Lately, I have been getting a lot of questions about Healthcare.gov. People want to know why it cost between two and four times as much money to create a broken website than to build the original iPhone. It’s an excellent question. However, in my experience, understanding why a project went wrong tends to be far less valuable than understanding why a project went right. So, rather than explaining why paying anywhere between $300 million and $600 million to build the first iteration of Healthcare.gov was a bad idea, I would like to focus attention on a model for software-enabled government that works and could serve as a template for a more effective U.S. government.
Early in my career as a venture capitalist, we invested in Skype and I went on the board. One of the many interesting aspects of Skype was that it was based in Estonia, a small country with a difficult history. Over the centuries, Estonia has been invaded by many countries including Denmark, Sweden, Germany, and, most recently, the Soviet Union. Now independent but well aware of their past, the Estonian people are humble, pragmatic, and proud of their freedom, but dubious of overly optimistic forecasts. In some ways, they have the ideal culture for technology adoption: hopeful, yet appropriately skeptical.
Supported by this culture, the Estonian government has built the technology platform that everyone wishes we had here. To explain how they did it, I asked an Estonian and one of our Entrepreneurs in Residence, Sten Tamkivi, to tell the story. His response is below.
— Ben Horowitz, co-founder and partner of the venture capital firm Andreessen Horowitz
Estonia may not show up on Americans’ radar too often. It is a tiny country in northeastern Europe, just next to Finland. It has the territory of the Netherlands, but 13 times less people—its 1.3 million inhabitants is comparable to Hawaii’s population. As a friend from India recently quipped, “What is there to govern?”
What makes this tiny country interesting in terms of governance is not just that the people can elect their parliament online or get tax overpayments back within two days of filing their returns. It is also that this level of service for citizens is not the result of the government building a few websites. Instead, Estonians started by redesigning their entire information infrastructure from the ground up with openness, privacy, security, and ‘future-proofing’ in mind.
The first building block of e-government is telling citizens apart. This sounds blatantly obvious, but alternating between referring to a person by his social security number, taxpayer number, and other identifiers doesn’t cut it. Estonia uses a simple, unique ID methodology across all systems, from paper passports to bank records to government offices and hospitals. A citizen with the personal ID code 37501011234 is a male born in the 20th century (3) in year ’75 on January 1 as the 123rd baby of that day. The number ends with a computational checksum to easily detect typos.
For these identified citizens to transact with each other, Estonia passed the Digital Signatures Act in 2000. The state standardized a national Public Key Infrastructure (PKI), which binds citizen identities to their cryptographic keys, and now doesn’t care if any Tiit and Toivo (to use common Estonian names) sign a contract in electronic form with certificates or plain ink on paper. A signature is a signature in the eyes of the law.
As a quirky side effect, this foundational law also forced all decentralized government systems to become digital “by market demand.” No part of the Estonian government can turn down a citizen’s digitally signed document and demand a paper copy instead. As citizens opt for convenience, bureaucrats see a higher inflow of digital forms and are self-motivated to invest in systems that will help them manage the process. Yet a social worker in a small village can still provide the same service with no big investment by handling the small number of digitally signed email attachments the office receives.
To prevent this system from becoming obsolete in the future, the law did not lock in the technical nuances of digital signatures. In fact, implementation has been changing over time. Initially, Estonia put a microchip in the traditional ID cards issued to every citizen for identification and domestic travel inside the European Union. The chip carries two certificates: one for legal signatures and the other for authentication when using a website or service that recognizes the government's identification system (online banking, for example). Every person over 15 is required to have an ID card, and there are now over 1.2 million active cards. That’s close to 100-percent penetration of the population.
As mobile adoption in Estonia rapidly approached the current 144 percent (the third-highest in Europe), digital signatures adapted too. Instead of carrying a smartcard reader with their computer, Estonians can now get a Mobile ID-enabled SIM card from their telecommunications operator. Without installing any additional hardware or software, they can access secure systems and affix their signatures by simply typing PIN codes on their mobile phone.
As of this writing, between ID cards and mobile phones, more than a million Estonians have authenticated 230 million times and given 140 million legally binding signatures. Besides the now-daily usage of this technology for commercial contracts and bank transactions, the most high-profile use case has been elections. Since becoming the first country in the world to allow online voting nationwide in 2005, Estonia has used the system for both parliamentary and European Parliament elections. During parliamentary elections in 2011, online voting accounted for 24 percent of all votes. (Citizens voted from 105 countries in total; I submitted my vote from California.)
To accelerate innovation, the state tendered building and securing the digital signature-certificate systems to private parties, namely a consortium led by local banks and telecoms. And that's not where the public-private partnerships end: Public and private players can access the same data-exchange system (dubbed X-Road), enabling truly integrated e-services.
A prime example is the income-tax declarations Estonians “fill” out. Quote marks are appropriate here, because when an average Estonian opens the submission form once a year, it usually looks more like a review wizard: “next -> next -> next -> submit.” This is because data has been moving throughout the year. When employers report employment taxes every month, their data entries are linked to people’s tax records too. Charitable donations reported by non-profits are recorded as deductions for the giver in the same fashion. Tax deductions on mortgages are registered from data interchange with commercial banks. And so forth. Not only is the income-tax rate in the country a flat 21 percent, but Estonians get tax overpayments put back on their bank accounts (digitally transferred, of course) within two days of submitting their forms.
This liquid movement of data between systems relies on a fundamental principle to protect people’s privacy: Without question, it is always the citizen who owns his or her data and retains the right to control access to that data. For example, in the case of fully digital health records and prescriptions, people can granularly assign access rights to the general practitioners and specialized doctors of their choosing. And in scenarios where they can’t legally block the state from seeing their information, as with Estonian e-policemen using real-time terminals, they at least get a record of who accessed their data and when. If an honest citizen learns that an official has been snooping on them without a valid reason, the person can file an inquiry and get the official fired.
Moving everything online does generate security risks on not just a personal level, but also a systematic and national level. Estonia, for instance, was the target of The Cyberwar of 2007, when well-coordinated botnet attacks following some political street riots targeted government, media, and financial sites and effectively cut the country off from Internet connections with the rest of the world for several hours. Since then, however, Estonia has become the home of NATO Cooperative Cyber Defence Centre of Excellence and Estonian President Toomas Hendrik Ilves has become one of the most vocal cybersecurity advocates on the world stage.
There is also a flip-side to the fully digitized nature of the Republic of Estonia: having the bureaucratic machine of a country humming in the cloud increases the economic cost of a potential physical assault on the state. Rather than ceasing to operating in the event of an invasion, the government could boot up a backup replica of the digital state and host it in some other friendly European territory. Government officials would be quickly re-elected, important decisions made, documents issued, business and property records maintained, births and deaths registered, and even taxes filed by those citizens who still had access to the Internet.
The Estonian story is certainly special. The country achieved re-independence after 50 unfortunate years of Soviet occupation in 1991, having missed much of the technological progress made by the Western world in the 1960s, ’70s, and ’80s. -'80s, including checkbooks and mainframe computers. Nevertheless, the country jumped right on the mid-’90s bandwagon of TCP/IP-enabled web apps. During this social reset, Estonians also decided to throw their former communist leaders overboard and elect new leadership, often ministers in their late-20s capable of disruptive thinking.
But then again, all this was 20 years ago. Estonia has by many macroeconomic and political standards become a “boring European state,” stable and predictable, if still racing to close the gap with Old Europe from its time behind the Iron Curtain. Still, Estonia is a start-up country—not just by life stage, but by mindset.
And this is what United States, along with many other countries struggling to get the Internet, could learn from Estonia: the mindset. The willingness to get the key infrastructure right and continuously re-invent it. Before you build a health-insurance site, you need to look at what key components must exist for such a service to function optimally: signatures, transactions, legal frameworks, and the like.
Ultimately, the states that create these kinds of environments will be best positioned to attract the world’s increasingly mobile citizens.