Light Dark
November 17, 2017 By David Strom 3 min read
Government

Estonia is leading the way in digital innovation, providing smart ID cards to its citizens to vote and interact with other public services. The cards have been popular, and more than one-third of Estonians voted online in the last election using them.

To build on this, the country has built a program called e-Residency that allows foreigners to obtain ID cards and interact with both government and private services. You can use it to open up an EU-based business and bank account, for example. While I don’t want to give up my U.S. citizenship, I am intrigued with the idea that you can create a digital identity without ever stepping foot in a country, so I thought it would be interesting to apply for the program.

It turns out that I would have to step foot inside Estonian sovereign space and visit one of their embassies to show my U.S. passport, get fingerprinted and obtain the e-Residency starter kit. You can’t send anyone else to do these tasks. Once that process is complete, I am free to roam the globe as a digital nomad.

Why Estonia?

Estonia has come a long way in the few years since it left the Soviet Union and became an independent nation. Back then, few of its citizens had even seen a modern computer, and its internet connectivity was abysmal. Now, it is routinely mentioned in the top tier of connected countries and a high proportion of its citizens have net access.

Just to be clear, gaining e-Residency isn’t the same thing as becoming a citizen, changing the tax residency of your business or even becoming a physical resident of Estonia. The actual e-Resident ID card is not a physical identification or travel document and does not include a photo. It does have an embedded chip, similar to most modern credit cards, and requires a special USB-attached reader, which is included in the starter kits.

The best way to think about the e-Resident card is like a secure multifactor authentication token that is widely distributed. Like those one-time tokens that generate constantly changing numbers, the Estonian version is used to prove “something that you have” in a unique way that is tied to your identity. And it makes for a great conversation starter at parties, too — or so I hope.

To get started, applicants complete an online form. You scan your passport, pay a $100 fee and in about six weeks you receive an email saying your materials are ready to be picked up at the embassy you specified in your application. The whole thing took me about 20 minutes. Instructions were very clear throughout the entire process.

A Roadblock in the Path to Estonian e-Residency

I was impressed with the level of communication from the program regarding the progress of my application. Shortly after I received my final notice about my materials, the Estonian program manager posted a blog that disclosed a security issue with the program and announced that it wouldn’t issue any new IDs until things were sorted out. Almost 750,000 cards were affected. According to Estonian officials, the risk is a theoretical one and there is no evidence of anyone’s digital identity actually being misused. To their credit, they were just being cautious.

I was also impressed with the amount of information that Estonia has posted online about starting a virtual business, providing links to the lawyers and accountants that you will need as part of this process. I have started my own business in three U.S. states and none of the processes were as easy as what I found here. (I will shout out my current home state of Missouri, which has its online act together and will answer your questions quickly via telephone if you need to call them.) The Estonia website is offered in the native language and in English.

E-Residency isn’t the only digital innovation that is taking place in Estonia. The country is the first government to build an off-site data center internationally, what it calls the “data embassy.” The government will make backup copies of its critical data infrastructure to be stored in Luxembourg if an agreement between the two countries is reached.

Clearly, Estonia has an eye toward the future and is trying to innovate in digital technology.

 |  |  | 
David Strom
Security Evangelist

More from Government
August 14, 2024

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

May 30, 2024

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature