Light Dark
November 17, 2017 By David Strom 3 min read
Government

Estonia is leading the way in digital innovation, providing smart ID cards to its citizens to vote and interact with other public services. The cards have been popular, and more than one-third of Estonians voted online in the last election using them.

To build on this, the country has built a program called e-Residency that allows foreigners to obtain ID cards and interact with both government and private services. You can use it to open up an EU-based business and bank account, for example. While I don’t want to give up my U.S. citizenship, I am intrigued with the idea that you can create a digital identity without ever stepping foot in a country, so I thought it would be interesting to apply for the program.

It turns out that I would have to step foot inside Estonian sovereign space and visit one of their embassies to show my U.S. passport, get fingerprinted and obtain the e-Residency starter kit. You can’t send anyone else to do these tasks. Once that process is complete, I am free to roam the globe as a digital nomad.

Why Estonia?

Estonia has come a long way in the few years since it left the Soviet Union and became an independent nation. Back then, few of its citizens had even seen a modern computer, and its internet connectivity was abysmal. Now, it is routinely mentioned in the top tier of connected countries and a high proportion of its citizens have net access.

Just to be clear, gaining e-Residency isn’t the same thing as becoming a citizen, changing the tax residency of your business or even becoming a physical resident of Estonia. The actual e-Resident ID card is not a physical identification or travel document and does not include a photo. It does have an embedded chip, similar to most modern credit cards, and requires a special USB-attached reader, which is included in the starter kits.

The best way to think about the e-Resident card is like a secure multifactor authentication token that is widely distributed. Like those one-time tokens that generate constantly changing numbers, the Estonian version is used to prove “something that you have” in a unique way that is tied to your identity. And it makes for a great conversation starter at parties, too — or so I hope.

To get started, applicants complete an online form. You scan your passport, pay a $100 fee and in about six weeks you receive an email saying your materials are ready to be picked up at the embassy you specified in your application. The whole thing took me about 20 minutes. Instructions were very clear throughout the entire process.

A Roadblock in the Path to Estonian e-Residency

I was impressed with the level of communication from the program regarding the progress of my application. Shortly after I received my final notice about my materials, the Estonian program manager posted a blog that disclosed a security issue with the program and announced that it wouldn’t issue any new IDs until things were sorted out. Almost 750,000 cards were affected. According to Estonian officials, the risk is a theoretical one and there is no evidence of anyone’s digital identity actually being misused. To their credit, they were just being cautious.

I was also impressed with the amount of information that Estonia has posted online about starting a virtual business, providing links to the lawyers and accountants that you will need as part of this process. I have started my own business in three U.S. states and none of the processes were as easy as what I found here. (I will shout out my current home state of Missouri, which has its online act together and will answer your questions quickly via telephone if you need to call them.) The Estonia website is offered in the native language and in English.

E-Residency isn’t the only digital innovation that is taking place in Estonia. The country is the first government to build an off-site data center internationally, what it calls the “data embassy.” The government will make backup copies of its critical data infrastructure to be stored in Luxembourg if an agreement between the two countries is reached.

Clearly, Estonia has an eye toward the future and is trying to innovate in digital technology.

 |  |  | 
David Strom
Security Evangelist

More from Government
October 17, 2023

Cyber experts applaud the new White House cybersecurity plan

4 min read - First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the White House’s Office of the National Cyber Director (ONCD). Cybersecurity experts have applauded the Administration’s plan as well as the new implementation calendar. For example,…

September 19, 2023

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

September 18, 2023

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature