Some members of parliament will be studying an age-old question this spring: how can Canada be more like Estonia?
Since the fall of the Soviet Union, the tiny Baltic country has turbocharged its government services, becoming the first nation to allow citizens to vote online and offering a slew of amenities through a single digital portal. Wired Magazine even deemed the country “E-stonia, the world’s most digitally advanced society.”
Now, after releasing its final report on a data breach involving Facebook and Cambridge Analytica in December, the House of Commons privacy committee will be looking at how Canada can follow the Estonian model on digital government services.
Committee chair and Conservative MP Bob Zimmer said he’s hopeful that members of the committee will be able to travel to Estonia to see it firsthand.
“I don’t know if the Estonian model is possible, but we’re definitely interested,” said Zimmer. “It’s got us very intrigued, how they preserve the sanctity of personal data. That’s always something we want to see.”
The Estonians have shovelled resources not just into privacy, but also into ensuring that government services are useful and user-friendly.
I don’t know if the Estonian model is possible, but we’re definitely interested
“I don’t think governments think of themselves as being in the customer service business, but they are,” said Liberal MP Nathaniel Erskine-Smith, who is a vice-chair on the committee, which will begin studying the issue at the end of January.
Erskine-Smith said governments at all levels should be looking for ways to improve digital services, especially with recent high-profile failures like the federal government’s Phoenix pay system.
“We obviously don’t have a strong track record on digital projects … but they are extremely important,” he said.
A House committee can study an issue and offer recommendations, but the government is under no obligation to follow them. Recent recommendations from the privacy committee on bringing political parties under Canada’s privacy laws have gone unheeded by the Liberal government, for example.
Although MPs are keen to study the privacy and security implications, revamping the country’s digital services would also make dealing with the government a little less rage-inducing for Canadians. Estonia has a “once-only” principle, which means the government can’t ask for data if it has already been provided to some other department. And the most popular government service in Estonia is the digital signature, which means people don’t have to worry about physically signing government forms.
The Estonian system revolves around digital ID cards that function in the cyber world the same way passports do in the physical world. The cards also double as encryption devices to help secure the information.
Estonians can log in to a central portal and access government services and see a record of when that information was accessed by public servants. This allows for radical transparency that flows two ways: Estonians can, for example, see whenever a police officer has run their license plate or they can look up information about politicians, such as property records. They have the ability to vote online, which 30 per cent of the population does, and they can verify in the portal if their vote has been recorded.
Representatives from Estonia told the committee last year that the best place for a country like Canada to start would be providing a similar “digital identity” to its citizens.
Erskine-Smith said its worth studying the Estonian system not just for the customer service benefits for taxpayers, but also to examine the data safeguards the country has implemented. Although health records and tax records can be accessed by citizens in the portal, they are walled off behind the scenes, meaning that only people who are authorized to look at the information can see it.
Much of the Estonian cybersecurity regime grew out of the country’s response to a massive cyber attack likely carried out by the Russian government in 2007. At the time it was considered the second-largest act of cyber warfare in the world. In response, Estonia set up a Cyber Defence Unit, which is trained by the defence ministry and is made up of private sector experts who remain anonymous.
Although MPs are looking ahead to a shorter session in the spring, Erskine-Smith said he was hopeful the committee could issue a report by summer.