November 17, 2017 By David Strom 3 min read

Estonia is leading the way in digital innovation, providing smart ID cards to its citizens to vote and interact with other public services. The cards have been popular, and more than one-third of Estonians voted online in the last election using them.

To build on this, the country has built a program called e-Residency that allows foreigners to obtain ID cards and interact with both government and private services. You can use it to open up an EU-based business and bank account, for example. While I don’t want to give up my U.S. citizenship, I am intrigued with the idea that you can create a digital identity without ever stepping foot in a country, so I thought it would be interesting to apply for the program.

It turns out that I would have to step foot inside Estonian sovereign space and visit one of their embassies to show my U.S. passport, get fingerprinted and obtain the e-Residency starter kit. You can’t send anyone else to do these tasks. Once that process is complete, I am free to roam the globe as a digital nomad.

Why Estonia?

Estonia has come a long way in the few years since it left the Soviet Union and became an independent nation. Back then, few of its citizens had even seen a modern computer, and its internet connectivity was abysmal. Now, it is routinely mentioned in the top tier of connected countries and a high proportion of its citizens have net access.

Just to be clear, gaining e-Residency isn’t the same thing as becoming a citizen, changing the tax residency of your business or even becoming a physical resident of Estonia. The actual e-Resident ID card is not a physical identification or travel document and does not include a photo. It does have an embedded chip, similar to most modern credit cards, and requires a special USB-attached reader, which is included in the starter kits.

The best way to think about the e-Resident card is like a secure multifactor authentication token that is widely distributed. Like those one-time tokens that generate constantly changing numbers, the Estonian version is used to prove “something that you have” in a unique way that is tied to your identity. And it makes for a great conversation starter at parties, too — or so I hope.

To get started, applicants complete an online form. You scan your passport, pay a $100 fee and in about six weeks you receive an email saying your materials are ready to be picked up at the embassy you specified in your application. The whole thing took me about 20 minutes. Instructions were very clear throughout the entire process.

A Roadblock in the Path to Estonian e-Residency

I was impressed with the level of communication from the program regarding the progress of my application. Shortly after I received my final notice about my materials, the Estonian program manager posted a blog that disclosed a security issue with the program and announced that it wouldn’t issue any new IDs until things were sorted out. Almost 750,000 cards were affected. According to Estonian officials, the risk is a theoretical one and there is no evidence of anyone’s digital identity actually being misused. To their credit, they were just being cautious.

I was also impressed with the amount of information that Estonia has posted online about starting a virtual business, providing links to the lawyers and accountants that you will need as part of this process. I have started my own business in three U.S. states and none of the processes were as easy as what I found here. (I will shout out my current home state of Missouri, which has its online act together and will answer your questions quickly via telephone if you need to call them.) The Estonia website is offered in the native language and in English.

E-Residency isn’t the only digital innovation that is taking place in Estonia. The country is the first government to build an off-site data center internationally, what it calls the “data embassy.” The government will make backup copies of its critical data infrastructure to be stored in Luxembourg if an agreement between the two countries is reached.

Clearly, Estonia has an eye toward the future and is trying to innovate in digital technology.

More from Government

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today