WEBVTT 00:00:00.992 --> 00:00:02.786 Almost 30 years ago 00:00:02.810 --> 00:00:06.761 my country was facing the need to rebuild everything from scratch. 00:00:07.389 --> 00:00:09.516 After years of Soviet occupation, 00:00:09.540 --> 00:00:13.767 Estonia regained its independence but we were left with nothing. 00:00:13.791 --> 00:00:18.220 No infrastructure, no administration, no legal code. 00:00:18.244 --> 00:00:20.116 An organizational chaos. 00:00:20.704 --> 00:00:21.905 Out of necessity, 00:00:21.929 --> 00:00:25.450 the state leaders back then had to make some daring choices. 00:00:25.474 --> 00:00:28.022 The ones that our country could afford. 00:00:28.046 --> 00:00:30.924 There was a lot of experimentation and uncertainty, 00:00:30.948 --> 00:00:32.749 but also a bit of luck involved, 00:00:32.773 --> 00:00:35.423 particularly in the fact that we could count on a number 00:00:35.447 --> 00:00:37.003 of brilliant visionaries, 00:00:37.027 --> 00:00:39.566 cryptographers and engineers. 00:00:40.289 --> 00:00:42.089 I was just a kid back then. 00:00:42.511 --> 00:00:46.772 Today, we are called the most digital society on earth. NOTE Paragraph 00:00:48.146 --> 00:00:49.304 I'm from Estonia 00:00:49.328 --> 00:00:53.199 and we've been declaring taxes online since 2001. 00:00:53.575 --> 00:00:57.836 We have been using digital identity and signature since 2002. 00:00:58.329 --> 00:01:01.368 We've been voting online since 2005. 00:01:01.712 --> 00:01:04.982 And for the day, pretty much the whole range of the public services 00:01:05.006 --> 00:01:06.514 that you can imagine: 00:01:06.538 --> 00:01:11.053 education, police, justice, starting a company, 00:01:11.077 --> 00:01:13.966 applying for benefits, looking at your health record 00:01:13.990 --> 00:01:16.077 or challenging a parking ticket, 00:01:16.101 --> 00:01:18.634 that's everything that is done online. 00:01:19.157 --> 00:01:21.955 In fact, it's much easier to tell you 00:01:21.979 --> 00:01:24.988 what are the three things we cannot yet do online. 00:01:25.368 --> 00:01:28.772 We have to show up to pick up our ID documents, 00:01:28.796 --> 00:01:30.855 get married or divorced, 00:01:30.879 --> 00:01:32.212 or sell real estate. 00:01:32.815 --> 00:01:34.282 That's pretty much it. 00:01:36.220 --> 00:01:39.791 So, that's why don't freak out 00:01:39.815 --> 00:01:41.950 when I tell you that every year 00:01:41.974 --> 00:01:45.869 I can't wait to start doing my tax declaration. NOTE Paragraph 00:01:45.893 --> 00:01:46.893 (Laughter) NOTE Paragraph 00:01:46.919 --> 00:01:48.942 Because all I have to do 00:01:48.966 --> 00:01:51.069 is sit on my couch with a mobile phone, 00:01:51.093 --> 00:01:55.103 swipe a few pages with pre-filled data on income and deductions, 00:01:55.127 --> 00:01:56.277 and hit submit. 00:01:56.833 --> 00:01:58.396 After three minutes, 00:01:58.420 --> 00:02:01.063 I'm looking at the tax return amount. 00:02:01.087 --> 00:02:04.620 It actually feels like a quite rewarding experience. 00:02:05.436 --> 00:02:07.443 No tax advisers, 00:02:07.467 --> 00:02:09.737 no collecting receipts, 00:02:09.761 --> 00:02:11.276 no doing the math. 00:02:12.610 --> 00:02:15.387 And have I mentioned that I have not visited a state office 00:02:15.411 --> 00:02:16.944 for almost seven years? NOTE Paragraph 00:02:18.665 --> 00:02:21.958 Indeed, one of the features of the modern life 00:02:21.982 --> 00:02:24.188 that has no reason to exist anymore 00:02:24.212 --> 00:02:27.014 considering technological possibilities of today 00:02:27.038 --> 00:02:29.171 is the labyrinth of bureaucracy. 00:02:29.712 --> 00:02:32.371 We've almost gotten rid of it completely in Estonia, 00:02:32.395 --> 00:02:36.228 in an effort coordinated by the government that has also digitized itself. 00:02:36.538 --> 00:02:41.474 For instance, Cabinet of ministers work in e-Cabinet is absolutely paperless. 00:02:43.355 --> 00:02:46.466 The central idea behind this development 00:02:46.490 --> 00:02:49.164 is transformation of the state role 00:02:49.188 --> 00:02:51.816 and digitalization of trust. 00:02:52.847 --> 00:02:54.109 Think about it. 00:02:54.133 --> 00:02:57.974 In most countries, people don't trust their governments. 00:02:57.998 --> 00:03:01.053 And the governments don't trust them back. 00:03:01.077 --> 00:03:04.331 And all the complicated paper-based formal procedures 00:03:04.355 --> 00:03:06.870 are supposed to solve that problem. 00:03:06.894 --> 00:03:09.132 Except that they don't. 00:03:09.156 --> 00:03:11.791 They just make life more complicated. 00:03:12.417 --> 00:03:17.115 I believe Estonian experience is showing that technology can be the remedy 00:03:17.139 --> 00:03:18.949 for getting the trust back, 00:03:18.973 --> 00:03:20.941 while creating an efficient, 00:03:20.965 --> 00:03:24.988 user-centric service delivery system, 00:03:25.012 --> 00:03:28.471 that actively responds to citizens' needs. NOTE Paragraph 00:03:29.853 --> 00:03:33.776 We did not do it by digitizing bureaucracy as it is. 00:03:33.800 --> 00:03:38.204 But by rather agreeing on a few strong, common principles, 00:03:38.228 --> 00:03:40.688 redesigning rules and procedures, 00:03:40.712 --> 00:03:43.328 getting rid of unnecessary data collection 00:03:43.352 --> 00:03:45.249 and tasked application, 00:03:45.273 --> 00:03:48.225 and becoming open and transparent. 00:03:48.860 --> 00:03:50.249 Let me give you a glimpse 00:03:50.273 --> 00:03:53.769 into some of the key e-Estonia design principles today. 00:03:56.041 --> 00:04:00.890 First, it is essential to guarantee privacy and confidentiality 00:04:00.914 --> 00:04:02.514 of data and information. 00:04:03.088 --> 00:04:06.645 This is achieved through a strong digital identity 00:04:06.669 --> 00:04:08.534 that is issued by the state 00:04:08.558 --> 00:04:10.661 and compatible with everything. 00:04:10.685 --> 00:04:13.105 In fact, every Estonian has one. 00:04:14.010 --> 00:04:18.548 The identity is doubled with a strong digital signature 00:04:18.572 --> 00:04:22.755 that is accepted, used, and legally binding 00:04:22.779 --> 00:04:25.492 both in Estonia and European Union. 00:04:26.728 --> 00:04:32.097 When the system can properly and securely identify who is using it, 00:04:32.121 --> 00:04:37.034 after logging in it will provide access to the personal data of the citizen, 00:04:37.058 --> 00:04:40.812 and all the public service within one tool 00:04:40.836 --> 00:04:44.634 and allow to authorize anything by signing digitally. NOTE Paragraph 00:04:46.573 --> 00:04:50.232 A second principle, and one of the most transformative, 00:04:50.256 --> 00:04:52.573 is called "Once only." 00:04:53.284 --> 00:04:57.172 It means that the state cannot ask for the same data 00:04:57.196 --> 00:04:58.712 more than once. 00:04:59.069 --> 00:05:02.364 Nor can store it in more than one place. 00:05:02.928 --> 00:05:04.078 For instance, 00:05:04.102 --> 00:05:07.150 if you've already provided your birth or marital certificate 00:05:07.174 --> 00:05:09.102 to the population registry, 00:05:09.126 --> 00:05:12.048 this is the only place where this data is going to be held. 00:05:12.072 --> 00:05:16.611 And no other institution will be ever asking for it again. 00:05:17.604 --> 00:05:20.699 Once only is a very powerful rule, 00:05:20.723 --> 00:05:24.259 as it defines the whole structure of the data collection in a country. 00:05:24.775 --> 00:05:26.489 What information is collected, 00:05:26.513 --> 00:05:29.259 and who is responsible for maintaining it, 00:05:29.283 --> 00:05:32.402 making sure we avoid centralization of data, 00:05:32.426 --> 00:05:34.180 duplication of data, 00:05:34.204 --> 00:05:37.204 and guarantee that it's actually up to date. NOTE Paragraph 00:05:38.800 --> 00:05:42.252 This distributed approach also avoids the problem 00:05:42.276 --> 00:05:44.342 of the single point of failure. 00:05:45.069 --> 00:05:48.220 But since the data cannot be replicated, 00:05:48.244 --> 00:05:50.490 or collected more than once, 00:05:50.514 --> 00:05:53.315 it means that the design has to keep in mind 00:05:53.339 --> 00:05:56.863 secure and robust access to that information at all times 00:05:56.887 --> 00:06:00.074 so the public institution can offer a service. NOTE Paragraph 00:06:01.194 --> 00:06:05.551 This is exactly the role of the data exchange platform 00:06:05.575 --> 00:06:07.774 called the X-Road, 00:06:07.798 --> 00:06:10.702 that has been in use since 2001. 00:06:11.721 --> 00:06:13.371 Just like a highway, 00:06:13.395 --> 00:06:17.030 it connects public sector data bases and registries, 00:06:17.054 --> 00:06:19.871 local municipalities and businesses, 00:06:19.895 --> 00:06:25.323 organizing a real-time secure and regulated data exchange, 00:06:25.347 --> 00:06:29.529 saving an auditable trace after each move. 00:06:31.498 --> 00:06:34.139 Here's a screenshot of a live feed 00:06:34.163 --> 00:06:37.053 showing all the requests performed on the X-Road 00:06:37.077 --> 00:06:40.477 and all the services that it actually facilitates. 00:06:41.559 --> 00:06:44.345 And this is the real picture 00:06:44.369 --> 00:06:48.988 of all the connections between public and private sector data bases. 00:06:49.012 --> 00:06:50.163 As you can see, 00:06:50.187 --> 00:06:52.920 there is no central data base whatsoever. NOTE Paragraph 00:06:53.814 --> 00:06:57.576 Confidentiality and privacy are definitely very important. 00:06:57.600 --> 00:06:59.496 But in the digital world, 00:06:59.520 --> 00:07:02.490 reliability and integrity of information 00:07:02.514 --> 00:07:04.720 is just critical for operations. 00:07:05.546 --> 00:07:06.735 For instance, 00:07:06.759 --> 00:07:09.069 if someone changes your medical health record, 00:07:09.093 --> 00:07:11.081 let's say allergies, 00:07:11.105 --> 00:07:13.685 without you or your doctor knowing, 00:07:13.709 --> 00:07:15.811 treatment could be deadly. 00:07:16.621 --> 00:07:20.505 That's why in a digital society a system like Estonian one, 00:07:20.529 --> 00:07:23.323 where there's almost no paper originals, 00:07:23.347 --> 00:07:26.918 there's almost only digital originals, 00:07:26.942 --> 00:07:29.045 integrity of data, 00:07:29.069 --> 00:07:31.926 data exchange rules, software components 00:07:31.950 --> 00:07:34.275 and log files is paramount. 00:07:35.585 --> 00:07:40.760 We use a form of blockchain that we invented back in 2007, 00:07:40.784 --> 00:07:44.142 way before blockchain even became a thing, 00:07:44.166 --> 00:07:48.602 to check and guarantee the integrity of data in real time. 00:07:49.396 --> 00:07:51.761 Blockchain is our auditor 00:07:51.785 --> 00:07:55.118 and a promise that no access to the data 00:07:55.142 --> 00:07:58.275 or data manipulation remains unrecorded. NOTE Paragraph 00:08:02.076 --> 00:08:06.696 Data ownership is another key principle in the design of the system. 00:08:07.641 --> 00:08:12.066 Aren't you worried by the fact that governments, tech companies, 00:08:12.090 --> 00:08:14.002 and other businesses around the world 00:08:14.026 --> 00:08:17.454 claim data they've collected about you theirs, 00:08:17.478 --> 00:08:21.616 generally refuse to give access to that information, 00:08:21.640 --> 00:08:24.974 and often fail to prove how it was used 00:08:24.998 --> 00:08:26.931 or shared with third parties? 00:08:28.354 --> 00:08:32.688 I don't know, for me it seems like a quite disturbing situation. 00:08:34.080 --> 00:08:37.690 The Estonian system is based on the principle 00:08:37.714 --> 00:08:42.141 that an individual is the owner of the data collected about him. 00:08:42.165 --> 00:08:47.299 Thus, has an absolute right to know what information is collected 00:08:47.323 --> 00:08:49.490 and who has been accessing it. 00:08:50.220 --> 00:08:54.299 Every time a policeman, a doctor or any state officer 00:08:54.323 --> 00:08:57.910 is accessing personal information of the citizens online, 00:08:57.934 --> 00:09:02.299 first they only get to access it after logging in 00:09:02.323 --> 00:09:05.752 to the information they're authorized to see to do their job. 00:09:05.776 --> 00:09:09.791 And secondly, every time they're making requests, 00:09:09.815 --> 00:09:12.021 this is saved in a log file. 00:09:14.664 --> 00:09:19.029 [unclear] log file is part of the state public services 00:09:19.053 --> 00:09:21.276 and allows real transparency, 00:09:21.300 --> 00:09:26.704 making sure no privacy violation will remain unnoticed to the citizen. NOTE Paragraph 00:09:28.017 --> 00:09:31.668 Now, of course, this is only a simplified summary 00:09:31.692 --> 00:09:36.386 of all the design principles that e-Estonia is built on. 00:09:37.918 --> 00:09:40.315 And now, government is building up 00:09:41.450 --> 00:09:45.466 to get ready for use of artificial intelligence 00:09:45.490 --> 00:09:49.220 and building a whole new generation of public services, 00:09:49.244 --> 00:09:50.871 proactive services, 00:09:50.895 --> 00:09:52.680 that would activate seamlessly 00:09:52.704 --> 00:09:55.990 based on different life situations that people might be in, 00:09:56.014 --> 00:10:00.745 such as childbirth, unemployment or starting a business. NOTE Paragraph 00:10:03.269 --> 00:10:04.444 Now, of course, 00:10:04.460 --> 00:10:07.856 running a digital society with no paper backup 00:10:07.880 --> 00:10:09.414 can be an issue, right? 00:10:10.396 --> 00:10:13.446 Even though we trust our systems to be solid, 00:10:13.470 --> 00:10:18.768 but one can never be too cautious as we experienced back in 2007, 00:10:18.792 --> 00:10:22.566 when the first cyber incident happened, 00:10:22.590 --> 00:10:25.315 and it literally blocked part of our networks, 00:10:25.339 --> 00:10:28.702 making access to the services impossible for hours. 00:10:29.583 --> 00:10:30.733 We survived. 00:10:31.266 --> 00:10:36.480 But this event put cyber security at the very top of agenda, 00:10:36.504 --> 00:10:40.624 both in terms of strengthening the platform and backing it up. NOTE Paragraph 00:10:41.956 --> 00:10:46.511 So how do you back up a country-wide system in a small state 00:10:46.535 --> 00:10:48.669 where everything is super close? 00:10:49.490 --> 00:10:53.752 Well for instance, you can export copy of the data 00:10:53.776 --> 00:10:55.895 outside the country territory 00:10:55.919 --> 00:10:59.561 to an extraterritorial space of an embassy. 00:11:00.522 --> 00:11:03.839 Today, we have those data embassies 00:11:03.863 --> 00:11:08.315 that are holding of the most critical digital assets of Estonia, 00:11:08.339 --> 00:11:11.387 guaranteeing continuity of operations, 00:11:11.411 --> 00:11:12.942 protection of our data, 00:11:12.966 --> 00:11:15.902 and most importantly, our sovereignty. 00:11:16.260 --> 00:11:20.259 Even in case of a physical attack on our territory. 00:11:22.035 --> 00:11:24.003 Some of you might be thinking by now, 00:11:24.027 --> 00:11:25.963 where are the downsides? 00:11:27.083 --> 00:11:29.559 Well, going all digital 00:11:29.583 --> 00:11:34.251 is administratively, and let's be honest, financially more efficient. 00:11:34.862 --> 00:11:37.529 Interfacing primarily with computer systems, 00:11:37.553 --> 00:11:40.339 might create an impression that the human factor, 00:11:40.363 --> 00:11:42.164 elected politicians, 00:11:42.188 --> 00:11:44.149 and participating in democratic processes 00:11:44.173 --> 00:11:46.378 is somehow less important. 00:11:47.061 --> 00:11:48.878 And there are also some people 00:11:48.902 --> 00:11:51.434 who feel threatened by pervasive technology 00:11:51.458 --> 00:11:53.925 that might make their skills obsolete. NOTE Paragraph 00:11:55.688 --> 00:11:58.064 So all in all, unfortunately, 00:11:58.088 --> 00:12:00.005 running a country on a digital platform 00:12:00.029 --> 00:12:03.778 has not saved us from political power struggles 00:12:03.802 --> 00:12:06.405 and polarization in the society, 00:12:06.429 --> 00:12:08.990 as we have seen in the last elections. 00:12:09.014 --> 00:12:11.531 Well, until there are humans involved. NOTE Paragraph 00:12:13.927 --> 00:12:15.934 One last question. 00:12:16.649 --> 00:12:19.053 If everything is location-independent 00:12:19.077 --> 00:12:22.744 and I can access all of the services from anywhere in the world, 00:12:22.768 --> 00:12:25.823 why cannot others tap into some of these services, 00:12:25.847 --> 00:12:28.555 even if they don't reside within Estonian borders? 00:12:30.009 --> 00:12:31.469 Five years ago, 00:12:31.493 --> 00:12:35.842 we launched a governmental start-up called e-Residency program 00:12:35.866 --> 00:12:39.654 that for the day joins tens of thousands of people. 00:12:40.429 --> 00:12:45.715 These are businessmen and women from 136 different countries, 00:12:45.739 --> 00:12:48.834 who established their businesses digitally, 00:12:48.858 --> 00:12:51.461 who do their banking online, 00:12:51.485 --> 00:12:57.403 and who run their companies virtually over e-Estonia platform, 00:12:57.427 --> 00:13:01.090 within European Union legal framework, 00:13:01.114 --> 00:13:04.855 using an e-identity card similar to mine 00:13:04.879 --> 00:13:08.186 and all of that from anywhere in the world. NOTE Paragraph 00:13:09.624 --> 00:13:13.163 The Estonian system is location-independent 00:13:13.187 --> 00:13:14.862 and user-centric. 00:13:14.886 --> 00:13:19.625 It prioritizes inclusiveness, openness and reliability. 00:13:20.038 --> 00:13:23.741 It puts security and transparency at its center. 00:13:24.284 --> 00:13:28.173 And the data into the hands of the rightful owner, 00:13:28.197 --> 00:13:30.181 the person they refer to. 00:13:30.722 --> 00:13:32.666 Don't take my word for it. 00:13:32.690 --> 00:13:33.840 Try it. NOTE Paragraph 00:13:34.349 --> 00:13:35.508 Thank you. NOTE Paragraph 00:13:35.532 --> 00:13:40.230 (Applause)