EXCLUSIVE - What’s next for data management in Estonian government - Data Embassies, Expanding E-residency
OpenGov spoke to Mr. Mehis Sihvart, Director of the Centre of Registers and Information Systems (RIK) in Estonia.
Mr. Mehis Sihvart has extensive experience in the development and implementation of efficient e-governance solutions. He has been heading the Centre of Registers and Information Systems of Estonia (RIK) since 2010. Over the years, Mr. Sihvart has led numerous projects related to court information systems, e-File – a central case management system etc. Moreover, he was responsible for centralizing IT-governance in the Ministry of Justice of Estonia.
RIK is a state agency under the Ministry of Justice of Estonia and its services range from workstation management to development and management of special information systems. Mr. Sihvart explained, “We take care of hardware and we also develop different information systems, like real estate registry and court information systems and so on.”
RIK has developed and administers over 70 different systems and various registers important both for the state and the citizens, including the e-Business Register (there is an European Business Register, offered as an additional service of the e-Business Register, which provides official information about European companies), e-Land Register, e-File, Courts’ Information System and e-Notary Information System.
RIK is also the central ICT procurement body for the Estonian government. The procurement for equipment such as workstations, laptops, printers is mandatorily centralised. For the rest, it is optional. If the agencies desire so, they can do it through RIK or they can give out contracts on their own.
Mr. Sihvart has been with the Ministry of Justice since the year 2000. ICT was centralised into the Ministry of Justice ICT department. Mr. Sihvart’s department took over all the ICT staff and budget from the prosecutor’s office, prisons and so on. He was the development lead of the centralised department.
In 2005, a decision was taken by the Minister of Justice to create a separate institution called Centre of Registers and Information Systems which we see today. It was mostly done because of the overheads incurred. The Ministry of Justice secretary-general was having to sign all the ICT contracts. Dealing with ICT matters for all the administrative domains was consuming too much time for the top management at the Ministry. So, a separate institution was created in 2006.
Mr. Sihvart highlighted the importance of support from the top level of leadership, “We had very strong support from our secretary-general which made the process easy. We centralised all the infrastructure and services all over Estonia over a period of 2 years. We added more institutions subsequently. Today, we actually provide ICT services not only to the Ministry of Justice administration but also, the Ministry of Culture and some others.”
Ongoing projects- Data Embassy and E-residency
Currently, RIK is working on the Data Embassy project, trying to create the data embassies within two years.
According to a ‘Summary Report of the Research Project on Public Cloud Usage for Government’ Data Embassy will consist of a three-part solution comprising: i) maintenance of data backups and live services within Estonia’s borders (Government Operated Cloud); ii) backups at physical Estonian embassy locations or dedicated data centres in allied countries chosen by the government (Physical Data Embassy); and iii) backups of non-sensitive data in private companies’ public cloud (Virtual Data Embassy).
For creating official data embassies outside Estonian borders, the agency has to deal with the technical and legal framework. There are significant potential risks if the implementation is not done properly. For instance, since 2010, all national legal acts are made public only in electronic form in Estonia in the State Gazette, a portal where all the laws are published. If something is published in the Estonian State Gazette, it’s official. If somebody forcibly takes over the registry, then the laws are being published from the Data Embassy, they still have to be legally valid.
Mr. Sihvart elaborated, “These are quite complicated scenarios. We can think through all the technical details but then we also have to understand how we regulate by law, deal with international laws or how you should change the law for this kind of scenario. For us, this is definitely one of the biggest projects during the next 2 years.”
Some potential issues highlighted in this report include sovereignty, data protection, data custodianship, diplomatic protection, consular protection, and sovereign immunity. Many international laws pre-date the Internet and additional work between governments might be needed to address previously unanticipated circumstances. The report points out that this is a complex area, particularly as a sovereign owns the data. Although Estonia would have well-founded arguments that its data is protected from compelled disclosure, the untested state of the law makes it impossible to be certain whether a claim of international legal protection would be respected, either by the host state or by third-countries. Whether the protection afforded is that of an embassy or consular facility and whether Estonia seeks protection as an extension of the sovereign state itself also pose challenges.
E-residency is another big ongoing project for Estonia. People can apply and get their Estonian digital ID through the Internet. Currently, E-Residents can digitally sign documents and contracts, verify the authenticity of signed documents, encrypt and transmit documents securely, establish an Estonian company online and administer the company from anywhere in the world, conduct e-banking and remote money transfers, access online payment service providers and declare Estonian taxes online.
Mr. Sihvart said that the government is opening up different services, and making them more convenient for use by foreigners.
Challenges- Security and human resources
We asked Mr. Sihvart about the challenges faced in providing ICT services to such a broad domain of ministries. In line with one of the top concerns of digital governments around the world, the first challenge he mentioned was security. He said that today everyone has to think about security, about how to keep the data secure.
Several registries in Estonia, such as the real estate registry, are fully digital and readily available. There are no paper versions. If the registry says this house belongs to me, and somebody else tries to say that he has a contradictory paper, the digital version supersedes the paper document in evidentiary value. If the data is manipulated, the implications are huge. Therefore, protecting this data is of paramount importance.
“The main risk is human, that somebody will make a human error or somebody will be forced to do something or data leaked because of a phishing email. “You can monitor the technical risks, you can always buy good protection. But the human factor poses the biggest risk. So, employee education is very important. Every employee should understand the implications of making a mistake of manipulating data,” Mr. Sihvart explained.
The second challenge Mr. Sihvart spoke about was human resources, getting qualified and motivated employees. This is also a common problem for the ICT sector around the world.
Inter-government data sharing
The databases in the two countries can interface and the systems can communicate by themselves. There is no need to build point-to-point data exchanges or to build a secure channel and agree on data exchange protocols. It enables cross-use of e-services by Estonian and Finnish citizens.
Mr. Sihvart added, “If you are building through the middle-layer data exchange, you just build that one service and if some other institution wants to ask, for example, for information about a specific business, you just open up that service and the information starts to move. If organisations want to make the data usable between different institutions, this kind of middle-layer is the best way to go.”
The European Business Register (EBR) is an additional service of the e-Business Register, offered by RIK. It provides official information about European companies, the quality of the data being guaranteed by the official registry agencies of the member states.
Sharing experience and expertise with foreign governments
The Estonian government and RIK actively participate in collaboration projects. For example, RIK helped to design the Sultanate of Oman registry from scratch. RIK advised on the development project of the entire 3-year project, on how to build technical solutions, how to organise all the institutional work.
The Estonian government has also shared its experiences and learnings with Dubai and some other countries. Mr. Sihvart said, “I think we have managed to help some of the countries to maybe get better than us.”
Major technological trends which could impact RIK
We asked Mr. Sihvart about important technological trends which could impact RIK. In his view, cryptographics and timestamping through Blockchain-like solutions will evolve and play an increasingly important role. As digital data becomes the default and sometimes the only form of data, ensuring the integrity of the data becomes crucial.
He went on to say that the usage of data will grow. Big data isn’t something new, but there will be increasingly intelligent linkages created automatically between data. As computing power grows, advancements in areas such as language processing could have a significant impact on government services.
1 X-Road can be described as the backbone of e-Estonia, which allows the nation’s various e-services databases, both in the public and private sector, to link up and operate in harmony. Originally designed as a a system for making queries to the different databases, it developed into a tool that can also write to multiple databases, transmit large data sets and perform searches across several databases.
Mr. Mehis Shivart is a speaker at the upcoming Singapore OpenGov Leadership Forum.