The key to the digital future is about data integrity, not data confidentiality.
So says Toomas Hendrik Ilves, President of Estonia, who flew into San Francisco Thursday morning to address an internet summit hosted by CloudFlare.
"I have AB blood," he said by way of example. "I don't particularly care that people know that. But if somehow that information was changed, well then I could end up dead."
Estonia has become somewhat of a digital poster child in recent years thanks to its embrace of internet technology, including the creation of an "e-resident" system where anyone can become a digital resident of the small country, open a bank account and sign legal documents electronically.
That drive has in large part come from Ilves himself, who talked briefly about how he learned to code while at university. "I had a system with 8K of memory," he recalled, "which I guess is the size of an empty email."
Ilves spoke knowledgeably about a whole range of tech issues, something that an earlier panel at the summit noted was a rare occurrence: being a politician and being tech-savvy tend to be mutually exclusive.
Estonia has introduced a unique system where the government servers are all connected to one another and every citizen is provided with a chipped card that allows them to access the network.
To make it work, the country has passed a number of laws. "We have a law that says you own your own data," Ilves explained. "And you can see who has tried to access your data." He was no different, he said: "Every day, I see the newspapers looking at my financial records. They haven't found anything yet."
Another law is that the government is not allowed to ask for any information on you that it already has: something that has driven different departments to work on ways to share information rather than put the burden onto the citizen.
As to how this makes Estonia function more efficiently, Ilves gave the example of registering a company. Government for 5,000 years has always worked in a serial way: someone would fill in a form and then that form would be checked by different departments to make sure each aspect was correct – such as checking that none of the directors have criminal records or had failed to pay their taxes.
That process can take anywhere from days to months to over a year, but in Estonia, Ilves claims it can all be done in 15 minutes because the information is already in the system. "It works in parallel," he noted.
Another example was in healthcare. "The doctor has been on a pedestal since the earliest days," he said. "But now in Estonia if you want a second opinion, you just authorize another doctor to look at your medical records."
The system uses 2048-bit RSA encryption – something Ilves noted the FBI was unable to crack – and uses two-factor auth. "So far it's worked," he pointed out.
Of course, the key stumbling block for some countries is the idea of a national ID at all. "Some countries have an objection to an identity, so I think in those countries our system will never happen."
He noted the irony, however, in the fact that the "five countries most opposed to a national ID – the UK, US, Canada, Australia, and New Zealand – are also the Five Eyes to whom the NSA sends all its information." ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks