foundations of estonian digital government

Andres KüttMay 28, 2015

Chief Architect, Information System Authority

introduction

today

∙ Introduction∙ Mental models for thinking about the government∙ Five separate models for approaching the subject∙ Not comprehensive, not validated but possibly useful∙ The models are provided in Estonian context∙ Gaps in knowledge will be revealed

2

introduction

∙ Today is not about telling you about how things are, it is aboutencouraging thinking

∙ The term “Digital government“ is used instead of “e-government“∙ Often, the first word is omitted∙ This is important: in Estonia, e-government is not something distinctfrom the overall government

∙ “e-“ is slightly overused, “Digital“ is more precise

We are discussing a very abstract and fragile topic, semantics arevery important!

3

foundations of digital government

E-government is a complex matter requiring multiple viewpoints

∙ The enablers model∙ The feedback model∙ The historic model∙ The organisational model∙ The mechanical model

4

the enablers model

the enablers model

e-governance

Trus

t and

col

labo

ratio

n be

twee

n st

akeh

olde

rs

Ubi

quito

us e

lect

roni

c id

entifi

catio

n

“Bre

athi

ng ro

om”

Criti

cal c

ompe

tenc

esE-government as emerging from a set of enabling factors

6

trust and collaboration between stakeholders

An externally guaranteed trust framework between citizens,businesses and the government as well as cooperation

∙ Information systems involved are too complex to comprehend,thus the need for explicit trust

∙ There has to be an external (e.g. cryptographic) guarantee to thetrust keeping it from gradual deterioration

∙ Only wealthy countries can afford not to have that trust: IRS lost$5.2 billion to identity theft in 2013. Translated via GDP this wouldmean e6 million annual loss in Estonia.

∙ Ability to find common ground between engineers, politicians andadministrators but also, say, banks and the government

7

ubiquitous electronic identification

On the internet, nobody knows you are a dog

∙ The assurance level of services provided is dependent on theassurance level of the electronic ID∙ The British way can only go so far∙ For simple cases e-mail is sufficient∙ Digital signature requires a PKI-based solution

∙ Ubiquity stems from people using various e-services on a dailybasis and realising their benefit. It is needed so that∙ electronic service can become dominant∙ the users are acquainted with the risks involved∙ the users actually find it convenient to use it

8

”breathing room”

The players must have the ability and capability to change theiroperating model with reasonable effort

∙ By definition: if everything is in place, any change would goagainst the well-established rules∙ Stability means things happening tomorrow the way they happen today∙ Innovation means the exact opposite

∙ Many of the decisions underpinning our e-government would beimpossible to execute in a well-controlled environment∙ Risk management processes alone would be a sufficient deterrent∙ This is mental to a large extent: what do people have to loose?

∙ A certain level of chaos is needed for progress

9

critical levels of critical competences

Without the following competences, it is not feasible to build ane-government as they are neigh to impossible to outsource

∙ Ability to procure development∙ Basically, one must be able to act as a responsible customer∙ Vendor management is big part of it∙ Ability to provide input and validate the output

∙ Ability to procure operations∙ Operating the service means controlling the data, this is important!∙ Weak operations lead to low service levels and loss of trust

∙ Information/cyber security∙ Who will work out your electronic identity scheme?∙ Whose cryptography do you trust (and can you make your own)?∙ How do you protect your service?

To sustain the e-government, the ability to absorb IP is needed10

the feedback model

the feedback model

People Behaviour

Society

(e-)governance

Government as a dynamic non-linear behaviour of society

12

about the model

All organisations are shaped by the systems they build and thesystems they build are shaped by the organisations

∙ Skype the organisation was shaped by Skype the software∙ Organisations produce software that mimics their internal∙ communications structure∙ organisational culture∙ organisational structure

∙ How the model works∙ People behaving in certain ways form a society∙ The society yields certain means of governance∙ The governance changes behaviour subduing undesirable andrewarding desirable traits

13

feedback in estonia

∙ Estonian people are slightly strange∙ Many of us are of distinct Soviet up-bringing: mend and make do whileminimizing contact with the government

∙ Our behaviours are shaped by the initial steep reforms undertaken, weare used to change

∙ There is a high level of trust towards the state∙ Presumably because of the way we re-gained independence∙ We do not know!

∙ The feedback is very likely there∙ Increasing popularity of electronic voting will force us to change it∙ But we don’t know much about if and how the feedback workselsewhere

14

the historic model

the historic model

Foundations

Technical Legal Social

Public service

Technology Regulations Organisations

Customer value

E-government as being built on top of foundations rooted in the past

16

about the model

All countries come from their past and must build on foundationsthey have

∙ Replacing foundations gets harder as the building gets larger∙ Three kinds of foundations∙ Technical: the technical infrastructure and capabilities of the society∙ Legal: the legal framework of the society∙ Social: social structure, behaviours and culture

∙ Public service∙ Democracy seeks to distribute power and can thus lead tofragmentation of services

∙ Services contain technical, regulatory and organisational components

∙ From the services, inexorably, customer value emerges

17

foundations of estonia

∙ The technical foundations are well-understood∙ X-road∙ Electronic identity

∙ Legal foundations not so much∙ “X-road directive“∙ Data set law∙ Where do the personal identification code, Once Only, authorisationprovisions etc. come from?

∙ Social foundations even less∙ There is no coherent research on the history of Estonian cyber culture∙ We obviously rely on Soviet education but how and to what extent?∙ Why do Estonians trust their country so much?

18

services and value in estonia

∙ There is an effort by MKM1 to increase service-orientation∙ Some administrative research is there∙ Not much robust academic knowledge

∙ Not clear, what constitutes a public service∙ Theoretical model exist within EC, their applicability is unclear

∙ The value part is not clear at all∙ The numbers quoted are pretty much made up∙ There is anecdotal evidence of massive ROI but very little conclusive∙ EMTA decreasing their workforce, prevention of identity theft, the casefor photo booths at Road Authority

∙ Difficult to scale up but possibly comparable to other countries

1Ministry of Economic Affairs and Communication19

the organisational model

the organisational model

Business architecture

Organisational architecture

Functional architecture

Technical architecture

Physical architecture

Government as an organisation

21

architecture layers of organisations

Organisations can be seen as layers of different but interdependentarchitectures

∙ Business architecture defines the strategy, business model andpartnership structure

∙ Organisational architecture is the organisational structure andprocesses executing on the strategy

∙ Functional architecture consists of interrelated functional“chunks“ supporting the organisation

∙ Technical architecture is what implements the functional pieces assoftware components

∙ Physical architecture is the hardware running the software

22

layers of estonia

This is an approximation, of course.

∙ Constitution describes business architecture∙ The setup of ministries, agencies and governing bodies is theorganisational architecture

∙ Functional architecture contains the arrangement of registries∙ Technical architecture is the implementation of these registries asdatabases and systems

∙ These systems are deployed on a physical infrastructure

23

the mechanical model

the mechanical model

Agency Agency AgencyAgencyFina

nce

and

port

folio

man

agem

ent

Cybe

rsec

urity

Information System Registry

Electronic identity

Citizens/Officials/Enterprises

Delivery channels

Integration

Infrastructure

Government as a (static) combination of technical and processcomponents

25

electronic identity

∙ Implemented using PKI, CA service provided externally∙ The certificates live on a chip (smart card or SIM)∙ Digital signature legally equivalent to the physical one∙ Depends on the personal id-code of the citizen∙ Bank-driven federated identification scheme widely adopted bystakeholders

26

channels

∙ Central service portal eesti.ee with 800+ services accessible∙ Main challenge: maintaining service ownership∙ No central UI/UX guidelines although a recommended web sitetemplate exists

∙ Hundreds of individual contact points∙ Mobile is very small

27

integration

∙ Distributed service bus called x-road∙ All communication happens peer to peer∙ x-road provides standardised∙ channel crypto∙ access control∙ service discovery∙ audit logging∙ identity management∙ protocol support

∙ Massive deployment, 1000+ usable services∙ Constantly developed, version 6 getting ready to roll∙ De facto enables once-only and privacy

28

infrastructure

∙ Being expanded rapidly, currently only network∙ Government cloud is a combination of∙ private cloud∙ public cloud∙ data embassies

∙ Security and service availability major drivers: we no longer canrun this country without e-services

∙ Scalability and cost are also becoming an issue

29

main open questions

∙ Does this model apply to other countries?∙ Is it possible to quantify e-government architectures using thismodel?

∙ What is the relationship between this model and the feedbackmodel?

30

license

theme

Get the source of this theme and the demo presentation from

http://github.com/matze/mtheme

The theme itself is licensed under a Creative CommonsAttribution-ShareAlike 4.0 International License.

cba

32

contents

The contents of the slides is lidecensed under a Creative CommonsAttribution-NonCommercial-ShareAlike 4.0 International

cbna

33

Questions?

34