‘It’s got us very intrigued’: MPs to study how Canada can learn from ‘digitally advanced’ Estonia

By Stuart Thomson

Wired Magazine even deemed the country ‘E-stonia, the world’s most digitally advanced society’

Some members of parliament will be studying an age-old question this spring: how can Canada be more like Estonia?

Since the fall of the Soviet Union, the tiny Baltic country has turbocharged its government services, becoming the first nation to allow citizens to vote online and offering a slew of amenities through a single digital portal. Wired Magazine even deemed the country “E-stonia, the world’s most digitally advanced society.”

Now, after releasing its final report on a data breach involving Facebook and Cambridge Analytica in December, the House of Commons privacy committee will be looking at how Canada can follow the Estonian model on digital government services.

Committee chair and Conservative MP Bob Zimmer said he’s hopeful that members of the committee will be able to travel to Estonia to see it firsthand.

“I don’t know if the Estonian model is possible, but we’re definitely interested,” said Zimmer. “It’s got us very intrigued, how they preserve the sanctity of personal data. That’s always something we want to see.”

The Estonians have shovelled resources not just into privacy, but also into ensuring that government services are useful and user-friendly.

I don’t know if the Estonian model is possible, but we’re definitely interested

“I don’t think governments think of themselves as being in the customer service business, but they are,” said Liberal MP Nathaniel Erskine-Smith, who is a vice-chair on the committee, which will begin studying the issue at the end of January.

Erskine-Smith said governments at all levels should be looking for ways to improve digital services, especially with recent high-profile failures like the federal government’s Phoenix pay system.

This photo taken on Thursday, Nov. 15 2018, shows an exhibition in Tallinn presenting Estonia’s digital achievements. David Keyton/AP Photo

“We obviously don’t have a strong track record on digital projects … but they are extremely important,” he said.

A House committee can study an issue and offer recommendations, but the government is under no obligation to follow them. Recent recommendations from the privacy committee on bringing political parties under Canada’s privacy laws have gone unheeded by the Liberal government, for example.

Although MPs are keen to study the privacy and security implications, revamping the country’s digital services would also make dealing with the government a little less rage-inducing for Canadians. Estonia has a “once-only” principle, which means the government can’t ask for data if it has already been provided to some other department. And the most popular government service in Estonia is the digital signature, which means people don’t have to worry about physically signing government forms.

The Estonian system revolves around digital ID cards that function in the cyber world the same way passports do in the physical world. The cards also double as encryption devices to help secure the information.

Estonians can log in to a central portal and access government services and see a record of when that information was accessed by public servants. This allows for radical transparency that flows two ways: Estonians can, for example, see whenever a police officer has run their license plate or they can look up information about politicians, such as property records. They have the ability to vote online, which 30 per cent of the population does, and they can verify in the portal if their vote has been recorded.

Representatives from Estonia told the committee last year that the best place for a country like Canada to start would be providing a similar “digital identity” to its citizens.

Erskine-Smith said its worth studying the Estonian system not just for the customer service benefits for taxpayers, but also to examine the data safeguards the country has implemented. Although health records and tax records can be accessed by citizens in the portal, they are walled off behind the scenes, meaning that only people who are authorized to look at the information can see it.

Much of the Estonian cybersecurity regime grew out of the country’s response to a massive cyber attack likely carried out by the Russian government in 2007. At the time it was considered the second-largest act of cyber warfare in the world. In response, Estonia set up a Cyber Defence Unit, which is trained by the defence ministry and is made up of private sector experts who remain anonymous

Source: National Post

Protecting democracy and the digital way of life, with cyber diplomat Heli Tiirmaa-Klaar

January 2019

by Federico Plantera

Few fields generate divisive trends internationally as much as the cybersphere. With the emergence of information society and its establishment reaching full maturity, advantages come together with risks.

As the digital becomes more and more positively pervasive in our everyday existence, malicious actors also have the chance to exploit eventual weaknesses of vulnerable cyber subjects to shake the stability of our democracies at their very core. Developing strategies and antibodies against such threats become fundamental not only to shield the society on the outside but also to strengthen our own digital way of life.

Introductions should not be necessary in this case, but sometimes we can let pride prevail. Heli Tiirmaa-Klaar is the Ambassador-at-Large for Cyber Security at the Estonian Ministry of Foreign Affairs. Over ten years of high-level experience in cyber-affairs on her side, including positions at NATO and the EU, made her one of POLITICO’s game changers likely to shape our world in 2019.

In a world that sees alliances and blocs realign along specific patterns, Ambassador Tiirmaa-Klaar can help us collect our thoughts and get a grasp of what awaits advanced democracies this year. When big political actors join the playground, there’s always a lot at stake.

Heli Tiirmaa-Klaar, Estonia’s Ambassador at Large for Cyber Security

When it comes to cyberspace regulation, Western powers seem to head towards a certain direction, other countries to another. Are we witnessing the emergence of a new, cyber cold war?

I would not say that there is a new cyber cold war emerging. However, it is true that, when it comes to global cyber issues,  countries often project their existing political views to this relatively new field. Authoritarian countries promote government control over the free Internet, and democratic countries would like to see an open and free cyberspace with free flow of information. It is clear that the conventional power dynamics from the last century are still visible. However, we are seeing many emerging powers in the global arena that are making the polarisation less clear. This is also illustrated by the fact that many nations see the value of the open cyberspace for their social and economic development, indicating a clear interest in making their voice heard, as well as their willingness to contribute to the global discussions on cyber issues.

What are the main threats that states and democracies see ahead, today, to their cybersecurity?

There are many issue-areas that states are currently working to solve. Since 2016, election security, disinformation and large-scale cyber operations have shifted the focus of what states are now trying to regulate in cyberspace. The common denominator is the fact that we need to assure that state actors know that what they are doing in the cyberspace is taken seriously and, in case their actions and intentions could be considered harmful to other states, that there is a clear response. Therefore, many states have already developed – or are in the process of developing – robust attribution and response mechanisms.

Since cybersecurity breaches can have serious consequences, the response to the perpetrator should aim at reducing the possibility of occurrence of any among such actions, which is why the response mechanisms should not only be limited to cyber means but also include political steps.

Additionally, cybercrime is a growing concern, particularly in light of the recent large-scale cybercrime cases, such as NotPetya and WannaCry. Although the two named incidents have been attributed to state actors, cybercrime on a smaller scale can also be a threatcoming from non-state actors. This is the primary reason why the EU is constantly advocating the recognition of the Convention on Cybercrime, as well as the establishment of domestic cybercrime legislation in countries where the current legislative system would be powerless against cybercrime.

With the elections to renew the European Parliament in spring this year, do you feel like European countries need to increase the level of readiness towards cyber threats?

The upcoming European Parliament elections in May this year will definitely bring election security and, within it, internet-enabled election meddling into the limelight. The key elements of concern also addressed by the European Commission already in September 2018 included preparedness for online manipulation. This is why greater transparencyin online political advertisements is needed. At the same time, awareness of the micro-level of news consumers is necessary.

In some of the previous elections in the EU, and also outside the Union, we have witnessed some scandalous stories emerging only shortly before the elections. Any signs that look out of the ordinary should be treated cautiously. Now more than ever people need to use common sense when coming across stories online from unverified sources.

On the other hand, the strong suit of the European Parliament elections is the fragmentation of the election structure – it is more difficult to influence elections in the EU as a whole because each member state requires a different approach, although the potential threat against some of the key member states is always there and greater than in others.

Estonia has witnessed already what it means to experience a cyberattack (2007). Is this a chance for us to establish or reaffirm our position internationally at the forefront of the fight, legal and technical, for safer cyberspace?

The 2007 cyberattacks were the turning point for Estonia’s internal cybersecurity policy development. Although we had set up our own national Computer Emergency Response Team (CERT) already in 2006, the events indicated many of the key elements that had to be either built up or improved significantly. Does the fact that we have contributed to improving our systems set us before other countries in the field? I believe that somewhat yes.

We have developed hugely since 2007 and due to our relatively small and dynamic digital ecosystem, it has been easy to keep our systems up to date and running even at times of some global large-scale cyber ransom cases. Which, however, did not affect Estonian organizations and this shows our strong effort to prevent cyber disruptions has been successful.

Some of our domestic structures have been constantly modified according to the changing threat environment. We have adopted the third generation Cybersecurity Strategy for 2019-2022 that is focusing on increasing the technological and organizational capacities throughout our entire digital ecosystem. We have already a list of elements that are being improved not for the first time and we are glad to share the experience with countries that are in the starting point with their own cybersecurity developments.

Let’s end on a lighter note: how does it feel to be included in Politico’s Class of 2019 among next year’s doers?

POLITICO’s news came as a very positive surprise to me. 2018 ended with an exceptionally busy period that has hopefully paved the way forward for our plans for this year. Cybersecurity is not an issue that will go away, but only grow in importance. We’ll need to make sure existing international law is applied in cyberspace and the norms of responsible behaviour for countries are clear and rigorously upheld.

Source: e-estonia

Estonia introduced a new ID card

January 2019

As of January this year, there are approximately 1.3 million ID cards being used in Estonia, which constitutes nearly 98% of the entire population of Estonia. Estonia is one of the few countries in the world where the ID card is a mandatory document.

Estonia also differs from other countries by the fact that the majority of (state) services are digitalised. Nearly 5,000 separate e-services enable people to run their daily errands without having to get off their computer at home. They can, for instance, enter into agreements, sign documents, submit various applications and so on, i.e. use digital channels and means to communicate with various state authorities and service providers. In 2017, 30% of voters cast their vote electronically during local elections, which indicates the widespread use of e-services as well as people’s trust towards the e-government. E-voting has been used in Estonia since 2005.

Over 800,000 people have used their ID card electronically at least once per year (entered the e-service or provided a signature), whereas approximately 300,000 ID card users use their card electronically on a weekly basis. In addition to the widespread use of the ID card, other authentication means are widely used as well, as 200,000 people have also adopted the Mobile-ID or Smart-ID (approx. 380,000).

Over 600 million digital signatures have been provided in Estonia since the first digital signature was given in 2002.

As of December last year, Estonia has adopted an ID card equipped with a new type of chip

The chip has two interfaces: regular contact interface and contactless interface (NFC interface). The latter enables services to authenticate the client by a wave of the ID card. The capacity of the new chip has increased, enabling to add new applications such as electronic tickets in public transportation or other electronically issued certifications.

The card has a new design and set of security elements. The existing black and white photograph is replaced by a colour photograph and various design elements inherent to Estonia, such as proverbs and nature photos, have been depicted on the card.

The new document is issued by the police to all people who have submitted an application as of 3 December 2018 for obtaining an ID card, a residency card, digital ID, express document or e-residency card. All documents issued prior to that date shall be valid until the date set out thereon, the last of the cards manufactured by the previous contractual partner Gemalto will expire in December 2023. The police issues around 10,000 ID cards each month.

New documents are manufactured for the Estonian state by French company IDEMIA, with whom the Police and Border Guard Board, as the issuer of documents, entered into an agreement in April 2017.

Development of e-ID depends on the readiness and cooperation of parties involved

Information System Authority (RIA) plays a prominent role in the shaping and development of the electronic identity (e-ID) in Estonia as well as elsewhere. For instance, RIA is responsible for ensuring that people can use the ID card electronically. The authority is also responsible for the development and management of ID card software (DigiDoc application), which can be used to process documents (open signed and encrypted documents as well as sign and encrypt documents). The software is currently used in approximately 600,000 computers.

In cooperation with the Police and Border Guard Board, RIA ensures the compliance of the security requirements regarding the electronic properties of the ID card with the best practices in the world as well as international standards. In terms of cross-border interoperability, Estonian e-ID means (chips and Mobile-ID) utilise certificates issued by a qualified trust service. This means that the certificates of Estonian electronic means of identification and the digital signatures provided via these means are automatically recognised in all public sector services in the EU. In addition, last autumn EU member states recognised the electronic identification security level of Estonian e-ID (ID card, residency card, e-residency card, digital ID and Mobile-ID) solutions as “High”. At this level, it is provided that all public sector services of EU member states shall accept the Estonian ID card upon logging into a service. Pursuant to the eIDAS regulation, countries have until the autumn of next year to implement necessary technical changes.

The success of Estonia in creating an e-society has inspired various countries and companies therein.

For instance, the international conference eID Forum 2018, which addressed issues regarding the future of electronic identity and IT-solutions and brought together over 300 private and public sector figures engaged in this area from across the world, was held in the Estonian capital Tallinn last September. This conference will take place in Estonia again this autumn.

Source: e-estonia

Will machines replace us all? The end of human work can wait

January 2019

by Federico Plantera

We all know the story, it’s something we’ve heard pretty often in the last couple of years – robots are taking over, machines will be the new workforce, humans will have to find something else to do. But is that quite the case?

Although it is true that robots and AI-based technologies are having a huge impact in certain sectors, such as deliveries and customer care to name a few, it is safe to assume that machines are not actually going to definitively take over most of our jobs in twenty years from now.

Various media outlets, or even tech executives in some cases, have pushed this narrative quite far in recent times. Examples can be found not only on the BBC, but also on The Guardian, on blogs, and of course on less prominent sources too. It seems that humanity is actually faced with an industrial revolution that will pose a serious threat to the structure of society and its institutions as we know them. If medical experts, writers, lawyers, accountants, front-desk bank operators can be replaced by machines, then let’s not even think about what could happen to factory employees, the unskilled workers, or the lower strata of the income distribution.

Let’s put the catastrophism aside and look at the data – a good exercise sometimes way too easily forgotten. According to authors Carl Benedikt Frey and Michael A. Osborneand their 2013 report, relative to the US context, about 47% of the States’ total employment is at risk due to automation. And it seems accurate if we look at occupations. Concerned much? You can check how likely is your job to be replaced by robots, just by typing your occupation and seeing the score it gets. But indeed, occupationis the magic word.

The authors are addressing a phenomenon called occupational change. It happened in the past, it’s happening now, it will happen in the future. For those not familiar with the debate, occupational change is related to the process of disappearance, creation, and transformation of jobs in the labour market – determinants, external collateral factors, dynamics. If we decide to stick with the analysis provided by Frey and Osborne, in about twenty years we will be ready to pack our stuff and dedicate ourselves to a life of otium, while only a few people will be able to keep their office duties safe from the revolution of work. And though technological advancements are not the only factor impacting the structure of our labour markets, the significance of such changes remains undeniable.

But what gives us hope, and why we can assume that that’s not what is going to happen? First of all, let’s shift the focus from occupations as a whole to a smaller unit of analysis – tasks. A recent study by Katharina Dengler and Britta Matthes published on Technological Forecasting and Social Change (2018) shows how the numbers are not wrong, and if we take into account entire occupations, about 47% of the workforce in Germany (country of reference for the study) in 2013 is engaged in jobs with high automation replacement rates. However, if we assume that only certain tasks can be substituted, 15% of the employees are at risk. Fun fact: occupations concerned with the production of technology, with business management, and with the IT sector, appear to be in the top 5 categories with the highest likelihood of being replaced by machines.

Percentage of substitution potentials by occupational segments in Germany, 2013. Source: Dengler and Matthes (2018)

In order to understand how technological change will trigger jobs transformation, and what we can do to limit the shortcomings of such disruption, we spoke to Luís Ortiz Gervasi, Associate Professor at Pompeu Fabra University in Barcelona (Catalonia, Spain) and expert in the field of labour market studies and employment policies. In Europe, we will witness an unevenly polarized occupational change, “where growth is going to be steeper in the upper part of the job quality distribution, with the bestoccupations paying off more, while the worst ones are going to grow as well and much more than the middle ones”, Ortiz says.

“It’s not only about technology, as if politics do not count at all, but that is one of the factors that can make income inequality increase more acutely”, Ortiz warns, with the result of fostering conflicts already present in the society between locals and migrants, or the losers and winners of globalization. Institutions and policies, then, will likely have the responsibility to compensate for the inequalities that partly will be generated by technological change.

In a recent interview on e-Estonia, Rene Tammist, the Estonian Minister of Entrepreneurship and Information Technology, posed the attention on how we should focus on the development of work-related digital skills, but also vocational education and academic studies. The nature of the Estonian labour market still presents a high demand for ICT specialists and highly trained workers, but skills remains a keyword of extreme importance, as also highlighted by a piece on Politico.eu.

Aside from specialization in ICT, what are the skills of the future in line with the forecasts and that will shelter workers from being replaced by machines? “Creative skills, social skills, et similia. But it’s not only a matter of skills, as much as of an effort to rethink tasks: we should focus on developing tasks within occupations, trying to adopt a human resource management approach, and designing jobs in a way that can make technological elements compatible with human capital development”, Ortiz states. Among the tools and policies that can make it work, “vocational training is an institution that is quite salient, in particular, durable vocational training. Then welfare measures, and Active Labour Market Policies (ALMP) to improve the employability of the labour force that we feel could be insufficiently trained once it is already in the labour market”, Ortiz concludes.

Everything’s not lost. It’s not that we need a message of encouragement, but it is somewhat comforting to know that the end of work is not as close as we may think. David Autor, Professor and Economist at MIT (US), puts it very clearly: “Automating some subsets of those tasks [within occupations] does not make the other ones unnecessary, it makes them more important, and it increases their economic value”, he states. We stand by that, valuing technological innovation and valuing people, together. The way work will look like in the future is not determined by an unforeseeable divine will, but by the direction we want to give to growth and development in society.

Source: e-estonia

First EU citizens using ePrescriptions in other EU country

Today, the first EU patients can use digital prescriptions issued by their home doctor when visiting a pharmacy in another EU country: Finnish patients are now able to go to a pharmacy in Estonia and retrieve medicine prescribed electronically by their doctor in Finland.

January 2019

The initiative applies to all ePrescriptions prescribed in Finland and to the Estonian pharmacies that have signed the agreement. The novelty of this initiative is that the ePrescriptions are visible electronically to participating pharmacists in the receiving country via the new eHealth Digital Service Infrastructure, without the patient having to provide a written prescription. This is in line with our policy on Digital Health and Care, which aims to empower patients by giving access to their health data and ensuring continuity of care.

Andrus Ansip, Vice President for the Digital Single Market, said: “Congratulations to Finland and Estonia for showing the path in eHealth cooperation between states and I would like other countries to follow soon. People should be able to use their e-prescriptions across borders. Free movement is a founding principle of the EU: we must make it as easy as possible for people to get treatment or medicines when abroad in the EU. The next major step will be to simplify patient access to their very own health data, by developing a common format for exchanging electronic health records between EU countries.”

Vytenis Andriukaitis, Commissioner for Health and Food Safety, said: “I very much welcome the first step in the exchange of ePrescriptions between Finland and Estonia. Sharing ePrescriptions and Patient Summaries will be crucial for patient safety as it can help doctors to better understand a foreign patient’s medical history and can reduce the risks of incorrect medication and the costs of duplicate tests.The Commission will continue its support to expand these exchanges across the EU.“

Mariya Gabriel,Commissioner for Digital Economy and Society, said: “This is a great starting point for better care for citizens, something arguably very important for them. ePrescriptions and International Patient Summaries can save lives in case of emergency situations. The EU Budget financed the technical solutions used for these exchanges, showing once again how important and how close it is to citizen’s daily life.”

In 2011, the European institutions adopted Directive 2011/24 which ensures continuity of care for European citizens across borders. The directive gives the possibility for Member States to exchange health data in a secure, efficient and interoperable way. The following cross-border health services are now being progressively introduced in all EU Member States:

1) ePrescription and eDispensation allow any EU citizen to retrieve his/her medication in a pharmacy located in another EU Member State, thanks to the electronic transfer of their prescription from his/her country of residence to the country of travel. The country of residence is then informed about the retrieved medicine in the visited country;

2) Patient Summaries provide background information on important health-related aspects such as allergies, current medication, previous illness, surgeries, etc., making it digitally accessible in case of a medical (emergency) visit in another country. It is an abstract of a larger collection of health data called the European Health Record. To make this a reality, the Commission will soon be presenting a Recommendation on the European Electronic Health Record Exchange Format.

Data protection rules are strictly observed and patients will have to provide their consent before these services are accessed.

Both services were made possible thanks to the eHealth Digital Service Infrastructure which connects the eHealth national services, allowing them to exchange health data, and which is funded by the European Commission’s Connecting Europe Facility.

Next steps

22 Member States are part of the eHealth Digital Service Infrastructure and are expected to exchange ePrescriptions and Patient Summaries by the end of 2021. 10 Member States (Finland, Estonia, Czechia, Luxembourg, Portugal, Croatia, Malta, Cyprus, Greece and Belgium) may start these exchanges by the end of 2019.

The eHealth Network (the body of eHealth authorities in the EU) has recently given the green light to Finland and Estonia to start exchanging ePrescriptions and to Czechia and Luxembourg to receive Patient Summaries of foreign citizens.

More information can be found here

Source: European Commission