Toomas Hendrik Ilves continues to be a speaker for the e-state as an ex-president. He has given more than 30 interviews and comments to the foreign press and participated in dozens of conferences from the USA to Japan on topics of the digital state, cybersecurity, and security policy in the past year alone.
- What is your opinion of what seems to be a general belief in the German press that problems with our ID-card only concern us? The chip has not been manufactured in Estonia, and we only make up a fraction of its users. Germany’s T-Solution and the country’s e-pharmacy system are much bigger users.
Let us be true to facts: a single article was published in the Frankfurter Allgemeine Zeitung. Referring to that article as the general view in Germany is an exaggeration, which in turn says something about us.
The Frankfurter Allgemeine article offers relatively superficial coverage. The author has not taken the time to acquaint themselves with technical details, nor do they acknowledge the same chip is used in many other countries, also in credit cards.
Superficial treatments always constitute a journalistic risk in the case of complicated topics. People cannot be bothered to delve deep. Reading such pieces, I often think that the press has not realized the responsibility that comes with the title. We are not dealing with a conscious lie; rather it is carelessness and hunger for clicks. Some things, it seems, are universal in the world.
As concerns ID-card problems, then yes, there were faulty ID-cards in other countries. And yes, paradoxically, this fault only concerns those in Estonia.
Imagine a car that has an engine problem that does not manifest in Southern Europe but comes out in the Estonian winter. Is it an engine problem? Probably. Is it the fault of Estonia’s snowy roads? Hardly.
The situation with the ID-card is the same. Estonia’s requirements are greater than those of countries where the problems did not manifest.
- Is Estonia taking criticism from the foreign press too seriously?
I have seen, over what is now a quarter of a century, how we do not appreciate praise from the foreign press, while we are sensitive to criticism, even if it is incompetent. Whenever someone says something positive about Estonia, there are always those who describe the former as uninformed or downright foolish. Whenever negative things are said, that someone is considered an authority and their opinion the correct one. It reflects our insecurity.
I want to assure you: we have nothing to be uncertain about. We stopped being a tiny Eastern European country, trying to prove itself in the eyes of the mighty and the only aim of the diplomats of which is to be known, a long time ago. We are known and renowned. And what is paramount: we are good on the global scale, and we must know that about ourselves.
Our e-state and digital services are unique in the world. I saw several countries that want to follow our example when speaking at conferences in the past year. The Bertelsmann Foundation think tank
in Germany picks an idea for Germany to follow every year. This year it was the Estonian e-state. I was on a tour of Latin American countries a few weeks ago that want to adopt such a system. Before that, Japan and Korea, that are also interested in Estonia’s example.
The time when we were but apprentices and beneficiaries is over. We have switched leagues: others want to learn from us. We are equals among equals. Better in some areas, competitors in others. We must be prepared for gloating. As an e-state, Estonia is playing in the world league, and we must be ready for criticism.
- Do the problems with Estonia’s e-card somehow affect the spread of the e-state principle?
We must realize that cybersecurity is always temporary: software needs to be regularly updated to maintain that security. Applications you use in your cell phone or computer usually require an update because another security risk has been discovered and needs to be patched. The same goes for the Estonian ID-card.
Security risks are unavoidable. Actual cyber threats can be avoided. Estonia has handled this matter correctly by acknowledging the risk, notifying the public, and avoiding the threat manifesting. Had it happened to a private company, we probably would have heard nothing about it. There would just have been another update.
What is permitted to a private company is not permitted to a state. The latter must be public and open in its activities, even if that means opening itself to criticism.
- Could Estonian politicians have allowed experts and tech journalists to handle the coverage – as has been done recently? In other words: was it justified to bring the incident to the political level?
It is difficult for me to assess that. In my experience, the tech press has not done a good job of covering the matter. It is a classic executive decision moment for politicians. Something Henry Kissinger described as a situation where you absolutely must decide without having enough information for a decision. Unfortunately, such decisions must often be made on the management level.
Those who have only seen governance from afar cannot know what it means. Governing is not just about pleasing voters with popular decisions. It is also having to make decisions without information and analysis at times. No such decision is made lightly; however, it must be made, as failure to decide is also a decision the consequences of which could be far worse.
When faced with such decisions, politicians generally do not think about their party or themselves. Decisions like these require putting the state’s interests first. The person and the party are left to the background.
It is probable that accusations of trying to cover up the problem would have been worse. There was a certain timeframe in which it had to be decided whether the world would hear it from us or someone else. The government decided it should be us. It is difficult to fault them for that decision.
- What should Estonia do to turn potential flak to its reputation to its benefit and emerge from the situation stronger than before?
I’m not sure that flak is all that significant. Nevertheless, like I said, Estonia is an equal among equals.
It is probable talking points of heads of governments who will attend the Digital Summit in Tallinn will include an entry pointing to a recent digital problem Estonia had. This means that Estonian ministers need to have concise answers backed up by enough facts by that time.
We do not need to apologize or explain ourselves – Estonia has done nothing wrong. The idea and execution of the digital state are strong and have proved themselves in Estonia and to a lesser degree in several other countries. It is the future of how states will operate. We do, however, need to explain the nature of the problem, why it only manifested in Estonia, and how we are solving it. We need to prepare.
As concerns reputation, the latter must be grounded in reality. Concentrating on reputation alone we are like a farmer whose horse has a loose shoe but who only worries about the appearance of his cart. Instead of painting the cart in bright colors, he needs to fix the shoe so his horse could walk again – only then will the cart run straight.
- How likely do you hold it that forces that have made slandering Estonia a habit will use this in their interests and give it even more momentum through media channels they control?
I haven’t noticed anything of the sort so far. That said, it is a complex technical matter details of which require time and technical capacity to understand. It is not accomplishable for everyone, as reflected in the articles by Frankfurter Allgemeine and the Financial Times.
It is likely we will see more articles that barely scratch the surface and are fueled by the desire for hits. Considering the insanity and absurdity of lies spread concerning NATO battalions in the Baltic countries, we will see nothing as fine or painful. Rather something simpler, ridiculous in its absurdity.
- Are you prepared to vote electronically, using an ID-card, at this fall’s local elections?
Sure. Based on the facts as we know them, to alter my vote, someone would have to pay for 10-12 hours of rather serious data processing, whereas it is possible I will change my mind and vote again, voiding my own initial vote and the one manipulated by the perpetrator. To think that altering a single vote would require tens of thousands of euros, the risks are minute: it simply wouldn’t be worth it.
- Is what we have an e-scare, or is this something bigger?
It was a scare that reminded us to take good care of what we have spent two decades building. It also confirmed that the digital gap is real: things that for us, living in a digital country, are clear and simple, might not be so elsewhere. Those with no idea of how a digital country operates see the problem based on their own convictions that, unfortunately, can be limited.
I believe it is a good lesson. Not a lesson in communication, but rather how careful we must be in making sure procurements are professional and software developments work without a hitch.
This in turn means we cannot afford to be small-minded. If we want our e-state to be the best, we must continue to invest in it. We can compare it to roadbuilding: we have found it cheaper to build roads on limestone, not granite. And it is cheaper. The problem is that the road will fall apart in five years.
There are no second chances in the digital world. That is why my concern has far less to do with potential reputation damage and far more with whether something truly dangerous has been discovered. Based on what we know, there is no reason for concern today.
- How is the incident covered in America, if at all? In tech hubs, Silicon Valley for example?
The topic has not been raised to any notable effect in Silicon Valley. It is understandable: Silicon Valley knows what cyber threats are and why it is necessary to regularly update software.
Talking about the States in general, news is dominated by far more serious matters: hurricanes (Harvey and Irma), major data theft (personal data of 143 million people from credit information provider Equifax), Russia’s meddling in US elections, also by buying banned advertising on Facebook. These things overshadow other topics.
The few comments I have seen regarding the Estonian ID-card have rather been incompetent. There is still no way for the United States to realistically imagine the services Estonia offers as an e-state.
E-voting is a good example of this. The term is used in the States, while it means something completely different. In the USA (and several other countries) it simply stands for a technical solution where the voter can vote for their candidate by pressing a screen in the polling station. This takes place in an unsecure system in which breaches by Russian hackers to change the election register have been established. Good luck explaining that Estonia’s e-voting is fundamentally different, and that in it said dangers are not realistic.
- What is the e-state we are defending? Is it services, cost-effectiveness, worldview, competition advantage?
E-state is that one thing Estonia does better than almost everyone else. E-state is e-services, e-voting, e-cast of mind. E-state is being able to do almost everything in the comfort of your home. Securely and in a short time. We can do that, while others still cannot.
Every Estonian can experience it when they travel to another country and notice how many basic services and conveniences simply do not exist, and how complicated running of simple errands can be. Then we understand the sheer amount of senseless bureaucracy in the world, and how much simpler everything has been made in Estonia.
I experienced it myself when registering my daughter for school. In Silicon Valley, the mecca of IT and innovation, I need to a) prove with a rental contract or electricity bill that I live in Palo Alto; b) present two documents bearing my physical signature one of which needs to be taken to an office five kilometers from the school; c) queue to be able to present the document that is then copied by the secretary and placed in a file.
In a city where a notable part of parents are Stanford professors or employees of Apple, Google, Tesla, Facebook etc. I looked at the parking lot full of Teslas before the parent teacher conference and I thought to myself: so many IT employees and such modest digital services capacity should not go together. Yet, that is how it is.
This shows that Estonia’s digital prowess does not only stand for technology and know-how. Those things also exist elsewhere. The foundation of the digital state is not digital; in fact, it is analog: it requires the right laws and regulations that enable people to use technology and know-how.
E-Estonia is our own assurance that we are a modern, advanced country, and that out high positions in rankings are not an illusion. The e-Estonia built over a quarter of a century is no single government’s monopoly. It is a thing of the Estonian state and people on which Estonia’s success, renown, and reputation are built.