. The fact the china was once many small
countries that were all conquered by the qin kingdom should show that china
has a long history of conquest. Just in the 20th century they conquered tibet
and xinjiang and held back the US invasion of north korea. On the sea they
have next to nothing and their navy is a job. China has never been a big sea
power but it looks like they are trying to change that only time will tell how
that turns out

~~~
gaius
_China has never been a big sea power_

Not actually true; in the 1500s China was a huge sea power. They had ships big
enough to grow crops on deck and Admiral Cheng Ho got as far as Middle East
and Africa. Then the bureaucrats, losing power to the merchants and the Navy
manipulated the Emperor into declaring owning a ship with more than one mast a
capital offence (!) and that was the end of that.

Fast forward a few years and the Portuguese show up on the other side of
Africa, Vasco Da Gama at the helm. He should have encountered a Navy that
embarrassed anything the Europeans had at the time. Instead, nothing, and then
European colonial history happened.

~~~
thaumasiotes
Fun fact: jingoistic Chinese claim (without documentation of any kind, as far
as I know) that Zheng He (= the guy you mention) actually visited the
Americas.

Also, wikipedia indicates his expeditions occurred 1405 to 1433, not 1500s.

~~~
gaius
You are right, I got 1500 and 15th century mixed up :-)

------
erkkie
As an Estonian this makes my heart warm but we (Estonians) have to keep in
mind that a lot of what we've accomplished isn't because we're so truly
special (although that makes for great marketing) but because our country size
and the need (and timing) for a rebuild enabled us to do so.

Lets continue to pursue other great things being small and nimble enables.

On another note, the national PKI infrastructure truly is great and enables
location independence on a new level. One can (and I have) start companies,
handle legal issues or anything else which requires either lawful signatures
or end to end crypto (PKI between citizens) while abroad.

~~~
kazagistar
Its ok to be humble, but I am not sure the argument about size holds merit.
Surely, the costs are at most linear per person: the bigger state might have a
higher cost, but the cost per person is unlikely to be higher. I would rather
expect the opposite: some of the cost would be amortized effectively, and even
more so by the fact that a preexisting system means less reinvention is
needed.

The problems are thus not scale, but things specific to the nation itself. The
USA, for example, is unlikely to follow a similar path any time soon due to a
distrust of public works and preference for private enterprise, a (currently
very well motivated) suspicion on grounds of privacy, endless political
impasse, problems with procurement, bureaucratic momentum, and so on.

~~~
glesica
But inefficiencies scale up super-linearly. The USA, for instance, has less
cultural cohesion and sense of national identity than Estonia (the Russian
minority in Estonia being the exception that perhaps proves the rule).
Additionally, larger countries necessarily have more layers of bureaucracy,
which make national programs more difficult to implement (the USA still does
not have a national identification card, though I think RealID is still going
forward, largely because of resistance on the part of states).

~~~
eru
In theory federalism can make up for some of the inefficiencies of larger
organisations. In practice, there's a strong centralizing tendency. (As seen
in eg the US and German political systems.)

------
rakoo
This sounds awesome, but it also sounds scary. If I understand it well, the
government issued the certificates for all its citizens it can both know what
everyone does and impersonate them. I wouldn't mind _that_ much if they were
mundane operations, but things such as voting is of extreme importance.

Oh, and the fact that the id is built in a manner that makes sure the person
has to be born in Estonia is kinda odd. No strangers allowed ?

Anyway, has anyone details about technical implementation ? That would be
terrific if it could be more widespread.

~~~
jkaljundi
Not exactly. The government does not have your private keys which are only on
your PIN-protected smartcards, so they can't impersonate you. And giving
public-private certificate pairs does not mean the government knows anything
about using them. I sign a bank transaction, the bank knows it. I sign an
electronic agreement with my card with me friend, only us know about it.
Government just handles revocation lists and expiry. More about it at
[http://id.ee/?lang=en&id=](http://id.ee/?lang=en&id=)

The id card being issued to citizens is quite common in Europe. The thing is
that the id card allows you for visa-free travel across Europe and that has
pan-European regulations attached. But foreigners can get a similar electronic
authentication and signature id card in Estonia still as well.

Some technical stuff also at
[http://www.id.ee/?lang=en&id=35755](http://www.id.ee/?lang=en&id=35755)

The e-voting code for elections is made public at
[http://arstechnica.com/tech-policy/2013/07/estonia-
publishes...](http://arstechnica.com/tech-policy/2013/07/estonia-publishes-
its-e-voting-source-code-on-github/)

~~~
iwwr
The problem is there is no way to know for sure the government isn't keeping
all the data needed to generate keys. To make the process secure, you'd need a
protocol where people get to generate their own keys (open source
implementations) based on some entropy under their own control.

~~~
jkaljundi
Well the government does not generate the keys, or access the signed data. The
smartcard does, inside the chip. The spec is here:
[http://www.id.ee/public/TB-SPEC-EstEID-Chip-
App-v3.4.pdf](http://www.id.ee/public/TB-SPEC-EstEID-Chip-App-v3.4.pdf)

Forgotten who the chip manufacturer is, but basically what you'd describe
would be an attach against the chip manufacturer and their key generation
algorithms and randomness.

Estonian ID cards are made by Trüb AG, which does id cards also for
Switzerland, Germany, Dubai and countless other countries. And the Estonian
card personalization if I remember correctly is also outsourced to a private
party.

------
atmosx
If all this works for Estonian people, congratulations to Estonia for
achieving this. As a Greek I suffered bureaucracy and still do. I would like
for my country to unite all this data.

I have second thoughts about a couple of things though:

* The digitally signed mobile SIM-Card: How does this work exactly? Does the mobile company have access to my data?

* e-Elections are considerably easy to tamper for one and have well documented problems[1] to which I saw no solution in the article. For example, if there's a tampering accusation, how can we recount the votes or verify that X person voted for Y representative?

[1]
[http://en.wikipedia.org/wiki/Electronic_voting#Documented_pr...](http://en.wikipedia.org/wiki/Electronic_voting#Documented_problems)

~~~
rudolfosman
I'm an Estonian and have been enjoying all these benefits for many years
already. Can't really imagine a life without them :) Here are my replies to
your questions:

* The mobile company does not have access to your data. They just issue a special SIM card that stores your private keys. Unlike the article states, there is actually also a small piece of software installed on your phone that is later used for authentication and signing. The way it works is that you go to a site where you want to log in (I'll use Estonian government portal [https://www.eesti.ee/eng/](https://www.eesti.ee/eng/) as an example here), you press Enter (or "Log in" or whatever the button is called on the site) and choose "Login with mobile-ID". In Estonian government portal both your phone number and personal code are asked as "usernames" but some sites might ask either one of them (depends on the site's owner). Then after a few seconds your phone will display a screen showing that a connection is being made. At the same time you will be shown a "control code" on the browser screen that you will have to confirm on your phone. This is done in order to prevent some forms of man-in-the-middle attacks. Then you're prompted to enter a mobile ID PIN1 code (used for authentication) into the phone. If PIN1 is correct, the screen on the phone disappears and the website is automatically reloaded with a logged in screen. You can cancel the authentication procedure at any moment. PIN2 is used for signing and works the same.

* Obviously it would take a lot of time to answer all the problems posed in the Wikipedia. I would disagree, however, that Estonian e-elections are easy to tamper. As Estonia is on the forefront of e-voting in the world, all these problems are addressed and analysed in great detail by our Electronic Voting Committee ([http://vvk.ee/general-info/electronic-voting-committee/](http://vvk.ee/general-info/electronic-voting-committee/)) that is involving leading e-voting experts in their work. There have been many debates about e-voting and rulings by our Supreme Court. The process of e-voting is very transparent (you can start reading about it here: [http://vvk.ee/voting-methods-in-estonia/engindex/](http://vvk.ee/voting-methods-in-estonia/engindex/)), it's heavily audited before, during and after the voting, the software is open-sourced ([https://github.com/vvk-ehk/evalimine](https://github.com/vvk-ehk/evalimine)) and very well documented. But to give a very high-level answer to your question about recounting the votes - there are many different applications and servers used in the e-voting process that keep traceable logs. If recounting is needed then these log files are used in order to determine if votes were tampered in some constituency.

~~~
atmosx
Cool, thanks for taking the time to write such an extensive response :-)

------
gcb0
I wonder how anyone here would feel about signing contracts with a key
pre_generated on their government issued card...

~~~
erkkie
The keys are generated inside the card and cannot be read (barring broken card
implementations). For more check out [http://www.id.ee/public/TB-SPEC-EstEID-
Chip-App-v3.4.pdf](http://www.id.ee/public/TB-SPEC-EstEID-Chip-App-v3.4.pdf)
chapter 11. Card user’s secret keys .

That said it's never gonna be unbreakable, it is though in the general case
far safer than the alternatives (scanned bitmaps are actually being used as
"digital signatures") not to mention the ease of use.

------
timthorn
More fundamentally, they've completely rethought how to teach maths:
[http://www.computerbasedmath.org/computer-based-math-
educati...](http://www.computerbasedmath.org/computer-based-math-education-
estonia.html)

------
tragomaskhalos
Identity management is a very big and very problematic piece of any large
government-to-citizens programme; solving this once, up front, is an excellent
idea that does not seem to have occurred to many other nations.

------
kakoni
Any Estonian devs here? Is there vibrant ecosystem around x-road? Can a
startup actually get access to it? SOAP?

~~~
jnsaff2
You have to sign an agreement to get access but that's about it.

There are active discussions about making access easier and encouraging devs
to use X-Road and other public datasets.

If you need more info hit me up on twitter @jnsaff.

EDIT: [https://www.ria.ee/x-road/](https://www.ria.ee/x-road/) has loads of
info about X-Road.

