WEBVTT 00:00:01.000 --> 00:00:02.809 Almost 30 years ago, 00:00:02.833 --> 00:00:06.750 my country was facing the need to rebuild everything from scratch. 00:00:07.333 --> 00:00:09.518 After years of Soviet occupation, 00:00:09.542 --> 00:00:13.768 Estonia regained its independence, but we were left with nothing. 00:00:13.792 --> 00:00:18.226 No infrastructure, no administration, no legal code. 00:00:18.250 --> 00:00:20.125 Organizational chaos. 00:00:20.708 --> 00:00:21.976 Out of necessity, 00:00:22.000 --> 00:00:25.434 the state leaders back then had to make some daring choices. 00:00:25.458 --> 00:00:28.018 The ones that our country could afford. 00:00:28.042 --> 00:00:30.934 There was a lot of experimentation and uncertainty 00:00:30.958 --> 00:00:32.768 but also a bit of luck involved, 00:00:32.792 --> 00:00:35.434 particularly in the fact that we could count on a number 00:00:35.458 --> 00:00:37.018 of brilliant visionaries, 00:00:37.042 --> 00:00:40.184 cryptographers and engineers. 00:00:40.208 --> 00:00:42.476 I was just a kid back then. 00:00:42.500 --> 00:00:46.792 Today, we are called the most digital society on earth. NOTE Paragraph 00:00:48.167 --> 00:00:49.434 I'm from Estonia, 00:00:49.458 --> 00:00:53.559 and we've been declaring taxes online since 2001. 00:00:53.583 --> 00:00:58.309 We have been using digital identity and signature since 2002. 00:00:58.333 --> 00:01:01.684 We've been voting online since 2005. 00:01:01.708 --> 00:01:04.976 And for today, pretty much the whole range of the public services 00:01:05.000 --> 00:01:06.518 that you can imagine: 00:01:06.542 --> 00:01:11.059 education, police, justice, starting a company, 00:01:11.083 --> 00:01:13.976 applying for benefits, looking at your health record 00:01:14.000 --> 00:01:16.059 or challenging a parking ticket -- 00:01:16.083 --> 00:01:19.143 that's everything that is done online. 00:01:19.167 --> 00:01:21.934 In fact, it's much easier to tell you 00:01:21.958 --> 00:01:25.351 what are the three things we cannot yet do online. 00:01:25.375 --> 00:01:28.768 We have to show up to pick up our ID documents, 00:01:28.792 --> 00:01:30.851 get married or divorced, 00:01:30.875 --> 00:01:32.684 or sell real estate. 00:01:32.708 --> 00:01:34.292 That's pretty much it. 00:01:36.208 --> 00:01:39.809 So, that's why don't freak out 00:01:39.833 --> 00:01:41.934 when I tell you that every year 00:01:41.958 --> 00:01:45.851 I can't wait to start doing my tax declaration. NOTE Paragraph 00:01:45.875 --> 00:01:46.893 (Laughter) NOTE Paragraph 00:01:46.917 --> 00:01:48.934 Because all I have to do 00:01:48.958 --> 00:01:51.059 is sit on my couch with a mobile phone, 00:01:51.083 --> 00:01:55.101 swipe a few pages with prefilled data on income and deductions 00:01:55.125 --> 00:01:56.809 and hit submit. 00:01:56.833 --> 00:01:58.393 After three minutes, 00:01:58.417 --> 00:02:01.059 I'm looking at the tax return amount. 00:02:01.083 --> 00:02:05.393 It actually feels like a quite rewarding experience. 00:02:05.417 --> 00:02:07.434 No tax advisors, 00:02:07.458 --> 00:02:09.726 no collecting receipts, 00:02:09.750 --> 00:02:11.292 no doing the math. 00:02:12.625 --> 00:02:15.393 And have I mentioned that I have not visited a state office 00:02:15.417 --> 00:02:16.958 for almost seven years? NOTE Paragraph 00:02:18.667 --> 00:02:21.976 Indeed, one of the features of the modern life 00:02:22.000 --> 00:02:24.184 that has no reason to exist anymore, 00:02:24.208 --> 00:02:27.018 considering technological possibilities of today, 00:02:27.042 --> 00:02:29.684 is the labyrinth of bureaucracy. 00:02:29.708 --> 00:02:32.351 We've almost got rid of it completely in Estonia, 00:02:32.375 --> 00:02:36.518 in an effort coordinated by the government that has also digitized itself. 00:02:36.542 --> 00:02:41.458 For instance, cabinet of ministers' work in e-Cabinet is absolutely paperless. NOTE Paragraph 00:02:43.375 --> 00:02:46.476 The central idea behind this development 00:02:46.500 --> 00:02:49.184 is transformation of the state role 00:02:49.208 --> 00:02:52.125 and digitalization of trust. 00:02:52.833 --> 00:02:54.101 Think about it. 00:02:54.125 --> 00:02:57.976 In most countries, people don't trust their governments. 00:02:58.000 --> 00:03:01.059 And the governments don't trust them back. 00:03:01.083 --> 00:03:04.351 And all the complicated paper-based formal procedures 00:03:04.375 --> 00:03:06.851 are supposed to solve that problem. 00:03:06.875 --> 00:03:09.143 Except that they don't. 00:03:09.167 --> 00:03:12.393 They just make life more complicated. 00:03:12.417 --> 00:03:17.101 I believe Estonian experience is showing that technology can be the remedy 00:03:17.125 --> 00:03:18.934 for getting the trust back, 00:03:18.958 --> 00:03:20.934 while creating an efficient, 00:03:20.958 --> 00:03:24.976 user-centric service delivery system 00:03:25.000 --> 00:03:28.458 that actively responds to citizens' needs. NOTE Paragraph 00:03:29.833 --> 00:03:33.768 We did not do it by digitizing bureaucracy as it is. 00:03:33.792 --> 00:03:38.184 But by rather agreeing on a few strong, common principles, 00:03:38.208 --> 00:03:40.684 redesigning rules and procedures, 00:03:40.708 --> 00:03:43.309 getting rid of unnecessary data collection 00:03:43.333 --> 00:03:45.268 and task duplication, 00:03:45.292 --> 00:03:48.851 and becoming open and transparent. NOTE Paragraph 00:03:48.875 --> 00:03:50.268 Let me give you a glimpse 00:03:50.292 --> 00:03:53.958 into some of the key e-Estonia design principles today. 00:03:56.042 --> 00:04:00.893 First, it is essential to guarantee privacy and confidentiality 00:04:00.917 --> 00:04:03.059 of data and information. 00:04:03.083 --> 00:04:06.643 This is achieved through a strong digital identity 00:04:06.667 --> 00:04:08.518 that is issued by the state 00:04:08.542 --> 00:04:10.559 and compatible with everything. 00:04:10.583 --> 00:04:13.125 In fact, every Estonian has one. 00:04:14.000 --> 00:04:18.559 The identity is doubled with a strong digital signature 00:04:18.583 --> 00:04:22.768 that is accepted, used and legally binding 00:04:22.792 --> 00:04:25.500 both in Estonia and the European Union. 00:04:26.708 --> 00:04:32.101 When the system can properly and securely identify who is using it, 00:04:32.125 --> 00:04:37.018 after logging in, it will provide access to the personal data of the citizen 00:04:37.042 --> 00:04:40.809 and all the public services within one tool, 00:04:40.833 --> 00:04:44.625 and allow to authorize anything by signing digitally. NOTE Paragraph 00:04:46.583 --> 00:04:50.226 A second principle, and one of the most transformative, 00:04:50.250 --> 00:04:53.268 is called "Once only." 00:04:53.292 --> 00:04:57.184 It means that the state cannot ask for the same data 00:04:57.208 --> 00:04:59.059 more than once, 00:04:59.083 --> 00:05:02.893 nor can store it in more than one place. 00:05:02.917 --> 00:05:04.184 For instance, 00:05:04.208 --> 00:05:07.143 if you've already provided your birth or marital certificate 00:05:07.167 --> 00:05:09.101 to the population registry, 00:05:09.125 --> 00:05:12.059 this is the only place where this data is going to be held. 00:05:12.083 --> 00:05:16.625 And no other institution will be ever asking for it again. 00:05:17.583 --> 00:05:20.684 Once only is a very powerful rule, 00:05:20.708 --> 00:05:24.768 as it defines the whole structure of the data collection in a country, 00:05:24.792 --> 00:05:26.476 what information is collected 00:05:26.500 --> 00:05:29.268 and who is responsible for maintaining it, 00:05:29.292 --> 00:05:32.393 making sure we avoid centralization of data, 00:05:32.417 --> 00:05:34.184 duplication of data, 00:05:34.208 --> 00:05:37.208 and guarantee that it's actually up to date. NOTE Paragraph 00:05:38.792 --> 00:05:42.268 This distributed approach also avoids the problem 00:05:42.292 --> 00:05:45.059 of the single point of failure. 00:05:45.083 --> 00:05:48.226 But since the data cannot be replicated, 00:05:48.250 --> 00:05:50.351 or collected more than once, 00:05:50.375 --> 00:05:53.309 it means that the design has to keep in mind 00:05:53.333 --> 00:05:56.851 secure and robust access to that information at all times, 00:05:56.875 --> 00:06:00.083 so the public institution can offer a service. NOTE Paragraph 00:06:01.208 --> 00:06:05.559 This is exactly the role of the data exchange platform 00:06:05.583 --> 00:06:07.768 called the X-Road 00:06:07.792 --> 00:06:10.708 that has been in use since 2001. 00:06:11.708 --> 00:06:13.351 Just like a highway, 00:06:13.375 --> 00:06:17.018 it connects public sector databases and registries, 00:06:17.042 --> 00:06:19.851 local municipalities and businesses, 00:06:19.875 --> 00:06:25.309 organizing a real-time, secure and regulated data exchange, 00:06:25.333 --> 00:06:29.542 saving an auditable trace after each move. 00:06:31.500 --> 00:06:34.143 Here's a screenshot of a live feed 00:06:34.167 --> 00:06:37.059 showing all the requests performed on the X-Road 00:06:37.083 --> 00:06:40.458 and all the services that it actually facilitates. 00:06:41.542 --> 00:06:44.351 And this is the real picture 00:06:44.375 --> 00:06:48.976 of all the connections between public and private sector databases. 00:06:49.000 --> 00:06:50.268 As you can see, 00:06:50.292 --> 00:06:52.917 there is no central database whatsoever. NOTE Paragraph 00:06:53.833 --> 00:06:57.559 Confidentiality and privacy are definitely very important. 00:06:57.583 --> 00:06:59.476 But in the digital world, 00:06:59.500 --> 00:07:02.476 reliability and integrity of information 00:07:02.500 --> 00:07:04.708 is just critical for operations. 00:07:05.458 --> 00:07:06.726 For instance, 00:07:06.750 --> 00:07:09.059 if someone changes your medical health record, 00:07:09.083 --> 00:07:11.101 let's say allergies, 00:07:11.125 --> 00:07:13.684 without you or your doctor knowing, 00:07:13.708 --> 00:07:15.750 treatment could be deadly. 00:07:16.625 --> 00:07:20.518 That's why in a digital society, a system like an Estonian one, 00:07:20.542 --> 00:07:23.309 when there's almost no paper originals, 00:07:23.333 --> 00:07:26.934 there's almost only digital originals, 00:07:26.958 --> 00:07:29.059 integrity of data, 00:07:29.083 --> 00:07:31.934 data exchange rules, software components 00:07:31.958 --> 00:07:34.292 and log files is paramount. 00:07:35.583 --> 00:07:40.768 We use a form of blockchain that we invented back in 2007, 00:07:40.792 --> 00:07:44.143 way before blockchain even became a thing, 00:07:44.167 --> 00:07:48.583 to check and guarantee the integrity of data in real time. 00:07:49.417 --> 00:07:51.768 Blockchain is our auditor 00:07:51.792 --> 00:07:55.101 and a promise that no access to the data 00:07:55.125 --> 00:07:58.292 or data manipulation remains unrecorded. NOTE Paragraph 00:08:02.083 --> 00:08:06.708 Data ownership is another key principle in the design of the system. 00:08:07.625 --> 00:08:12.059 Aren't you worried by the fact that governments, tech companies 00:08:12.083 --> 00:08:14.018 and other businesses around the world 00:08:14.042 --> 00:08:17.434 claim data they've collected about you is theirs, 00:08:17.458 --> 00:08:21.601 generally refuse to give access to that information, 00:08:21.625 --> 00:08:24.976 and often fail to prove how it was used 00:08:25.000 --> 00:08:27.167 or shared with third parties? 00:08:28.333 --> 00:08:31.958 I don't know, for me it seems like a quite disturbing situation. NOTE Paragraph 00:08:34.083 --> 00:08:37.684 The Estonian system is based on the principle 00:08:37.708 --> 00:08:42.226 that an individual is the owner of the data collected about him, 00:08:42.250 --> 00:08:47.309 thus has an absolute right to know what information is collected 00:08:47.333 --> 00:08:50.184 and who has been accessing it. 00:08:50.208 --> 00:08:54.309 Every time a policeman, a doctor or any state officer 00:08:54.333 --> 00:08:57.893 is accessing personal information of the citizens online, 00:08:57.917 --> 00:09:02.309 first they only get to access it after logging in 00:09:02.333 --> 00:09:05.768 to the information they're authorized to see to do their job. 00:09:05.792 --> 00:09:09.809 And secondly, every time they're making requests, 00:09:09.833 --> 00:09:12.042 this is saved in a log file. 00:09:14.667 --> 00:09:19.018 This detailed log file is part of the state public services 00:09:19.042 --> 00:09:21.268 and allows real transparency, 00:09:21.292 --> 00:09:26.708 making sure no privacy violation will remain unnoticed to the citizen. NOTE Paragraph 00:09:28.000 --> 00:09:31.684 Now, of course, this is only a simplified summary 00:09:31.708 --> 00:09:36.375 of all the design principles that e-Estonia is built on. 00:09:37.917 --> 00:09:40.333 And now, government is building up 00:09:41.458 --> 00:09:45.476 to get ready for use of artificial intelligence 00:09:45.500 --> 00:09:49.226 and building a whole new generation of public services -- 00:09:49.250 --> 00:09:50.851 proactive services 00:09:50.875 --> 00:09:52.684 that would activate seamlessly 00:09:52.708 --> 00:09:55.976 based on different life situations that people might be in, 00:09:56.000 --> 00:10:00.750 such as childbirth, unemployment or starting a business. NOTE Paragraph 00:10:03.250 --> 00:10:04.518 Now, of course, 00:10:04.542 --> 00:10:07.851 running a digital society with no paper backup 00:10:07.875 --> 00:10:09.417 can be an issue, right? 00:10:10.417 --> 00:10:13.434 Even though we trust our systems to be solid, 00:10:13.458 --> 00:10:18.768 but one can never be too cautious as we experienced back in 2007, 00:10:18.792 --> 00:10:22.559 when the first cyberincident happened, 00:10:22.583 --> 00:10:25.309 and it literally blocked part of our networks, 00:10:25.333 --> 00:10:28.667 making access to the services impossible for hours. 00:10:29.583 --> 00:10:31.226 We survived. 00:10:31.250 --> 00:10:36.476 But this event put cybersecurity at the very top of agenda, 00:10:36.500 --> 00:10:40.917 both in terms of strengthening the platform and backing it up. NOTE Paragraph 00:10:41.958 --> 00:10:46.518 So how do you back up a country-wide system in a small state 00:10:46.542 --> 00:10:48.667 where everything is super close? 00:10:49.500 --> 00:10:53.768 Well for instance, you can export a copy of the data 00:10:53.792 --> 00:10:55.893 outside the country territory 00:10:55.917 --> 00:10:59.542 to an extraterritorial space of an embassy. 00:11:00.542 --> 00:11:03.851 Today, we have those data embassies 00:11:03.875 --> 00:11:08.309 that are holding the most critical digital assets of Estonia, 00:11:08.333 --> 00:11:11.393 guaranteeing continuity of operations, 00:11:11.417 --> 00:11:12.934 protection of our data, 00:11:12.958 --> 00:11:16.226 and most importantly, our sovereignty. 00:11:16.250 --> 00:11:20.250 Even in case of a physical attack on our territory. NOTE Paragraph 00:11:22.042 --> 00:11:24.018 Some of you might be thinking by now: 00:11:24.042 --> 00:11:25.958 Where are the downsides? 00:11:27.083 --> 00:11:29.559 Well, going all digital 00:11:29.583 --> 00:11:34.851 is administratively, and let's be honest, financially more efficient. 00:11:34.875 --> 00:11:37.518 Interfacing primarily with computer systems 00:11:37.542 --> 00:11:40.351 might create an impression that the human factor, 00:11:40.375 --> 00:11:42.184 elected politicians 00:11:42.208 --> 00:11:44.161 and participating in democratic processes 00:11:44.185 --> 00:11:47.018 is somehow less important. 00:11:47.042 --> 00:11:48.893 And there are also some people 00:11:48.917 --> 00:11:51.434 who feel threatened by pervasive technology 00:11:51.458 --> 00:11:53.917 that might make their skills obsolete. 00:11:55.708 --> 00:11:58.059 So all in all, unfortunately, 00:11:58.083 --> 00:12:00.018 running a country on a digital platform 00:12:00.042 --> 00:12:03.768 has not saved us from political power struggles 00:12:03.792 --> 00:12:06.393 and polarization in the society, 00:12:06.417 --> 00:12:08.976 as we have seen in the last elections. 00:12:09.000 --> 00:12:11.542 Well, until there are humans involved. NOTE Paragraph 00:12:13.917 --> 00:12:16.643 One last question. 00:12:16.667 --> 00:12:19.059 If everything is location-independent 00:12:19.083 --> 00:12:22.726 and I can access all of the services from anywhere in the world, 00:12:22.750 --> 00:12:25.809 why cannot others tap into some of these services, 00:12:25.833 --> 00:12:28.542 even if they don't reside within Estonian borders? 00:12:30.000 --> 00:12:31.476 Five years ago, 00:12:31.500 --> 00:12:35.851 we launched a governmental start-up called e-Residency program 00:12:35.875 --> 00:12:40.393 that for today joins tens of thousands of people. 00:12:40.417 --> 00:12:45.726 These are businessmen and women from 136 different countries, 00:12:45.750 --> 00:12:48.851 who establish their businesses digitally, 00:12:48.875 --> 00:12:51.476 who do their banking online, 00:12:51.500 --> 00:12:57.393 and who run their companies virtually over e-Estonia platform, 00:12:57.417 --> 00:13:01.101 within European Union legal framework, 00:13:01.125 --> 00:13:04.851 using an e-identity card similar to mine 00:13:04.875 --> 00:13:08.167 and all of that from anywhere in the world. 00:13:09.625 --> 00:13:13.143 The Estonian system is location-independent 00:13:13.167 --> 00:13:14.851 and user-centric. 00:13:14.875 --> 00:13:20.018 It prioritizes inclusiveness, openness and reliability. 00:13:20.042 --> 00:13:24.268 It puts security and transparency at its center. 00:13:24.292 --> 00:13:28.184 And the data into the hands of the rightful owner, 00:13:28.208 --> 00:13:30.684 the person they refer to. 00:13:30.708 --> 00:13:32.684 Don't take my word for it. 00:13:32.708 --> 00:13:34.309 Try it. NOTE Paragraph 00:13:34.333 --> 00:13:35.684 Thank you. NOTE Paragraph 00:13:35.708 --> 00:13:40.250 (Applause)