eGovernment in Estonia: Best Practices
Ahto Kalja1, Aleksander Reitsakas2, Niilo Saard2
1
Inst. of Cybernetics at Tallinn Univ. of Technology, Akadeemia 21, 12618 Tallinn, Estonia
2
Cell Network Ltd., Toompuiestee 5, 10142 Tallinn, Estonia
ahto@cs.ioc.ee, aleksander.reitsakas@cellnetwork.com, niilo.saard@cellnetwork.com
Abstract. eGovernment in Estonia got started by developing a functional architecture that
includes secure data transport backbone X-Road, distributed software systems and
different hardware components like portals, elements of public key infrastructure (PKI),
governmental databases and information systems. This is the very basis of hundreds of
services that have been created today. The recent success with eGoverment services and
the common architecture of eGovernment will be described hereunder.
I.
Introduction
The eGovernment in Estonia provides state and local government agencies at all levels
with the opportunity to offer citizens and businesses higher quality of services in a
faster way.
People expect eGovernment services to be quick and efficient, which makes the
providing of such public services quite a big challenge.
At the beginning of 2001, the Estonian government together with private companies
started to develop an Information and Communication Technology (ICT) framework in
order to create a common system for eGovernment services. A truly new environment
of service management and service delivery was developed. The environment
architecture was built on separated customer-centered front and back offices and on
seamless connections between organizations.
II. The general architecture of eGovernment environment in Estonia
The architecture of eGovernment was developed in the framework of the X-Road
project. X-Road project was preliminarily initiated for interconnecting Estonian
governmental databases to the common data resource accessible over the Internet [8].
After the successful start of sending database queries and answers over the Internet, the
X-Road environment was expanded to send all kinds of XML-format electronic documents securely over the Internet. At the same time the X-Road started to become a
skeleton of all the eGovernment services.
The general architecture of eGovernment is described in the Fig. 1. The main backbone
of the eGovernment environment is the X-Road network of distributed and central
servers. The eGovernment project itself started parallel to the X-Road infrastructure
project and the ID-card and PKI projects started parallel to the development of some
back office information systems. Of course, there was a set of information systems,
which had already been developed before. The essence of the eGovernment is, that
different information systems communicate with each other via security servers (SS),
which are built up as a special type of firewalls that are storing all the messages
(queries, services) in the logs. It means that after a long period of time it would still be
1
possible to restore the situations taken place in the past: who has used the service and
when, also, which kind of decision has been made.
In our eGovernment environment, the information systems can provide and also
consume services. Estonian commercial banks (more precisely Hansabank, Estonian
Union Bank, Sampo Bank, Credit Bank and Nordea Bank) are playing three different
roles in our eGovernment schema.
First, they provide portals (connected to the eGovernment environment) with the
authentication service for citizens. This is because all the Estonian citizens do not
possess the ID-card yet, but more than half of the population already has contracts with
commercial banks for using Internet bank facilities. The banks authentication is considered as trustworthy as the ID-card one and valid for using eGovernment services.
Second, some of the services are priced and therefore we have developed a solution for
paying for them. At first, the citizen transfers the money to the bank and right after
money transfer the eService will start automatically.
Third, the banks themselves are consumers of data and eServices and they are using our
environment just like any other information systems.
On the schema (Fig. 1) you can see that every information system is connected to the
X-Road security servers via adapter servers (AS). Adapter servers are converters for
translating X-Road XML format messages to special database query language (mainly
SQL) and from query answers back to XML. The data transfer protocol that we are
using today is SOAP. At the same time we are using the older XML RPC protocol as
well.
X-road center is actually the hearth of the eGovernment environment because all the
central servers (central monitoring server, certification server etc.) of the whole network
are connected and located in the X-Road center. In addition, the center has special staff
for managing eGovernment hardware, software, Internet connections, agreements etc.
The management group organizes courses, seminars, coordinates activities with the
European Union etc. A new central register of databases has been added to the X-Road
centers at the beginning of 2005. On one hand, this register includes the description of
all Estonian public sector registers and databases. On the other hand the register collects
all the descriptions of eServices in the WSDL (Web Service Description Language)
format, which enables to develop different automatic tools by using the library of
eServices for automatic generation of new services on the basis of collected service
descriptions. This is our new possibility of doing research and development projects in
the near future.
CA (Certification Agency) is responsible for ID-card, digital signature and other PKI
infrastructure elements in Estonia. We will discuss the ID-card facilities below.
The direct communication between citizens and eGovernment environment works over
a set of communication portals. We have decided to work via the following portals:
Citizens Portal, Entrepreneurs’ Portal and Civil Servants Portal.
Citizens Portal (KIT) was developed two years ago and has been the main channel to
mediate eGovernment services between a citizen and the government (www.eesti.ee).
2
We started this portal two years ago with services from Estonian databases. By the
Estonian law every Estonian citizen has the right to know what kind of data the
government has collected on the citizen.
At the beginning of 2005 we started to develop the first services for the Entrepreneurs
Portal (EIT). The more popular of these first services at the moment is the “Application for alcohol selling license”.
At the moment, the Civil Servants Portal (AIT) is implemented as a Mini Info System
Portal (MISP), which is used locally nearly in 70 different central and local government
offices. All the portals are organized as information portals, which can be used as users’
manuals and service portals for eGovernment services.
Information systems
Banks
X-road centre
CA of X-road
IS of
Estonian
Tax and
Customs
Board
Population
Register
Estonian
Motor
Vechicle
Registration
Centre
Hansa bank
Union bank.
Kreditb.
Sampo bank.
Nordea bank
…
other IS
for ex.
MISP II
Services
Services
x5
HELPDESK
Monitoring
a) authent.
b) payment
c) services
Centr.server II
Services
(Elion)
AS
AS
AS
AS
AS
SS
SS
SS
SS
SS
Centr.server I
X-road
Information portal
http://www.eesti.ee
SS
Internet
Information portal
for enterpreneurs
SS
Central
register
of DBs
Riik.ee
(for civil servants)
SS
SS
ID-card
KIT
EIT
AIT
(Citizens’ portal)
(Enterpreneurs’ portal)
(Civil servants’ portal)
CA
Tallinn 2004
Environments developed by government
Certification agency
Fig. 1. eGovernment architecture in Estonia
III. Results of Estonian eGovernment projects
During the last 3-4 years we have finished different IT projects for implementing
eGovernment architecture in the public sector of Estonia. As the result of the mentioned
projects, the following service portals, environments and frameworks are now available
in Estonia:
 Special citizens web portal with db-services. Portal has won an award Finalist
with Honourable Mentions of the eEurope awards for eGovernment 2003
[5,10]. The portals eServices will step-by-step be added to the KIT portal in the
nearest future;
 Framework of the facilities for using Estonian ID-card (over 50% of Estonian
population has already an electronic ID-card) with PKI technology for
identification, authorization and digital signature operations;
3
 Citizens, civil servants and entrepreneurs web portals with almost 500 different
eServices from different Estonian central and local governments.
We will describe some of these environments projects more precisely in next chapters
of this overview.
IV. Special citizens web portal with db-services
All services available through the citizen's portal have a common user interface, which
is not dependent on a database management system for back office. We have used here
the results of different theoretical works from different countries [11,14,15]. A standard
authentication system for all citizens has been developed as well.
The set of standard services available include typical queries, such as:
 "give me my data" from the population register;
 "give me my data" from the motor vehicles register.
As an additional option for organizations that have data security problems, a special
standard Mini Info System Portal (MISP) that is very similar to the citizen's portal, has
been developed. MISP was primarily designed as a working tool for civil servants,
including one additional function – the authorization of users. One of the framework
development plans was that the next version of X-Road should have a similar portal and
provide a set of standard services for private companies as well.
Background. Similarly to other countries, Estonian Parliament has passed a law on
personal data protection (Personal Data Protection Act, enforced on 19.07.1996). Paragraph 29 says that chief processor or authorized processor is required to provide a data
subject with information and the requested personal data or state the reasons for refusal
to provide data or information within five working days after the date of receipt of an
application. For implementing this right in ICT environment with a special citizen's web
portal with standard DB-services has been developed. There are two possibilities for
authentication of users:
 Using Estonian citizen ID-cards or
 The authentication service of Estonian commercial banks.
Today over 50% (714,000 people) of the Estonian population (1.4 million) have an IDcard and over 50% have Internet service agreements with commercial banks and special
authentication (PIN-code) cards.
Objectives. The specific objectives of the project was to guarantee a web-based service
for the citizens (and government servants) to access nearly one hundred governmental
databases and registers, which have been registered in the Center of Registers by the
Estonian Informatics Center. Approximately ten of them are large registers and have
thousands of local interactions per day. The processors of the large registers started to
develop web services for citizens but the result of these first projects was very different.
Every similar service had a different user interface, different forms of agreement
4
between the database user and the processor, different authentication services, etc. All
these problems encouraged the project leaders to develop a new general solution.
In the context of the European Community, the first objective was to implement the free
movement of information across national borders, which guarantees the free movement
of goods, people, etc. Access to this information is strictly implemented according to
the Personal Data Protection Act and principles of data security. A good example is the
possibility to link our services with the Schengen Information System, EUROCAR, etc.
Resources. The amount of financial resources used for this project is approximately one
million euros. The project initiator was the State Information Systems Department of
the Ministry of Economic Affairs and Communications in cooperation with the Estonian
Informatics Center.
Two private companies (Cell Network Ltd. as the main contractor and Cybernetica Ltd.)
have developed the environment within two years and have used subcontract work from
the following companies: Datel Ltd., Reaalsüsteemid Ltd., Andmevara Ltd., etc.
The project realization schedule was planned in different steps and iterations. The main
idea of the project was its realization with open standards and with internationally
accepted standard protocols. The project uses two network protocols, the XML RPC (in
the Alfa version) and the SOAP (in the final version). The digital documents and
queries use the XML standard facilities; the monitoring system uses the SNMP
protocol, etc. The number of potential users depends on the take up among Estonian
inhabitants, which number 1.4 million. The number of interactions per day is not more
than 125,000 yet.
The testing of the central servers of the project showed that the servers enable 100
interactions per second and have the possible scalability of up to 1,000 interactions per
second. The latter case is not probable in Estonia. The environment is using the
Estonian Public Key Infrastructure because the authentication service of the portal was
developed so as to use the Estonian citizen ID-card for authentication. Every ID-card
has the card owner's certificate. Every login to the portal checks the validity of the
certificate. From the security point of view the system is very well protected. In the
sense of data security the functionality of X-Road is very carefully designed and
developed. The security servers of databases and information systems, which are
connected to the Internet, communicate over encrypted channels. All users must pass
authentication and authorization. It is not possible for a citizen to read the data of
another citizen or that a civil servant could read data, which is not related to his/her
everyday work.
Lessons learned. Lessons learned from our project are very different. Naturally, there
are advantages and disadvantages.
Advantages:
 For the first time the databases are open to all citizens who are interested in
knowing which of their personal data is in the databases. People have actually
found a lot of errors in their data fields and have started to send information to the
authorized processor. We believe that no such large data improvement could be
carried out in any other way.
5
 The project has a lot of examples where the number of interactions performed by
civil servants has risen remarkably. For example, last year the Estonian police had
over 20,000 interactions with the passport register, but after providing them with
the standard service ("give the passport data of person x") the number of
interactions has risen to 10,000 per week.
 Another Estonian national ICT project “the ID-card project”, which uses Public
Key Infrastructure (PKI) has established a new and very intensively used e-service, which tests the cooperation with other PKI projects and services.
 - The project has developed very well protected data traffic over the Internet. This
traffic has gathered a set of new users from other different projects, for example
document management projects (for different ministries), and projects which had
planned to use database services (for different organizations and offices).
 Our neighboring countries (Latvia and Lithuania) plan to elaborate the same
services for citizens and civil servants. A different group of developers in these
countries have prepared the theoretical background for similar projects [1,2].
Similar developments have been initiated in many countries. According to our
information, we are forerunners of implementing these services.
 The development and results of the project have called for necessary amendments
in the legislation, which are in the process of being implemented now.
Disadvantages:
 Different stakeholders, for example the project team, the ministerial officials, and
civil servants that need data from databases, have received negative feedback to
the effect that sometimes chief processors are not fond of the new technology and
mistrust the knowledge of outside specialists. They feel that they can judge for
themselves when and where to use new technology and services.
 The management system of the data resources does not work well in every situation, as every database has a chief processor and an authorized processor.
Sometimes it is the case that the authorized processor manages the chief processor
and there exists a risk that the central developers of the X-Road have to cooperate
with the chief processor, who has not got the real development results from the
authorized processor at all.
 Such projects that call for the modernization of legislation should initiate
technological development activities and legislation improvement at the same
time. In our case we were already a bit late to amend the legislation.
 Sometimes civil servants tend to use the introduction of a new software
environment only as a pretext for obtaining the newest computers.
V.
Estonian ID card and PKI infrastructure
The purpose of Estonian ID-card project was to use nation-wide electronic identity and
develop a new personal identification card that would be a generally acceptable
identification document and contain both visually and electronically accessible
6
information (Fig. 2.)[12]. On December 18, 2001 the parliament established ID-card as
a compulsory identity document and the Estonian passport is thus only a travel
document to travel abroad. On January 28, 2002 the first ID-cards were issued to
Estonian citizens. Thus the project came to its logical end [6].
There have been different opinions and political debates over the ID-card. Perhaps the
reason for different opinions lies in the fact that many do not easily see the ID-card as a
component of the public key infrastructure. It is primarily an application of the Digital
Signatures Act and a common infrastructure established for that [7,12].
There exists a lot of similar project in other countries (Belgium, Finland, Italy etc.), but
using of ID-card services at large you can find in Estonia as in pilot country [3,10].
Common infrastructure. The Estonian ID-card project focused on the digital signature, which is equivalent to the ordinary signature on paper. At the same time the
technologies and standards for creating digital signature should be uniform in the whole
country. The signature should identify a person directly to make the verification
signatures easy without additional contracts being necessary. To achieve this aim the
Identity Documents Act as well as the Digital Signatures Act was adjusted, which
resulted in the following:
 The certificate inserted in the ID-card includes the personal identification code,
which enables to identify the individual at once.
 A certificate, which enables to sign documents according to the Digital Signatures
Act, is inserted in the ID-card chip.
 Certificates inserted in the ID-card lack field of use restrictions and therefore it
can be applied in the public as well as private sector, and also in any kind of
mutual relations between individuals.
The primary purpose of information on the ID-card chip is to allow the digital
unambiguous identification of the individual and the creation of the digital signature.
The certificate includes only minimum information about the individual - names and the
personal identification code. A firm decision was made initially not to add additional
information to the ID-card, not to mention information that requires updating.
ID-card applications. ID-card is generally suitable wherever a person needs to be
authenticated or when documents have to be signed. This means that ID-card has not
been created only for a certain service or application.
The authentication with an ID-card functions securely and it is convenient to use the
card wherever user names, passwords, code cards etc. have so far been used - whether it
be Internet banking services, internal applications of a company, intranets or public
portals; shortly, wherever identification is necessary. It is convenient mainly because,
on one hand, the system administrators need not bother themselves about the
administration of user names and passwords and, on the other hand, a person needs not
to deal with the multiple passwords and password cards.
7
It is secure because a person can check whether his/her passwords (secret keys) are
under control - whether the ID-card is still in his/her possession. In case the card is lost
its usability can be blocked with one phone call.
Fig. 2. Main physical security elements of an Estonian ID-card
The application of the authentication function is quite easy; the user account based
access to information systems has to be transferred to personal identification code based
application (i.e. the personal identification code included in the certificate has to be
8
connected to the user account). An application allowing ID-card based authentication in
Windows computer workplaces has been completed as well.
The ID-card can be used also for signing and encrypting e-mails. Every authentication
certificate includes the person’s e-mail address forename.surname_XXXX@eesti.ee
(XXXX is the random four-digit number assigned to the person). The person can
register his/her daily e-mail address in the mail server and respective mails will be
forwarded to that address. This service is elaborated together with the KIT portal.
Signing applications. The main function of the ID-card is to allow digital signatures. In
February 2003, a format description (ETSI TS 101 903) extending the XML-DSIG
standard was adopted in Europe and this allows providing a basis for common treatment
of digital signature. The file signed can be an XML file or whatever binary file (.TXT,
.PDF, .RTF, etc.). It is possible to sign one file or several files simultaneously, there can
be more than one signature and the files can be situated by the signatures or separately.
It is also possible to add certificates and their validations, etc.
Additional information on the ID-card and its applications is available at
http://www.id.ee (summary in English); information on applying for ID-card is available
at http://www.pass.ee (in Estonian, English and Russian) and on the technological
infrastructure at http://www.sk.ee (in Estonian and English).
VI. eServices
At previous, Picmet’03, conference we introduced the software environment X-Road as
an integration tool of government information systems [8]. Development of a new
version of X-Road has an important aim to build up an environment for developing and
managing eGovernment services [9].
The developing of X-Road technology has step by step followed the general development trends in distributed software systems design. For data transport and for remote
program calls we have introduced SOAP protocol instead of (and in parallel to) the
XML-RPC protocol. For web-service developing and web-services description we have
used WSDL protocol and for description of database services UDDI standard
facilities [13].
We have developed the next set of facilities for the information systems, which will be
added to the X-Road environment:
 Authentication (ID-card + 5 Internet bank services);
 Authorization;
 MISP (Mini Info System Portal) portal services;
 Simple queries to Estonian national databases;
 The facilities for developing complex business model queries (queries to different
databases and registers);
 The writing operation into databases;
9
 The facility to send large amount of data (over 10Mb) from database to database
over the Internet;
 Secure data exchange, logs storing;
 Queries surveillance possibility;
 The integration with citizen portal for adding new services;
 The integration with entrepreneurs portal for adding new services;
 Central and local monitoring;
 The special database for storing services WSDL descriptions.
A lot of last time services have developed by combining the functionality from the list
above. The last best practice by developing eGovernment services includes eService
“Parental benefit application”, eService “Results of secondary school tents”, “Family
benefits applications” etc.
VII. A new generation eService “Parental benefit” in Internet
The best eService on X-road – Parental benefit. The X-Road eService “Parental
benefit” has won the Estonian Award 2004 for public administration eServices in
Estonia. It was a good example of cooperation between public organizations.
Let us try to analyze this service more deeply. The service was finalized a week later
after the Estonian Parliament approved the special law on Parental benefit (before the
Christmas holidays in 2003). In January 2004, the service was opened for civil servants
of Social Insurance Board and at the beginning of February all Estonian citizens were
able to use the service over the Internet. Of course, for the people (minority of young
families in Estonia) who do not have access to the Internet, used the possibility of
visiting the Social Insurance Board, where a civil servant asked his/her personal code
and gave his/her application over the Internet. What is important here? It is the first time
that not a single sheet of paper is used. All the different confirmations and certificates
together with the application itself are generated automatically by the eService by using
different databases and registers for the collecting the data about the applicant. eService
runs as a distributed software in applicants personal computer, in the computers of
Social Insurance Board, in the Computers of X-Road environment and in different
database servers (as back office for the solutions). This is a different approach compared
to solution, where the computer is used for coping the precise paper world business
model activities into virtual world (you can find such solution in Estonia, in Germany
etc. [4]).
The Parental benefit solution has different advantages both for citizens and for civil
servants.
The first best practice for a citizen:
 Citizen can submit applications over the Internet;
10
 Citizen does not have to give out data that the IS knows about the citizen; and
therefore
 Citizen must not fill in long application forms and run from door to door;
 A good example how the state has simplified the payment system.
The best practice for civil servant:
 Civil servant is free from revising mountains of paper documents (7);
 Civil servant is free from inputting the data from paper documents;
 Civil servant is free from checking data in different databases;
 Civil servant can start the process by inputting only the personal code of the
client;
 There does not exist any paper applications at all.
The functional schema of Parential benefit eService is given on Fig. 3.
Databases
Users
Register of Social
Insurance Board
Citizen
portal
Citizen
Population
Register
X-Road
MISP
IS of Health
Insurance Fund
Civil servant
IS of Tax and
Customs Office
Fig. 3. Parential benefit in Internet
11
VIII. Statistics
Here are given the main statistics of using eServices over the eGovernment
environment.
At the moment (January, 2005) we have following clients:
Organizations:
 Number of agreements – ~338
Databases/Service providers:
 All service providers: 32
Security servers:
 Number of agreements for SS: 68
MISP servers:
 Number of agreements for MISPs: 40
Services:
 The number services from all the X-Road service providers ~500
The statistics of usage:
 During the year 2003, the total number of X-Road queries was: 590 000.
 During the year 2004, the total number of X-Road services was 7 700 000.
 Average number of services per month in 2003 was 54 000.
Year 2004:
 November
1 150 000
 December
~1 000 000
The usage of eServices grows extremely fast. In January 2003 the number of services
was 27 000, in January 2004 the number was 270 000 and in January 2005 we were not
very far from the number 2 700 000.
IX. Conclusions
We are sure that our projects for eGovernment framework development and portals are
making significant contributions to the process of moving towards the information
society. Our environment represents Estonian and European best practice in the
application and usage of new technologies in order to provide eServices to citizens, to
civil servants and to entrepreneurs.
12
Acknowledgement
This research is partly sponsored by Estonian Science Foundation under the grant
nr. 5766.
References
[1]
Arnicans, G., G. Karnitis; “Semantics for managing systems in heterogeneous and
distributed environment,” in Databases and Information systems II, eds.:
H-M. Haav and A. Kalja, Kluwer Academic Publishers, The Netherlands,
pp. 149-160, 2002.
[2]
Caplinskas, A., A. Lupeikiene, O. Vasilecas; “Shared conceptualisation of business systems, information systems and supporting software,” in Databases and
Information systems II, eds.: H-M. Haav and A. Kalja, Kluwer Academic
Publishers, The Netherlands, pp. 109-120, 2002.
[3]
http://www.belgium.be/eportal/index.jsp
[4]
https://www.elster.de/
[5]
http://www.e-europeawards.org
[6]
http://www.id.ee/file.php?id=122
[7]
http://www.pass.ee/64.html
[8]
Kalja, A; “System integration process of government information systems,” in
Papers presented at PICMET'03 [CD-ROM], Portland, OR, PICMET, July 2003.
[9]
Kalja, A., K. Kindel, R. Kivi; “The service-oriented environment of government
databases and information systems in Estonia,” in Baltic IT&T Review, 03(34),
pp. 7-11, 2004.
[10] Leitner, Christine (ed); “eGovernment in Europe: the state of affairs,”
eGovernment 2003 Conference Como, ISBN 90-6779-182-2, Italy, 2003.
[11] Manolescu, I., D. Florescu, D. Kossmann; “Answering queries on heterogeneous
data sources,” in Proc. VLDB’01, pp. 241-250, 2001.
[12] Odrats, I. (ed); “Information technology in public administration of Estonia.
Yearbook 2002.” Ministry of Economic Affairs and Communications, Department
of State Information Systems, Estonian Informatics Center. ISBN 9985-819-10-1,
Estonia, Tallinn, 2003.
[13] Odrats, I. (ed); “Information technology in public administration of Estonia.
Yearbook 2003.” Ministry of Economic Affairs and Communications, Department
of State Information Systems, Estonian Informatics Center. ISBN 9985-819-13-6,
Estonia, Tallinn, 2004.
[14] Vestenicky, V.; “Successful database integration through view cooperation,” in
Databases and Information Systems, eds.: J. Barzdins, A. Caplinskas, IOS Press,
pp.34-49, 2005.
[15] Özsu, M. T., P. Valduriez; “Principles of distributed database systems.” Alan Apt,
New Jersey, 1999.
13