“In most countries the state owns data, and the citizens may see it. In Estonia, people own data, and the state may use it.” This pithy summary, by Doris Pöld of the Estonian Association of Information Technology, aptly describes a level of mutual trust not often seen, even in advanced democracies. But trust alone cannot protect a citizen’s data. The country’s e-Governance system relies on two features designed to protect the integrity of all data:
1. Decentralization of information
There is no single repository for the data on Estonian citizens. The police, population office, tax authorities, land registry and other services each have their own servers, protected in turn by a security server, linked within a sort of Estonian intranet called X-road. No department can see another’s data without explicit authorisation. The police, for example, can access the weapons registry but not the tax rolls. Citizens access their data – a traffic violation or medical record – with their ID cards or mobile phones. But neither the ID card nor the mobile phone contains actual data. They are merely encrypted authentication devices that, together with the user’s PIN code, confirm his identity.
2. KSI (Keyless Signature Infrastructure) Technology
This is Estonia’s killer app. It is not a firewall but a system that protects the integrity of every shred of data by assigning it a unique fingerprint. Anytime anyone so much as looks at information, not to mention changes it, a transparent record is created. So if an official looks up your driver’s license, you can see who it was. If he checks your driver’s license too often, you can ask why. “Whatever you may think of Edward Snowden, he couldn’t have done what he did if the National Security Agency had KSI”, says Matthew Johnson, chief technology officer of GuardTime, the Estonian company that created KSI. GuardTime now has a Washington office that sells KSI to the U.S. government.