Estonia and United States have started a cooperation to build a joint platform for sharing cyber threat intelligence between the two countries. The system will be developed by Cybernetica and procured by the Estonian Centre for Defence Investment according to a framework contract signed by the two parties at the end of last year.
The cooperation is based on a joint R&D cooperation agreement between the United States Department of Defense and the Estonian Ministry of Defence, signed in 2016, whereas the collaboration was initiated already in 2014 with the US Air Force Research Laboratory (USAFRL) with the idea of automating data exchange for cyber threats proposed.
“The goal is to develop an automised cyber threat intelligence system between the US and Estonian defence forces, tailored to the specific needs of the two nations to enhance the cyber defence capabilities of the two parties. Regular exchange of threat intelligence between actors is one of the core principles of cyber defence today,” said Kusti Salm, Director General of the Estonian Centre for Defence Investment.
While the system will initially be used by Estonia and the United States, the parties are exploring possibilities to introduce the new capabilities to other allies.
According to Oliver Väärtnõu, CEO of Cybernetica, this is a historic milestone between the collaboration of the two nations. “This is the first-ever joint capability developed in the cyber domain between the two countries. We are proud that Cybernetica has the possibility to take part in this collaboration and that our experiences in creating state-of-the-art technologies in the domains of secure data exchange, situational awareness, privacy and information security is given tremendous recognition. We thank our partners both in the United States and Estonia for continued trust in Cybernetica for delivering critical systems,” he added.
When it comes to digital governance, probably the most familiar and handy example that comes to your mind is the eID. Electronic ID-cards are now launched and implemented worldwide from the EU, Asia Pacific and Africa to South America and other regions. Of course, also in Japan. In 2016, the first-ever eID “Individual Number Card (INC)” was officially issued. The INC is a non-compulsory, state-issued eID which aims to promote e-governance in Japan, highly inspired by Estonia.
The INC is often described as “failed one” in the context of Japanese politics due to its poor penetration rate. Although many Japanese media outlets are judging the current situation in comparison to the successful Estonian example of e-governance, we should not evaluate it from only one particular aspect. As Dr. Arvo Ott from the e-Governance Academy hints: “e-Government cannot be copied; standard components can be transferred, but every country is different.” It is crucial to grasp the dissimilarity between the cases before concluding anything.
Now, let’s look at some facts about both Estonia and Japan, and see what lessons can be learned from them.
What makes the Estonian eID unique?
Needless to say, the Estonian eID is noteworthy in its scalability and integrity. A broad spectrum of services, regardless of whether public or private, are available via the eID, including i-voting, banking, prescriptions taxation, you name it. So, what makes it possible to guarantee the transparent, secure scalability of eID in Estonia? The answer is the decentralised secure data exchange layer x-road. Emancipation from traditional bureaucratic sectionalism by applying the once-only principle has allowed flexible data exchange for Estonians.
And furthermore, the x-road architecture is based upon the concept of e-governance as a means of self-management of information. You can find a strong consciousness of e-democracy in any aspect of Estonian e-solutions, hence being the first in the world in i-voting since 2005. The underlaying principles are something you need to bear in mind if you want to create an e-society like in Estonia.
INC, suffering from many problems
On the other hand, INC suffers from many issues including the absence of an x-road counterpart. First, the paper-based procedure is still the main characteristic of Japanese public service, whereas 99% of Estonian public services are digitalised and done online. Since the eID is not mandatory, Japanese population is divided into two groups: the haves and have-nots. This is why paperless e-services cannot fully replace the analogue procedures, and it’s also something that Finland experiences difficulty with.
In addition, the lack of user experience design is a crucial issue, too. The platform and system design are both too complex and totally not user-friendly. For example, the current version of the Japanese eID portal supports login to the e-tax platform, but does not support filing tax return via the portal; you need to do extra steps in the e-tax platform, not via eID portal to complete filing the tax return. Meanwhile in Estonia, filing taxes takes only a few clicks. In regard to UX design, this e-Talk with Karin Salu will help you understand how it is important for digital services.
The biggest problem of INC is the absence of applications. Compared to Estonian comprehensive e-services, what you can do with INC is highly limited. As Taro Aso, Minister of Finance, pointed out in the 5th Digital Government Cabinet Meeting: “Currently, almost no merits can be found by using this. ” As already commented, the Estonian eID portal supports almost any public service you can imagine; the only three exceptions are marriage, divorce, and transfering property ownership.
So is the Japanese eID totally failing?
No, it’s not. Despite the absence of the flagship service, 14.3% of the population now possess the eID card in Japan, which is ten times more than the whole Estonian population. Given that 1 million Estonian eID cards took 5 years to be issued since its rollout, its penetration in Japan is not so bad.
In addition to this, INC is actually updating in many respects. In November, FeliCa support for the eID on iPhone (Android was already available) became available. FeliCa is a contactless, secure IC card technology for high-speed data transmission powered by Sony. Easier login to the portal without a card reader can increase the penetration of eID, provided that most of the Japanese citizens have access to a smartphone with FeliCa function.
Furthermore, the government plans to integrate eID with insurance cards by 2022, aiming at another 100 million issue of INC. It means that the application layer problem will be solved, although robust digital underpinnings and the data exchange layer like x-road still don’t exist.
Evaluation for e-Governance
As Dr. Arvo Ott gave his advice in Tokyo at the Digital Government Forum, implementation of e-governance entirely depends on “organizations and planning, not money or technology”. It means that a well-structured plan must be made prior to actual implementation. In the Japanese case, it is quite true that the grand idea of e-governance is opaque. Plus, as mentioned above, the mindset for e-democracy needs to be fostered among the citizens to create the e-society.
Moreover, Dr. Ott suggests that the effectivity of e-governance does not start to appear immediately. The implementation of e-governance tends to be a long-term process, thus evaluation if it was successful, cannot be done in the very early stages.
Conclusion
To sum up, admittedly, there are many challenges the INC faces. However, it is too early for any judgement or evaluation for Japanese eID as it has only a short history behind it. We can start doing further assessments as all the upcoming updates are implemented. Of course, a grand design for e-governance must be shared nationwide for a successful and sustainable e-society with eID. And, there are more lessons to be learned from the world’s leading e-society Estonia.
estoniadigital.wordpress.com 