Mapping Digital Identity Systems Estonia

CONCEPTUALIZATION Saumyaa Naidu and Pooja Saxena RESEARCH Shruti Trikanad and Yesha Tshering Paul MAPPING Saumyaa Naidu, Akash Sheshadri and Pooja Saxena TEXT Shruti Trikanad, Yesha Tshering Paul, Saumyaa Naidu, and Pooja Saxena Digital Identities: Design and Uses With inputs from Amber Sinha and Sunil Abraham A project of the Centre for Internet and Society, India supported by Omidyar Network Overview / Digital Identity System in Estonia

As a result of a national eID card being mandatory, nearly 1.3 million Estonian citizens have a permanent personal ID code, which forms the basis of the digital identification process.

The different forms of identification in the Estonian Digital ID ecosystem are Digi-ID (in the form of a smart card), Mobile ID (via a special SIM to be inserted in a smartphone) and Smart ID (an application for smartphones and tablets that does not require a special SIM). These multiple forms of identification can be used to access various services and to digitally sign documents. These IDs are available to all citizens and residents, as well as e-residents, of Estonia.

Estonia’s e-solution environment empowers residents and citizens to avail of almost every government service online, in addition to many private services. This system entails each service having their own information system. X-Road provides an open-source interoperability platform between these different information systems. Different X-Road ecosystems can also be joined and federated.

The various actors in the Digital ID ecosystem (in addition to ID users) that avail of this ID include both public and private actors. These actors differ according to the form and purpose of ID. Major actors include state authorities such as the Police and Border Guard Board; state services such as the Estonian Health Information System; state databases such as the Estonian Population Register and Identity Documents Database; and private entities such as Telecom Service Providers.

2 Process Maps / Identification and Authentication

The core processes within each digital identity system are being mapped ENTITY ENTITY in order to evaluate the existing technological and policy decisions. These process maps bring forward the advantages and barriers in the mechanisms of identification, authentication, and authorisation. These maps follow the Swim Lane Model to capture these processes. The use of this technique helps Description of action taken by the ACTOR to read the processes with clarity, and also points out the multiple possibilities DIGITAL ID ARTIFACT at different steps. PROCESS FLOW

The Swim Lane Model represents a process as a sequence of steps, and places the entities in different lanes (or columns) to show who is responsible 2. for taking those steps. Each column shows the action taken by the respective entity. The numbered rows establish the sequence of steps. The arrows connect the end of each step to the beginning of the next one. Refer to the key 3. OTHER DATA on the right to navigate the process maps. They also indicate multiple routes that & its Description can be taken within a step. Additionally, these process maps highlight the data being collected and digital identity artifacts being used in various steps. 4.

3 Identification digi-id enrolment

The digital identity card (Digi-ID) is a smart ID card that can be used by citizens and residents of Estonia. The Digi-ID can be used for authentication and digital signatures, but cannot be used as visual identification, as its purpose is to be used in a digital environment. Use of the Digi-ID requires a card reader, and the validity of the Digi-ID is 5 years.

This map shows the process of a resident obtaining a Digi-ID from the Police and Border Guard Board.

Sl. RESIDENT ISSUING AUTHORITY SERVICE POINT* POLICE AND BORDER GUARD BOARD

1. Submits VALID ID** + SIGNED FORM in person to the Issuing Authority Service Point

2. Conducts Physical Identity Check

BIOMETRIC DATA of the Resident is collected along with ID DOCUMENTS

ID DOCUMENTS and BIOMETRIC DATA are checked against the Estonian Population Register and the Identity Documents Database in accordance with Identity Documents Act and Regulations + Internal procedures and regulation

Checks that the ID DOCUMENTS are genuine and

a) correspond to the data provided in either National or International Registers,

b) whether the document provided is valid and not listed as lost, stolen, revoked, or expired through system checks to the Schengen Information System and INTERPOL

Checks collected BIOMETRICS 3. with Identity Documents Act and Regulations + Internal procedures and regulations and against the Estonian Population Register along with Identity Documents Database

4. Sends deactivated DIGI-ID CARD + PIN1 + PIN2 + SMART READER to the Issuing Authority Service Point

5. Signs CONTRACT with Police and Border Guard Board

6. On passing the Physical Identity Check, activates DIGI-ID CARD + PIN1 + PIN2 + SMART READER

7. Collects DIGI-ID CARD + PIN1 + PIN2 + SMART READER from the Issuing Authority Service Point

* Issuing Authority Service Point is run by the Police and Border Guard Board

** [Adult] Identity document (ID card/ passport/ residence card/ e-resident digi-ID/ certificates of record of service on Estonian ships and seaman’s discharge books/ travel document for refugee/ temporary travel document) + digital colour photo; [Child/ under guardianship] same + ID of legal representative/ document proving right of representation if right of representation is not entered to the Estonian population register

4 Identification mobile-id enrolment

Mobile ID allows users to use their smartphones as a form of secure digital identification in order to access e-services and digitally sign documents. Unlike the Digi-ID, it does not require the use of a card reader. However, it requires a special SIM card obtained from the telecom service provider.

This map showcases the process of signing up for Mobile ID through a smartphone.

POLICE & BORDER Sl. RESIDENT TELECOM SERVICE PROVIDER (TSP) GUARD BOARD ID PORTAL

1. Submits VALID ID + PASSPORT in person to the TSP

2. Signs CONTRACT with the TSP

3. Issues a deactivated MOBILE ID SIM (with private keys) + APP (with authorization and signing capabilities) to the Resident

4. Resident puts MOBILE ID SIM (with private key) + APP (with authorization and signing capabilities) in the Phone

5. To activate MOBILE ID SIM + APP the Resident can choose either one of the two methods

Provides ID DOCUMENTS Enters DIGI ID CARD into to the TSP in person SMART READER using PIN 1 to log into the ID Portal

6. Verfies submitted ID DOCUMENTS against Estonian Population Register & Identity Documents Databases

7. Resident signs MOBILE ID CERTIFICATE APPLICATION after verification of ID DOCS by TSP

8. TSP Ofcial enters the Resident’s PERSONAL IDENTIFICATION CODE into the Information System

9. The Information System sends notification to the TSP Ofcial, upon request by the TSP Ofcial

10. The TSP Ofcial sends UPDATES ABOUT APPLICATION PROCESS to the Resident

11. The TSP Ofcial activates MOBILE ID SIM (with private key) + APP (with authorization and signing capabilities)

12. Activates MOBILE ID SIM with PIN 2 + APP (with authorization and signing capabilities)

5 Identification smart-id enrolment

Smart ID is a free mobile application that allows a user to prove their identity online in the absence of a SIM card on their smart device. It can be used to access financial e-services, confirm transactions and agreements. In addition, Smart ID has been recognised by the European Union as a Qualified Signature Creation Device (QSCD), which means that digital signatures through it must be recognised by every European State.

This map illustrates the process of signing up for a Smart ID through a smartphone or tablet.

Sl. RESIDENT SMART ID PORTAL

1. Downloads a deactivated SMART ID APP on their Phone

2. Uses SMART ID APP to choose one of three options

MOBILE ID DIGI ID Banks*

3. Inserts the MOBILE ID SIM into their phone

4. Follows the instructions provided on the phone as a result

5. Enters their PERSONAL ID CODE on their phone to receive CONFIRMATION SMS which is automatically detected by the MOBILE ID SIM . This activates the SMART ID APP

6. They can now use the SMART ID APP to generate PIN1 and PIN2

7. Creates PIN1 and PIN2 **

8. Logs into SMART ID PORTAL on a computer

9. Asks questions to the RESIDENT

10. Upon answering, the RESIDENT receives SMART ID REGISTRATION CODE (valid for 15 mins) on their Phone

11. Enters the SMART ID REGISTRATION CODE on their Phone

12. Verifies PIN1 and PIN2 on the SMART ID APP , and the app gets activated

* We were unable to find definitve information through remote research about how banks are used in the process of Smart ID enrolment

** PIN1 and PIN2 cannot be changed

6 Authentication digi-id authentication

For authentication and digital signatures a Digi-ID card, a smart card reader, and the PIN1 and PIN 2 contained on the smart card are required. The resident opens the web interface, which asks the resident for their ID card. The ID card is inserted into a smart card reader, following which the resident enters PIN1 into the web interface, which then authenticates the certificate in the ID card. To authenticate digital signatures, the resident opens the web interface which shows the document to be signed. On clicking the option to sign, the web interface requires the resident to insert the ID card into the smart card reader. Once the resident approves the document, the web interface requires them to enter PIN2, following which the resident is able to submit the document.

LOGIN/ AUTHENTICATION DIGITAL SIGNATURE

Sl. RESIDENT WEB INTERFACE Sl. RESIDENT WEB INTERFACE

1. Opens the Web Interface 1. Opens the Web Interface

2. Asks for ID CARD from the Resident 2. Shows the DOCUMENT to be signed

3. Owns DEVICE WITH SMART READER 4. Reads and clicks on Sign and Inserts ID CARD into it

5. Asks for ID CARD from the Resident 4. Asks for PIN 1 from the Resident

6. Owns DEVICE WITH SMART READER 5. Enters PIN 1 on the Web Interface and Inserts ID CARD into it.

6. Authenticates the CERTIFICATE 7. Confirms and approves the contained in the ID CARD CONTENT OF THE DOCUMENT

8. Asks for PIN 2 from the Resident

9. Enters PIN 2 and submits DOCUMENT

7 Authentication digi-id service authentication

QUALIFIED TRUST SERVICE Sl. RESIDENT WEB BROWSER WEBFORM PROVIDER CERTIFICATE AUTHORITY (QTSP CA)

1. Goes to URL of the Web Browser

Inserts ID CARD into SMART READER

2. Reads the AUTHENTICATION CERTIFICATE of ID CARD

Sends CLIENT CERTIFICATE to the Webform

3. Sends SERVERS CERTIFICATE to the Web Browser

4. Sends SERVERS CERTIFICATE to the Resident

5. Enters PIN 1 on the Web Browser

6. Sends AUTHENTICATION (Dynamic in Substantial and High levels) to Webform

7. Gets Certificate Revocation Checks CERTIFICATE STATUS List from QTSP CA from the Online Certificate Status Protocol (OCSP) which is Checks CERTIFICATE stored by the QTSP CA STATUS from the list.

8. Sends OCSP RESPONSE CERTIFICATE STATUS to the Webform

9. Sends FORM to the Web Browser

10. Sends FORM AUTHENTICATION MODE to the Resident

8 Authentication mobile-id authentication

In the Mobile ID authentication process, the resident enters their phone number in the e-service, which sends an authentication request to the Digi Doc Service (DDS), which in turn receives a certificate from the Certificate Authority. The Mobile ID application sends the e-service provider’s name as a hash to the Short Message Service Centre through the DDS, following which the resident enters their private key and is granted access.

SHORT Sl. RESIDENT E-SERVICE DIGI DOC SERVICE (DDS) CERTIFICATE AUTHORITY MESSAGE SERVICE CENTRE

Starts Session by 1. (Entering PHONE NUMBER ) at e-Service

2. Sends AUTHENTICATE/ CREATE SIGNATURE REQUEST to DDS

3. DDS requests CERTIFICATE from Certificate Authority

4. Sends CERTIFICATE to DDS

5. DDS gets CERTIFICATE STATUS from Online Certificate Status Protocol (OCSP)

6. Sets Session at e-Service

7. Checks e-Service provider’s name on MOBILE ID APPLICATION

8. Computes and sends HASH to SMS Centre

9. Sends HASH to Resident

10. Sends PIN 1 (Signed HASH ) to SMS Centre

11. Sends SIGNING RESULT to DDS

12. Sends OPERATION RESPONSE to e-Service

13. Grants Access/ Creates Signature for the Resident

9 Authentication smart id

Authentication through Smart ID requires the resident to enter their ID number, following which the e-service generates and sends them a four-digit code. They enter the code Smart ID app, which sends an authentication response to the e-service.

LOGIN/ AUTHENTICATION

Sl. RESIDENT E-SERVICE

1. Opens the e-Service

2. Asks for EID NUMBER from the Resident

3. Inputs EID NUMBER into the e-Service

4. Generates 4 DIGIT CODE and sends it to the Resident

5. Enters 4 DIGIT CODE into the SMART-ID APPLICATION on the MOBILE PHONE

SMART-ID APPLICATION sends AUTHENTICATION RESPONSE that depends on AUTHENTICATION PROTOCOLS (can be OpenID Connect or SAML 1.1 ) to the e-Service

DIGITAL SIGNATURE

Sl. RESIDENT SENDER* DOCUMENT SERVICE

1. Uploads DOCUMENT to be signed to Session DATA STORAGE (stores temporarily)

Creates REQUEST: {Task(s),DocumentAction(s), Document(s), Subject(s), Notification(s)} with Document Service

2. Sends NOTIFICATION (SMS) to the Resident

3. Opens URL contained in the NOTIFICATION (SMS) which redirects Resident to DOCUMENT PRESENTER

4. DOCUMENT PRESENTER displays DOCUMENT to be signed

5. Resident signs DOCUMENT

6. Service (eg: Bank) asks for ONE TIME CODE + PERSONAL PASSWORD from the Resident

7. Enters ONE TIME CODE + PERSONAL PASSWORD into DOCUMENT PRESENTER

8. Document Service creates a SIGNING RESULT that depends on SIGNING METHODS

SIGNING METHODS can be LTV-SDO or PADES (PDF Advanced Electronic Signature)

9. Checks STATUS of request on GETSTATUS

ONCE COMPLETE

10. Sender download SIGNED DOCUMENT from ARCHIVE SERVICE

* Represents a Service (eg: Bank)

10 X-Road is an interoperability service that links each separate public and private sector e-information system X-Road and enables them to communicate seamlessly with each other without human intervention. All information is held in a distributed data system which can exchange information instantly upon request and be accessed Interoperability 24/7. It can write to multiple information systems, transmit large data sets and perform searches across several information systems simultaneously. All incoming data is authenticated and logged, and all outgoing data is digitally signed and encrypted in order to ensure data security.

Sl. RESIDENT DEPARTMENT A DEPARTMENT A SECURITY SERVER DEPARTMENT B SECURITY SERVER DEPARTMENT B

1. Connects to Citizen Portal

Authenticates using DIGI-ID CARD to avail service from Department A

2. Department A, which is signed up on X-Road, sends DATA QUERY , PURPOSE OF QUERY to its Security Server

3. Department A Security Server makes an entry into TIMELOG

Creates an ENCRYPTED DATA QUERY , PURPOSE OF QUERY , and adds TIMESTAMP and DIGITAL SIGNATURE to it

4. Sends ENCRYPTED DATA QUERY , PURPOSE OF QUERY to Security Server of Department B

5. Department B Security Server decrypts to create DATA QUERY , PURPOSE OF QUERY and sends it to Department B

6. Department B, which is also signed up on X-Road, checks DATA QUERY , PURPOSE OF QUERY against the Rules of Information Sharing established by the Estonia Information Authority

After verification, Department B sends DATA IN RESPONSE TO QUERY back to its Security Server

7. Department B Security Server makes an entry into TIMELOG

Creates an ENCRYPTED DATA IN RESPONSE TO QUERY , and adds TIMESTAMP and DIGITAL SIGNATURE to it

Sends ENCRYPTED DATA IN RESPONSE TO QUERY to Security Server of Department A

8. Department A Security Server decrypts to create DATA IN RESPONSE TO QUERY and sends it to Department A

9. Department A processes the service request based on DATA fetched in realtime and returns the response to the resident

11 Systems Maps / Sectoral Uses

As part of the systems thinking approach, sectoral use cases have been mapped to understand how the digital identity system in Estonia has been conceptualised and implemented. Studying these sectors allows a closer ID Artifacts look at the various purposes of the digital identity, and how the residents, being Used and state and private actors interact with it. The ERAF technique of systems mapping has been used for these maps to give a holistic view of the system and connections within it. It is an analytical tool rather than a Data representational tool. The ERAF model helps to place the various constituents involved in the system and divides them into entities, relationships, attributes, and flows. This technique of mapping reveals missing connections Entities and flows in a system, and leads to the identification of specific leverage points where a small shift can produce a big impact on the system.

DATA FLOW In the ERAF model, entities are the key components. These could be individuals, institutions, laws, places, etc. Relationships describe the way in which different entities are connected to each other. Attributes are characteristics that describe the entities. RELATIONSHIPS These could be duration, dimensions, costs, etc. The Flows show the direction of action between entities. This includes transaction of data and resources. Data and its flow within the system, and digital identity artifacts have been highlighted in these maps.

12 The agriculture sector in Estonia allows users to access a range of information, aid, and Agriculture support through a unified portal of Agricultural Registries using their digital IDs. They can also access real time information about land, its owners, and associated rights, to allow potential buyers consolidated access to information about any land in Estonia.

TREAT Subsidies Licensed Livestock Veterinarians and Services

TO REGISTER TO ACCESS REGISTERS & EXERCISES REGULATORY CONTROL OVER

Estonian Agricultural TO Data for scrutinization Registers and Information of application National Register MANAGES of Veterinarians Board

MANAGES INCLUDES Estonian Land Board Estonian Veterinary Physical Ofce e-PRIA Portal and Food Board GIVE E-Land Register AT AT AT INCLUDES Application + eID ID Card + Card Reader, ID Card + Card Reader, or Mobile ID or Mobile ID National Register of Option 1a AUTHENTICATE or or Food and Feed USING Bank Portal Username + THROUGH Bank Portal Username + Business Operators Password, or Smart ID Password, or Smart ID

Option 1b AUTHENTICATE AUTHENTICATE Bank Portal USING USING RESIDENT GIVE TRACK AUTHENTICATE USING

Username + Password, or ID Card, or Mobile ID TO Information about soil quality, plant types, etc. TO ENTER

OF Data about livestock OWNS Information about soil Land quality, plant types, etc. INTO

Web Application

MANAGES Estonian Livestock Performance Recording Ltd

13 The Estonian education sector introduced the use of digital IDs to improve efficiency Education in learning and teaching, effectively monitor the education system, and to provide one consolidated point to access digital learning materials. Digital ID holders can easily communicate with students, teachers, and parents; access basic, general, and vocational education learning materials; and access detailed information about education institutions, students, teachers, curricula, etc.

TO ACCESS

Estonian Education Information System Database

CONTAINS

GENERATES Individual-level Information Institution-level Information

CAN SUPPLY ABOUT ABOUT Statistics, e-Kool Platform archives, ABOUT CAN etc. ACCESS Education Institutions

MONITOR

TO ACCESS TO ACCESS AUTHENTICATE USING e-Kool Username + RESIDENT Password, e-ID, MobileID, HarID, SmartID, BankID Timetables, home assignments, grades, e-Schoolbag study resources AUTHENTICATE e-Kool Username + USING Password, e-ID, MobileID, HarID, Personal Code + Password TO ACCESS ID Card, Mobile ID, HAS Bank Link, E-ID of any EU USE UPLOAD USING country if EU resident CONTAINS LEAVE COMMENTS/ FEEDBACK ON THROUGH

CREATE State Portal Parents Digital Learning Materials Teachers

COMMUNICATE WITH EACH OTHER

14 The Financial and Banking sector in Estonia embraced the use of digital ID with the Finance intent of improving the ease of doing business in Estonia — customers can open bank accounts, access services, conduct transactions, and affix their digital signatures using only their digital ID.

Payments and Services

NEEDED FOR

MANAGED BY TO LOG INTO Bank Bank Account Proof of Online Identification

MANAGED BY TO OPEN Bank Account Physical Ofce e-Residency Card or ID Card/ Digi ID FOR

AUTHENTICATE TO OPEN AUTHENTICATE USING USES USING e-Residency Card or ID Card/ Any ID Digi ID or Mobile ID RESIDENT ID Card/ Digi ID PIN 1 or e-Residency Card or ID Card/ Mobile ID App + PIN 1 or Digi ID PIN 2 or Mobile ID App + Smart ID App PIN 1 USES USES PIN 2 or Smart ID App PIN 2 USES

ID Card/ Digi ID FOR FOR CONSISTS OF

Smart Reader Customer Digital Signature Authentication in Transactions TO AUTHENTICATE Smart ID App Mobile ID

CONSISTS OF

Mobile SIM Card

15 The Estonian E-Health framework was envisaged as a means to overcome fragmented Healthcare communication flows between healthcare service providers, to streamline services, and to improve coordination of care. It primarily consists of a system of mandatory uploading of electronic patient health records, with secure access to healthcare providers, and the creation of e-prescriptions for easy and monitored dispensation of medicines.

Health Services Organization Act

DICTATES

SIGN WITH Contract Estonian e-Health Foundation USING Medicines e-Prescriptions OVERSEES Hospital DISPENSE Central Prescription

INFORM Centre WORK AT Pharmacy CONTAINS Interoperability, Integrated WRITE data, No data overlaps Ambulances ADD TO/ UPDATE Healthcare Providers Estonian Health ACCESS Information System TO ACCESS CONTAINS Patient Care MAKE TO ACCESS Summaries LINKED TO REFERRALS MOTHER’S eID TO USING USES ACCESS eID Electronic Planning and Health Records Research Personal AUTHENTICATE Identification Code CAN USING Agencies BLOCK X-Road Interoperability Platform STORED IN Anonymized, AUTHENTICATE individual-level data USING LINKED TO Personal Health RESIDENT* Information ACCESS USING USES AUTHENTICATE Read only versions USING UPDATES TO ACCESS LISTED IN Mobile ID Online Portal SHARE AGGREGATE ASSIGNED INCLUDE DATA FOR TO

REGISTERED WITH

Population Personal Registry Health Insurance Information Board RECORDS

TO Automatically Reports on inputs and ADDED TO SHARE AGGREGATE services provided Birth Registration New borns DATA FOR ADDED Quarterly and annual THROUGH

* Resident can apply to EHIS, or individual healthcare provider to opt out of making their information accessible.

16 The use of digital ID in the Estonian welfare sector was included with the Welfare intent of allowing residents easy access to welfare services and aid — digital identity holders can submit online applications to different welfare schemes through State Schemes portals, without ever having to visit physical offices or produce physical documents.

Unemployment Insurance Fund

MANAGES

TO Electronic Application e-Portal for registration as an unemployed person

TO ACCESS

FOR eID Number + Smart-ID Application + PIN 2 or eID Card eID Card + PIN 1 or Mobile ID Unemployment Insurance Digital + PIN 2 or Mobile ID Application/ Application/ SMS + PIN 1 Benefit/Unemployment Signature SMS + PIN 2 Allowance Claim form AUTHENTICATE AUTHENTICATE USING SUBMITS USING RESIDENT

State Portal SUBMITS SUBMITS

Application for Social benefits Application for family for PWDs + Application for benefits, pension, Social MANAGES Option 2d determination of disability Rehabilitation Service THROUGH

Option 2a Option 1a IN PERSON TO IN PERSON TO Republic of Estonia Customer Information System Service Ofce Option 2b Option 1b Authority BY MAIL TO BY MAIL TO Regional Customer Service Ofce Option 2c Option 1c BY EMAIL TO BY EMAIL TO Digitally NEEDED FOR signed email

MANAGES

Estonian Social Insurance Board

17 Stakeholders

Estonian E-Health Foundation Population Registry Estonian Agricultural Registers The Estonian E-Health Foundation is in charge The Population Registry is a State database that and Information Board of implementing e-health activities in Estonia, contains basic information about all Estonian The Estonian Agricultural Registers and including the management of E-health registries residents, including their name, ID code, date of Information Board maintains agricultural and the publishing of standards of healthcare. It birth, nationality, etc. It is connected by X road to registries and other related databases, and was established by the Ministry of Social Affairs, several other databases and services, and allows processes the collected data. It is also in charge and comprises members from major Estonian access to entities performing public duties, or for of awarding various agricultural and rural hospitals, the Ministry of Social Affairs, the Tartu legitimate purposes. development grants. University Hospital Foundation, the Estonian Hospital Association, the Union of Estonian Unemployment Insurance Fund ePRIA Portal Emergency Medical Services, and the Estonian The Unemployment Insurance Fund portal allows e-PRIA is the client portal of the Agricultural Society of Family Doctors. Estonian ID holders to register as unemployed, Registers and Information Board, through which and therefore access services such as job ID holders can submit documents to ARIB and Estonian Health Information System opportunities, or receive unemployment insurance check their details in ARIB’s registers. It can The Estonian Health Information System is an or allowance. also be used by ID holders to apply for a range of integrated platform that contains Electronic Health support. Records uploaded by healthcare service providers, Estonian Information System Authority along with booking services, e-prescription The Estonian Information System Authority Estonian Land Board services, and statistics and ambulance modules. develops and manages the State’s information The Estonian Land Board is a government system, is in charge of information security, and body functioning under the Ministry of the Central Prescription Centre handles the security incidents that have occurred Environment, that manages all land related The Prescription Centre is a centralised database in Estonian computer networks. It also monitors information and is tasked particularly with linked to the Health Information System, with the the information systems of providers of public ensuring more efficient management and use necessary services that provides access for doctors services. of land, organising geodetic and cartographic and pharmacies. It collects all e-prescriptions activities, establishing the land cadastre, issued by physicians, and can be accessed by Estonian Social Insurance Board organising land assessment and supervising the pharmacists anywhere in Estonia to dispense The Estonian Social Insurance Board manages the enforcement of land tax, issuing licences for land required medicines. social benefits available to Estonian residents, and readjustment activities, etc. handles applications and requests for parental benefits, maternity benefits, child allowances, pensions, etc.

18 Stakeholders

E-Land Register National Register of Food Estonian Education Information System The E-land register is a web application that and Feed Business Operators The Estonian Education Information System contains information on all ownership relations The National Register of Food and Feed Business is a State database that contains details about and rights for properties/land parcels in Estonia. Operators, maintained by the Veterinary and Food education institutions, students, teachers and It ensures total transparency by delivering Board, processes data concerning the food and lecturers, graduation documents, study materials real time geographical data, showing property feed business operators that hold the required and curricula. It is also intended as a tool to boundaries and registered owners, displaying all activity licence to maintain records and ensure monitor the education system to ensure it prepares encumbrances/restrictions, and providing all other efficient official control. residents for the labour market of the future. information that potential buyers need. Estonian Livestock Performance Recording Ltd Police and Border Guard Board National Register of Veterinarians The Estonian Livestock Performance Recording The Police and Border Guard Board functions The National Register of Veterinarians is Ltd is tasked with improving the efficiency of under the Ministry of Interior, and is responsible established by the Veterinary Activities animal husbandry, primarily by recording the for law enforcement and homeland security in Organisation Act, and contains information about performance of dairy cattle, beef animals, pigs Estonia. It is also the issuing and supervisory veterinarians holding the required qualifications, and goats, and performing genetic evaluation of authority for the Digital ID cards in Estonia. the veterinary supervision and veterinary checks livestock and independent testing of the quality of of veterinary practice, and the data required for raw milk. Citizen Portal producing statistics enabling the organisation The Estonian citizen portal allows ID holders to of veterinary activities. It is managed by the E-Kool Platform access all government information and e-services Veterinary and Food Board. E-Kool is a school management network (web from one unified gateway, through their digital application) that connects pupils, parents, schools ID. It also allows access to their own personal Estonian Veterinary and Food Board and supervisory authorities, and allows the information as well as information regarding the The Estonian Veterinary and Food Board, exchange of information about time tables, grades, entities that have accessed their data. functioning under the Ministry of Agriculture, homework assignments and other similar features. is a supervisory body that executes legislations Smart ID Application governing veterinary, food safety, market E-Schoolbag The Smart ID Application is a mobile application that regulation, animal welfare, and farm animal E-Schoolbag, developed by the Ministry of provides digital identification services without the breeding. It aims to ensure the production of safe, Education and Research, is a portal for digital need of a special SIM card. It involves the registration healthy and quality raw materials for food, protect learning materials containing materials for basic, of an account and the creation of PINs people and animals from infectious diseases, general and vocational education, arranged by to authenticate the users’ identity and to create and to ensure productivity of farm animals and keywords on the basis of the curriculum. digital signatures. increase their genetic value.

19 Bibliography

Identification 9. Police and Border Guard Board. “Estonian eID 7. Police and Border Guard Board. “Estonian eID scheme: Mobiil-ID: Technical specifications scheme: Mobiil-ID: Technical specifications and procedures for assurance level high for and procedures for assurance level high for 1. Andre Martin and Ivan Martinovic. “Security and Privacy electronic identification.” (2018) https://ec.europa. electronic identification.” (2018) https://ec.europa. Impacts of a Unique Personal Identifier.” Working Paper eu/cefdigital/wiki/download/attachments/62885749/ eu/cefdigital/wiki/download/attachments/62885749/ Series – No. 4 (2016). https://www.politics.ox.ac.uk/materials/ EE%20eID%20LoA%20mapping%20-%20Mobiil-ID. EE%20eID%20LoA%20mapping%20-%20Mobiil-ID. publications/14987/workingpaperno4martinmartinovic.pdf. pdf?version=1&modificationDate=1531759816924&api=v2. pdf?version=1&modificationDate=1531759816924&api=v2. 2. “Home: Estonian Information System Authority”, 10. “How to apply for Mobiil-ID?”, ID, last accessed October 30, Information System Authority, last accessed October 30, 2019. https://www.id.ee/index.php?id=36913. 2019. https://www.ria.ee/en.html. X-Road Interoperability 3. “ID -card”, Politsei- ja Piirivalveamet, last accessed October 30, 2019. https://www2.politsei.ee/en/teenused/isikut-toendavad- Authentication 1. World Bank Group, “Privacy by Design: Current Practices in dokumendid/id-kaart/. Estonia, India, and Austria,” (2016), last accessed December 9, 2019, https://id4d.worldbank.org/sites/id4d.worldbank.org/files/ 4. “Digi-ID”, Politsei- ja Piirivalveamet, last accessed October 1. “ID-card”, E-Identity, last accessed October 30, 2019. https://e- PrivacyByDesign_112918web.pdf. 30, 2019. https://www2.politsei.ee/en/teenused/isikut-toendavad- estonia.com/solutions/e-identity/id-card. dokumendid/digi-id/. P. Herlihy, “Government as a data model: what I learned 2. “Mobile-ID”, E-Identity, last accessed October 30, 2019. 2. 5. “Mobiil-ID”, Politsei- ja Piirivalveamet, last accessed October https://e-estonia.com/solutions/e-identity/mobile-id/. in Estonia,” Government Digital Service blog (UK), last 30, 2019. https://www2.politsei.ee/en/teenused/isikut-toendavad- accessed December 9, 2019, https://gds.blog.gov.uk/2013/10/31/ dokumendid/mobiil-id/. 3. “Smart-ID”, E-Identity, last accessed October 30, 2019. https:// government-as-a-data-model-what-i-learned-inestonia/. 6. “Application for e-resident’s digital identity card”, Politsei- ja e-estonia.com/solutions/e-identity/smart-id. Piirivalveamet, last accessed October 30, 2019. https://www2. 3. Uuno Vallner, “Secure data exchange platform. Principles politsei.ee/en/teenused/isikut-toendavad-dokumendid/e-residendi- 4. “E-Residency”, E-Identity, last accessed October 30, 2019. and implementation. X-Road,” e-Governance Academy, last digi-id/. https://e-estonia.com/solutions/e-identity/e-residency/. accessed December 9, 2019, https://scoop4c.eu/sites/default/ files/2018-03/Overview-of-Secure%20Data-Exchange-X-Road-6.pdf. Police and Border Guard Board. “Estonian eID scheme: ID 7. 5. Police and Border Guard Board. “Estonian eID scheme: ID card: Technical specifications and procedures for assurance card: Technical specifications and procedures for assurance level high for electronic identification” (2018) https:// level high for electronic identification” (2018) https:// ec.europa.eu/cefdigital/wiki/download/attachments/62885749/ ec.europa.eu/cefdigital/wiki/download/attachments/62885749/ EE%20eID%20LoA%20mapping%20-%20ID%20card.pdf. EE%20eID%20LoA%20mapping%20-%20ID%20card.pdf.

8. Police and Border Guard Board. “Estonian eID scheme: Digi- Police and Border Guard Board. “Estonian eID scheme: Digi- ID: Technical specifications and procedures for assurance 6. ID: Technical specifications and procedures for assurance level high for electronic identification.” (2018) https:// level high for electronic identification” (2018) https:// ec.europa.eu/cefdigital/wiki/download/attachments/62885749/ ec.europa.eu/cefdigital/wiki/download/attachments/62885749/ EE%20eID%20LoA%20mapping%20-%20Digi-ID. EE%20eID%20LoA%20mapping%20-%20Digi-ID. pdf?version=1&modificationDate=1531759815275&api=v2.

20 Bibliography

Sectors

AGRICULTURE FINANCE WELFARE

1. Ene Karner. “The Future of Agriculture is Digital: 1. “Business and finance”, e-estonia, last accessed October 28, 1. European Commission. Your Social Security Rights in Showcasting -Estonia” Frontiers in Veterinary Science 2019. https://e-estonia.com/solutions/business-and-finance/e- Estonia. July 2013. Last accessed October 28, 2019, https:// (September 21, 2017) https://www.frontiersin.org/ banking. ec.europa.eu/employment_social/empl_portal/SSRinEU/Your%20 articles/10.3389/fvets.2017.00151/full. social%20security%20rights%20in%20Estonia_en.pdf. 2. “Banking and Financing”, invest in estonia, last accessed 2. World Bank Group. “The Role of Digital Identification in October 28, 2019. https://investinestonia.com/business-in- 2. “Online Services”, Republic of Estonia Social Insurance Agriculture: Emerging Applications.” (2018) http://documents. estonia/financing/banks. Board, last accessed October 28, 2019. https://www. worldbank.org/curated/en/655951545382527665/pdf/Digital-ID- sotsiaalkindlustusamet.ee/en/online-services. Agriculture-Web12192018.pdf. 3. “Social Rehabilitation”, Republic of Estonia Social Insurance 3. Uuno Valner et al. “State of play report of best practices” Board, last accessed October 28, 2019. https://www. HEALTHCARE Stakeholder Community for Once-Only Principle Version 1, sotsiaalkindlustusamet.ee/et/puue-ja-hoolekanne/sotsiaalne- (August 10, 2017) https://scoop4c.eu/sites/default/files/2018-01/ rehabilitatsioon#Sotsiaalne%20rehabilitatsioon. 1. Developing an Integrated e-health system in Estonia: Case SCOOP4C_D1.2_0.pdf. Profile https://www.integratedcare4people.org/media/files/ 4. Establishment of Register of Farm Animals Regulation RT I CaseProfileEstonia.pdf. 2008, 33, 205, 2008, https://www.riigiteataja.ee/akt/13000254. 2. World Bank Group. “The Role of Digital Identification for Healthcare: Emerging Use Cases” (2018) http://documents. worldbank.org/curated/en/595741519657604541/The-Role-of- EDUCATION Digital-Identification-for-Healthcare-The-Emerging-Use-Cases. pdf. 1. “Education and Science”, Services, Eesti.ee. last accessed October 28, 2019, https://www.eesti.ee/eng/services/citizen/ 3. Kristjan Vassil. “Estonian e-Government Ecosystem: haridus_ja_teadus/isikukaart_eesti_ee_portaali. Foundation, Applications, Outcomes” World Development Report (2016) http://pubdocs.worldbank.org/ 2. “Education”, e-estonia, last accessed October 28, 2019, en/165711456838073531/WDR16-BP-Estonian-eGov-ecosystem- https://e-estonia.com/solutions/education/estonian-education- Vassil.pdf. information-system/. 4. “Healthcare”, e-estonia, last accessed October 28, 2019, 3. “eKoolikott”, last accessed October 28, 2019 https://e-estonia.com/solutions/healthcare/e-health-record/. https://e-koolikott.ee/. 5. Jaan Priisalu, Rain Ottis. “Personal Control of Privacy and 4. Birgit Lao-Peetersoo, “Introduction of Estonian Education Data: Estonian Experience Health and Technology” Health Information System (EHIS)” (June 30, 2014) http://www.oecd. and Technology (December 2017) pp 441-451 https://link. org/education/ceri/Birgit%20Lao-Peetersoo_Introduction%20 springer.com/article/10.1007/s12553-017-0195-1. to%20the%20Estonian%20Education%20Information%20 System%20EHIS.pdf.

21