Updating Government: Estonia’s Mastery of Digital Statecraft

When asked about her country’s establishment of overseas “data embassies” to back up its data, Estonian President Kersti Kaljulaid replied: “There’s nothing about the technology that’s interesting.” In a country known for making policy leaps and bounds in the digital realm, progress can easily be mistaken for technical know-how. However, important as technological innovation is, it is not the whole story.

According to Kaljulaid, her country’s model of successful statecraft is based on more than what takes place in cyberspace. Estonia’s triumph has been to look past the gleam of high-tech, and ask hard questions about what principles must underlie its implementation

In a conversation with CNN chief national security correspondent Jim Sciutto at the Atlantic Council on April 4, Kaljulaid laid out a futuristic vision of her country: “A country will be a hub for people—I’ll agree with Estonia that it provides social and educational services… [and I won’t need] a postal address in Estonia. It’s a deal between me and this country.”

For Estonia, technology is nothing mystical—it is a tool that remains governed by social policies and norms. Data embassies are not of interest to the Estonian government simply because they are high-tech innovations—rather, it is because they are pragmatic, storing critical data within a friendly state that is willing to treat an overseas servers as a sovereign part of Estonia. Last year, Estonia entered a bilateral agreement with the Grand Duchy of Luxembourg and their first digital embassy is set to be up and running later this year.

Estonia has set forth a model for successful digital statecraft. It is forward-looking, yet still true to the liberal and democratic values underpinning free and open societies. By leveraging technology to transform all aspects of life—from voting to citizenship—Estonia has shown international onlookers how to bring fundamental liberal values forward into the twenty-first century. Here are some ways in which it has done so:

Enterprise. Kaljulaid described Estonia’s use of a “proactive state model.” Unlike the traditional state model, where citizens have to come to the state for services, Estonia now brings the state and its services to citizens. The test case: traffic control systems. With ready access to all accident-related information—car registries, insurance policies, so on—the Estonian government hopes to streamline insurance claims, such that in a mere thirty minutes, information can be sent to both parties detailing how the incident has been resolved.

Yet from Kaljulaid’s perspective, innovation like this is not optional—it is necessary for survival. With the increasing globalization and automation of work, governments must update their tax system and public services, or risk falling behind.

“I own [my data]. It’s not the state’s—it’s mine,” said Kaljulaid. Data—everything from a state’s demography to its citizens’ financial information—is essential to Estonian statecraft, therefore the government has shifted its focus to protecting that data from unwanted intrusion or manipulation. However, rather than rely on secrecy and obfuscation, Kaljulaid described how the Estonian government has leaned on transparency and regulation to give its citizens full control over how their data is distributed. From their tax information to their doctor’s notes, Estonian citizens know who has access to their data—and can then decide who uses it, and how.

There is undoubtedly a cultural element to the success of Estonia’s cyber security policies. In the United States, many of Estonia’s programs would have a tough time getting off the ground. However, Tallinn has set forth a model that presents an interesting alternative, if only because it does not treat privacy and anonymity as one and the same.

Trust. Why are passports demanded from flight passengers—but total anonymity is accepted on the Internet? Kaljulaid said, “governments have exactly the same obligation in the digital sphere [as in the physical world]—to provide people with identification.” The regulation of identification leads to trust in the system. Ultimately, safeguarding citizens’ interests by fostering trust between them is a fundamental role of government. According to Kaljulaid, it is one that governments are not doing particularly well.

The need for trust extends beyond e-identity to every sphere of government. Asked about using blockchain technology for electronic and remote voting, Kaljulaid pointed out that electronic voting—which demands the highest level of citizens’ confidence—should not adopt blockchain until every other platform, from auto insurance claims to primary school registrations, has.

Technology has enormous transformative potential—but that potential can only be unlocked when it is coupled with the right instruments of governance. By keeping these values close to its heart, Estonia has succeeded in updating its style of governance without compromising its citizens’ wellbeing—a model that other states could certainly learn from as they deploy their own versions of cyber statecraft.

Shaun Ee is a project assistant with the Cyber Statecraft Initiative in the Scowcroft Center for Strategy and Security.

Related Experts: Shaun Ee

Image: CNN chief national security correspondent Jim Sciutto (left) moderates a conversation with Estonian President Kersti Kaljulaid on April 4 at the Atlantic Council. (Atlantic Council)