Lately, I have been getting a lot of questions about Healthcare.gov. People want to know why it cost between two and four times as much money to create a broken website than to build the original iPhone. It’s an excellent question. However, in my experience, understanding why a project went wrong tends to be far less valuable than understanding why a project went right. So, rather than explaining why paying anywhere between $300 million and $600 million to build the first iteration of Healthcare.gov was a bad idea, I would like to focus attention on a model for software-enabled government that works and could serve as a template for a more effective U.S. government.
Early in my career as a venture capitalist, we invested in Skype and I went on the board. One of the many interesting aspects of Skype was that it was based in Estonia, a small country with a difficult history. Over the centuries, Estonia has been invaded by many countries including Denmark, Sweden, Germany, and, most recently, the Soviet Union. Now independent but well aware of their past, the Estonian people are humble, pragmatic, and proud of their freedom, but dubious of overly optimistic forecasts. In some ways, they have the ideal culture for technology adoption: hopeful, yet appropriately skeptical.
Supported by this culture, the Estonian government has built the technology platform that everyone wishes we had here. To explain how they did it, I asked an Estonian and one of our Entrepreneurs in Residence, Sten Tamkivi, to tell the story. His response is below.
— Ben Horowitz, co-founder and partner of the venture capital firm Andreessen Horowitz
Estonia may not show up on Americans’ radar too often. It is a tiny country in northeastern Europe, just next to Finland. It has the territory of the Netherlands, but 13 times less people—its 1.3 million inhabitants is comparable to Hawaii’s population. As a friend from India recently quipped, “What is there to govern?”
What makes this tiny country interesting in terms of governance is not just that the people can elect their parliament online or get tax overpayments back within two days of filing their returns. It is also that this level of service for citizens is not the result of the government building a few websites. Instead, Estonians started by redesigning their entire information infrastructure from the ground up with openness, privacy, security, and ‘future-proofing’ in mind.
The first building block of e-government is telling citizens apart. This sounds blatantly obvious, but alternating between referring to a person by his social security number, taxpayer number, and other identifiers doesn’t cut it. Estonia uses a simple, unique ID methodology across all systems, from paper passports to bank records to government offices and hospitals. A citizen with the personal ID code 37501011234 is a male born in the 20th century (3) in year ’75 on January 1 as the 123rd baby of that day. The number ends with a computational checksum to easily detect typos.
For these identified citizens to transact with each other, Estonia passed the Digital Signatures Act in 2000. The state standardized a national Public Key Infrastructure (PKI), which binds citizen identities to their cryptographic keys, and now doesn’t care if any Tiit and Toivo (to use common Estonian names) sign a contract in electronic form with certificates or plain ink on paper. A signature is a signature in the eyes of the law.
As a quirky side effect, this foundational law also forced all decentralized government systems to become digital “by market demand.” No part of the Estonian government can turn down a citizen’s digitally signed document and demand a paper copy instead. As citizens opt for convenience, bureaucrats see a higher inflow of digital forms and are self-motivated to invest in systems that will help them manage the process. Yet a social worker in a small village can still provide the same service with no big investment by handling the small number of digitally signed email attachments the office receives.
To prevent this system from becoming obsolete in the future, the law did not lock in the technical nuances of digital signatures. In fact, implementation has been changing over time. Initially, Estonia put a microchip in the traditional ID cards issued to every citizen for identification and domestic travel inside the European Union. The chip carries two certificates: one for legal signatures and the other for authentication when using a website or service that recognizes the government's identification system (online banking, for example). Every person over 15 is required to have an ID card, and there are now over 1.2 million active cards. That’s close to 100-percent penetration of the population.
As mobile adoption in Estonia rapidly approached the current 144 percent (the third-highest in Europe), digital signatures adapted too. Instead of carrying a smartcard reader with their computer, Estonians can now get a Mobile ID-enabled SIM card from their telecommunications operator. Without installing any additional hardware or software, they can access secure systems and affix their signatures by simply typing PIN codes on their mobile phone.
As of this writing, between ID cards and mobile phones, more than a million Estonians have authenticated 230 million times and given 140 million legally binding signatures. Besides the now-daily usage of this technology for commercial contracts and bank transactions, the most high-profile use case has been elections. Since becoming the first country in the world to allow online voting nationwide in 2005, Estonia has used the system for both parliamentary and European Parliament elections. During parliamentary elections in 2011, online voting accounted for 24 percent of all votes. (Citizens voted from 105 countries in total; I submitted my vote from California.)