This liquid movement of data between systems relies on a fundamental principle to protect people’s privacy: Without question, it is always the citizen who owns his or her data and retains the right to control access to that data. For example, in the case of fully digital health records and prescriptions, people can granularly assign access rights to the general practitioners and specialized doctors of their choosing. And in scenarios where they can’t legally block the state from seeing their information, as with Estonian e-policemen using real-time terminals, they at least get a record of who accessed their data and when. If an honest citizen learns that an official has been snooping on them without a valid reason, the person can file an inquiry and get the official fired.
Moving everything online does generate security risks on not just a personal level, but also a systematic and national level. Estonia, for instance, was the target of The Cyberwar of 2007, when well-coordinated botnet attacks following some political street riots targeted government, media, and financial sites and effectively cut the country off from Internet connections with the rest of the world for several hours. Since then, however, Estonia has become the home of NATO Cooperative Cyber Defence Centre of Excellence and Estonian President Toomas Hendrik Ilves has become one of the most vocal cybersecurity advocates on the world stage.
There is also a flip-side to the fully digitized nature of the Republic of Estonia: having the bureaucratic machine of a country humming in the cloud increases the economic cost of a potential physical assault on the state. Rather than ceasing to operating in the event of an invasion, the government could boot up a backup replica of the digital state and host it in some other friendly European territory. Government officials would be quickly re-elected, important decisions made, documents issued, business and property records maintained, births and deaths registered, and even taxes filed by those citizens who still had access to the Internet.
The Estonian story is certainly special. The country achieved re-independence after 50 unfortunate years of Soviet occupation in 1991, having missed much of the technological progress made by the Western world in the 1960s, ’70s, and ’80s. -'80s, including checkbooks and mainframe computers. Nevertheless, the country jumped right on the mid-’90s bandwagon of TCP/IP-enabled web apps. During this social reset, Estonians also decided to throw their former communist leaders overboard and elect new leadership, often ministers in their late-20s capable of disruptive thinking.
But then again, all this was 20 years ago. Estonia has by many macroeconomic and political standards become a “boring European state,” stable and predictable, if still racing to close the gap with Old Europe from its time behind the Iron Curtain. Still, Estonia is a start-up country—not just by life stage, but by mindset.