eGovernment in Estonia: Best Practices
Ahto Kalja1, Aleksander Reitsakas2, Niilo Saard2
1Inst. of Cybernetics at Tallinn Univ. of Technology, Akadeemia 21, 12618 Tallinn, Estonia
2Cell Network Ltd., Toompuiestee 5, 10142 Tallinn, Estonia
, ,
Abstract. eGovernment in Estonia got started by developing a functional architecture that includes secure data transport backbone X-Road, distributed software systems and different hardware components like portals, elements of public key infrastructure (PKI), governmental databases and information systems. This is the very basis of hundreds of services that have been created today. The recent success with eGoverment services and the common architecture of eGovernment will be described hereunder.
I. Introduction
The eGovernment in Estonia provides state and local government agencies at all levels with the opportunity to offer citizens and businesses higher quality of services in a faster way.
People expect eGovernment services to be quick and efficient, which makes the providing of such public services quite a big challenge.
At the beginning of 2001, the Estonian government together with private companies started to develop an Information and Communication Technology (ICT) framework in order to create a common system for eGovernment services. A truly new environment of service management and service delivery was developed. The environment architecture was built on separated customer-centered front and back offices and on seamless connections between organizations.
II. The general architecture of eGovernment environment in Estonia
The architecture of eGovernment was developed in the framework of the X-Road project. X-Road project was preliminarily initiated for interconnecting Estonian governmental databases to the common data resource accessible over the Internet [8]. After the successful start of sending database queries and answers over the Internet, the X-Road environment was expanded to send all kinds of XML-format electronic documents securely over the Internet. At the same time the X-Road started to become a skeleton of all the eGovernment services.
The general architecture of eGovernment is described in the Fig. 1. The main backbone of the eGovernment environment is the X-Road network of distributed and central servers. The eGovernment project itself started parallel to the X-Road infrastructure project and the ID-card and PKI projects started parallel to the development of some back office information systems. Of course, there was a set of information systems, which had already been developed before. The essence of the eGovernment is, that different information systems communicate with each other via security servers (SS), which are built up as a special type of firewalls that are storing all the messages (queries, services) in the logs. It means that after a long period of time it would still be possible to restore the situations taken place in the past: who has used the service and when, also, which kind of decision has been made.
In our eGovernment environment, the information systems can provide and also consume services. Estonian commercial banks (more precisely Hansabank, Estonian Union Bank, Sampo Bank, Credit Bank and Nordea Bank) are playing three different roles in our eGovernment schema.
First, they provide portals (connected to the eGovernment environment) with the authentication service for citizens. This is because all the Estonian citizens do not possess the ID-card yet, but more than half of the population already has contracts with commercial banks for using Internet bank facilities. The banks authentication is considered as trustworthy as the ID-card one and valid for using eGovernment services.
Second, some of the services are priced and therefore we have developed a solution for paying for them. At first, the citizen transfers the money to the bank and right after money transfer the eService will start automatically.
Third, the banks themselves are consumers of data and eServices and they are using our environment just like any other information systems.
On the schema (Fig. 1) you can see that every information system is connected to the XRoad security servers via adapter servers (AS). Adapter servers are converters for translating X-Road XML format messages to special database query language (mainly SQL) and from query answers back to XML. The data transfer protocol that we are using today is SOAP. At the same time we are using the older XML RPC protocol as well.
X-road center is actually the hearth of the eGovernment environment because all the central servers (central monitoring server, certification server etc.) of the whole network are connected and located in the X-Road center. In addition, the center has special staff for managing eGovernment hardware, software, Internet connections, agreements etc. The management group organizes courses, seminars, coordinates activities with the European Union etc. A new central register of databases has been added to the X-Road centers at the beginning of 2005. On one hand, this register includes the description of all Estonian public sector registers and databases. On the other hand the register collects all the descriptions of eServices in the WSDL (Web Service Description Language) format, which enables to develop different automatic tools by using the library of eServices for automatic generation of new services on the basis of collected service descriptions. This is our new possibility of doing research and development projects in the near future.
CA (Certification Agency) is responsible for ID-card, digital signature and other PKI infrastructure elements in Estonia. We will discuss the ID-card facilities below.
The direct communication between citizens and eGovernment environment works over a set of communication portals. We have decided to work via the following portals: Citizens Portal, Entrepreneurs’ Portal and Civil Servants Portal.
Citizens Portal (KIT) was developed two years ago and has been the main channel to mediate eGovernment services between a citizen and the government (www.eesti.ee). We started this portal two years ago with services from Estonian databases. By the Estonian law every Estonian citizen has the right to know what kind of data the government has collected on the citizen.
At the beginning of 2005 we started to develop the first services for the Entrepreneurs Portal (EIT). The more popular of these first services at the moment is the “Application for alcohol selling license”.
At the moment, the Civil Servants Portal (AIT) is implemented as a Mini Info System Portal (MISP), which is used locally nearly in 70 different central and local government offices. All the portals are organized as information portals, which can be used as users’ manuals and service portals for eGovernment services.
Fig. 1. eGovernment architecture in Estonia
III. Results of Estonian eGovernment projects
During the last 3-4 years we have finished different IT projects for implementing eGovernment architecture in the public sector of Estonia. As the result of the mentioned projects, the following service portals, environments and frameworks are now available in Estonia:
· Special citizens web portal with db-services. Portal has won an award Finalist with Honourable Mentions of the eEurope awards for eGovernment 2003 [5,10]. The portals eServices will step-by-step be added to the KIT portal in the nearest future;
· Framework of the facilities for using Estonian ID-card (over 50% of Estonian population has already an electronic ID-card) with PKI technology for identification, authorization and digital signature operations;
· Citizens, civil servants and entrepreneurs web portals with almost 500 different eServices from different Estonian central and local governments.
We will describe some of these environments projects more precisely in next chapters of this overview.
IV. Special citizens web portal with db-services
All services available through the citizen's portal have a common user interface, which is not dependent on a database management system for back office. We have used here the results of different theoretical works from different countries [11,14,15]. A standard authentication system for all citizens has been developed as well.
The set of standard services available include typical queries, such as:
· "give me my data" from the population register;
· "give me my data" from the motor vehicles register.
As an additional option for organizations that have data security problems, a special standard Mini Info System Portal (MISP) that is very similar to the citizen's portal, has been developed. MISP was primarily designed as a working tool for civil servants, including one additional function – the authorization of users. One of the framework development plans was that the next version of X-Road should have a similar portal and provide a set of standard services for private companies as well.
Background. Similarly to other countries, Estonian Parliament has passed a law on personal data protection (Personal Data Protection Act, enforced on 19.07.1996). Paragraph 29 says that chief processor or authorized processor is required to provide a data subject with information and the requested personal data or state the reasons for refusal to provide data or information within five working days after the date of receipt of an application. For implementing this right in ICT environment with a special citizen's web portal with standard DB-services has been developed. There are two possibilities for authentication of users:
· Using Estonian citizen ID-cards or
· The authentication service of Estonian commercial banks.
Today over 50% (714,000 people) of the Estonian population (1.4 million) have an ID-card and over 50% have Internet service agreements with commercial banks and special authentication (PIN-code) cards.
Objectives. The specific objectives of the project was to guarantee a web-based service for the citizens (and government servants) to access nearly one hundred governmental databases and registers, which have been registered in the Center of Registers by the Estonian Informatics Center. Approximately ten of them are large registers and have thousands of local interactions per day. The processors of the large registers started to develop web services for citizens but the result of these first projects was very different. Every similar service had a different user interface, different forms of agreement between the database user and the processor, different authentication services, etc. All these problems encouraged the project leaders to develop a new general solution.
In the context of the European Community, the first objective was to implement the free movement of information across national borders, which guarantees the free movement of goods, people, etc. Access to this information is strictly implemented according to the Personal Data Protection Act and principles of data security. A good example is the possibility to link our services with the Schengen Information System, EUROCAR, etc.
Resources. The amount of financial resources used for this project is approximately one million euros. The project initiator was the State Information Systems Department of the Ministry of Economic Affairs and Communications in cooperation with the Estonian Informatics Center.
Two private companies (Cell Network Ltd. as the main contractor and Cybernetica Ltd.) have developed the environment within two years and have used subcontract work from the following companies: Datel Ltd., Reaalsüsteemid Ltd., Andmevara Ltd., etc.
The project realization schedule was planned in different steps and iterations. The main idea of the project was its realization with open standards and with internationally accepted standard protocols. The project uses two network protocols, the XML RPC (in the Alfa version) and the SOAP (in the final version). The digital documents and queries use the XML standard facilities; the monitoring system uses the SNMP protocol, etc. The number of potential users depends on the take up among Estonian inhabitants, which number 1.4 million. The number of interactions per day is not more than 125,000 yet.
The testing of the central servers of the project showed that the servers enable 100 interactions per second and have the possible scalability of up to 1,000 interactions per second. The latter case is not probable in Estonia. The environment is using the Estonian Public Key Infrastructure because the authentication service of the portal was developed so as to use the Estonian citizen ID-card for authentication. Every ID-card has the card owner's certificate. Every login to the portal checks the validity of the certificate. From the security point of view the system is very well protected. In the sense of data security the functionality of X-Road is very carefully designed and developed. The security servers of databases and information systems, which are connected to the Internet, communicate over encrypted channels. All users must pass authentication and authorization. It is not possible for a citizen to read the data of another citizen or that a civil servant could read data, which is not related to his/her everyday work.
Lessons learned. Lessons learned from our project are very different. Naturally, there are advantages and disadvantages.
Advantages:
· For the first time the databases are open to all citizens who are interested in knowing which of their personal data is in the databases. People have actually found a lot of errors in their data fields and have started to send information to the authorized processor. We believe that no such large data improvement could be carried out in any other way.
· The project has a lot of examples where the number of interactions performed by civil servants has risen remarkably. For example, last year the Estonian police had over 20,000 interactions with the passport register, but after providing them with the standard service ("give the passport data of person x") the number of interactions has risen to 10,000 per week.
· Another Estonian national ICT project “the ID-card project”, which uses Public Key Infrastructure (PKI) has established a new and very intensively used eservice, which tests the cooperation with other PKI projects and services.
· - The project has developed very well protected data traffic over the Internet. This traffic has gathered a set of new users from other different projects, for example document management projects (for different ministries), and projects which had planned to use database services (for different organizations and offices).
· Our neighboring countries (Latvia and Lithuania) plan to elaborate the same services for citizens and civil servants. A different group of developers in these countries have prepared the theoretical background for similar projects [1,2]. Similar developments have been initiated in many countries. According to our information, we are forerunners of implementing these services.
· The development and results of the project have called for necessary amendments in the legislation, which are in the process of being implemented now.