Docd7a7

[ eGovernment in Estonia ]

Government backbone network EEBone, the administration system of the State information system (RIHA) and the electronic document exchange centre (DEC).

Government Departments and Agencies

Government Departments and Agencies are responsible for the implementation of the departmental eGovernment projects falling within their respective fields of competence.

Support

Estonian Informatics Centre (RIA)

RIA develops, implements and operates the main components of Estonia’s national eGovernment infrastructure, including the State portal www.eesti.ee, the middleware system X-Road, the Government backbone network EEBone, the administration system of the State information system (RIHA) and the electronic document exchange centre (DEC).

CERT Estonia

CERT Estonia (Computer Emergency Response Team) was officially presented in May 2006. A special unit of the Estonian Informatics Centre, it deals with security incidents that occur on Estonian networks, carries out preventive actions and contributes to awarenessraising on Internet security.

Audit/Assurance

National Audit Office

The role of the National Audit Office (Riigikontroll) is to promote reforms while supporting public bodies in their efforts to create, through their activities and services, best value for the taxpayers. In order to do so, the National Audit Office assesses the performance (economy, efficiency and effectiveness) and regularity of the activities of Public Administrations, and provides recommendations to help the Parliament and the Government to improve the operation of the State.

November 2009

Data Protection

Data Protection Inspectorate (DPI)

The Data Protection Inspectorate is an independent Agency placed under the authority of the Ministry of Justice (it was formerly placed under the authority of the Ministry of Internal Affairs).The DPI supervises the legality of the processing of personal data and databases, as well as the organisation of data protection activities.

Others

AS Sertifitseerimiskeskus

AS Sertifitseerimiskeskus (SK) is the Certification Authority (CA) providing certificates for the Estonian electronic ID card and related services pertaining to the use of these certificates while giving legallybinding digital signatures.

The company's mission is to ensure the reliability and integrity of the electronic infrastructure underpinning the Estonian eID Card project, and to offer reliable certification and time-stamping services. It also functions as a competence centre for the eID Card and spreads the knowledge necessary for creating electronic applications for the card.

To this end, AS Sertifitseerimiskeskus has created DigiDoc, a universal system for giving, processing and verifying digital signatures. DigiDoc can be connected to any existing or new software, but its components are also a stand-alone client program and web portal.

Estonian Association of Information Technology

and Telecommunications (ITL)

The ITL is a non-profit organisation whose primary objectives consist in: uniting the Estonian information technology and telecommunications companies and educational institutions; promoting their co-operation towards the development of Information Society in Estonia; representing and protecting the interests of its member companies while expressing their common positions. Main activities of the association include the popularisation of ICT, the promotion of vocational education and the amendment of legislation. The ITL also actively takes part in the preparation of State policy documents such as the ‘Estonian Information Society Strategy 2013’.

[19]

November 2009

Estonian Information Technology Foundation (EITF)

EITF is a non-profit organisation founded by the Estonian Republic, Tartu University, Tallinn Technical University, Eesti Telekom and the Association of Estonian Information Technology and Telecommunications Companies. Its aims are to assist in the preparation of the highly qualified IT specialists and to support information and communication technology-related developments in Estonia. For these purposes, the Foundation established and manages the Estonian IT College and administers ’Tiger University’, the National Support Programme for ICT in Higher Education.

eGovernance Academy

The eGovernance Academy is a regional learning centre set up by the Republic of Estonia, the United Nations Development Program (UNDP) and the Information Program of the Open Society Institute (OSI). The centre, which is a non-governmental, nonprofit organisation, aims to promote the use of ICT in the work of Governments and in democratic practices. The centre provides training in eGovernance and eDemocracy, serves as a platform for the exchange of experience and conducts related research. The primary target audience includes civil servants, policy makers and representatives of civil society of the countries of Central Europe, the Caucasus, Central Asia and the Balkans.

[20]

[ eGovernment in Estonia ]

Regional & Local eGovernment............

Policy/Strategy

Ministry of Internal Affairs

The Ministry of Internal Affairs has prepared a ‘Municipalities Information Society Programme’ for the period 2008-2011 and an Action Plan for the years 2008-2009.

Others

Association of Estonian Cities

The Association of Estonian Cities is a voluntary union established for representing the common interests and arranging co-operation among cities and rural municipalities. The Association’s main goal is to ensure the development of Local Governments through joint activities.

Association of Municipalities of Estonia

This Association gathers the majority of Estonian rural municipalities within the 15 Estonian counties.

Portal.................................................

www.eesti.ee

Estonia’s eGovernment portal was first launched in March 2003 on the basis of the eCitizen project which was initiated in 2002. Since then, the portal has been constantly renewed. In the last quarter of 2007, a new version of the portal merged the former ‘State Information portal’ together with the ‘Citizen portal’, so as to create a single integrated service.

The new portal coordinates the information provided and the services offered by various State institutions. It features a safe Internet environment for communication with the State and offers reliable information and eSolutions for citizens, entrepreneurs and officials respectively. The access to relevant information and eServices on the portal indeed depends on whether the user is a citizen, entrepreneur or State official.

The State portal’s environment allows users authenticated with their national eID card to: access and check their personal details; perform transactions with municipal and Government bodies; complete and convey online forms and applications; sign documents digitally; create email addresses with the suffix @eesti.ee; and receive email or SMS notifications. In addition, it gives access to other registry services (e.g. the Forest Registry) on more than 20 national databases.

Based on the data held in the State Commercial Register, entrepreneurs using the portal can access transactional services for businesses.

The services offered through the portal are closely integrated with the infrastructure of the data exchange layer X-Road (see below).

Network.............................................

EEBone

EEBone (PeaTee in Estonian) is the broadband network of data communication among Government institutions. A Government-wide backbone network, it connects all Government offices across the country and provides secure access to the Internet and the Government's Intranet. It is worth noting that all State and Local Government bodies have the right, though not the obligation, to use it.

The network was launched in October 1998, and its development was based on the backbone network ASONet elaborated by the Border Guard Administration, the Customs Board and the Police Board in 1993.

The use of the backbone network is financed centrally from the State budget, and its use is free-of-charge for subscribed clients. Clients only have to pay to access the backbone network and to determine the access connection service themselves. Currently, there are more than 21 000 computers connected to the EEBone network and over 1 300 governmental and local institutions are using it.

eIdentification/eAuthentication............

Electronic ID card

Estonia started issuing national ID cards in January 2002. The card, which fulfils the requirements of Estonia’s Digital Signatures Act, is mandatory for all Estonian citizens and residing foreigners over 15 years of age.

It is meant to be the primary document for identifying citizens and residents. Its functions are to be used in any form of business – governmental or private communications. It is furthermore a valid travel document within the EU. Issued by the

Citizenship and Migration Board, the card has become valid for 5 years since 1 January 2007 (instead of 10 years previously).

In addition to being a physical identification document, the card has advanced electronic functions facilitating secure authentication and providing legally binding digital signature for public and private online services.

An electronic processor chip contains a personal data file, a certificate for authentication (along with a permanent email address Forename.Surname @eesti.ee for eCommunications with the public sector), a certificate for digital signature, and their associated private keys, protected with PIN codes. The certificates contain only the holder's name and personal code (national ID code). The data file is valid for as long as the identity card, and so are the certificates, which thus have to be renewed every five years. The number of Estonian eID cards issued since their launch passed the 1 million threshold in October 2006.

In October 2007, The Estonian Informatics Centre (RIA) has launched a tender for the development of the basic software for the ID card and digital signature. As a result, the existing software will be updated and the official ID card basic software will be ensured for less common operation systems and web browsers, and the software will be included in the installation package for most widespread Linux versions.

Common Digital Signature System

Estonia has implemented and released for free use a common digital signature system for the creation and verification of digitally signed files. The system consists of several libraries and end-user tools which all share a common format of digitally signed file. The framework creates digitally signed files with the highest security requirements and provides for long time-validity.

These important steps have enabled inter-agency and cross-sector exchange and recognition of digital signatures. The background and principles of the common digital signature system cover: time-stamping and Online Certificate Status Protocol (OCSP); long-

[24]

time validity of Digital Signature; document format and DigiDoc, a universal system for giving, processing and verifying digital signatures.

As a result, digital signature inside Estonia is totally interoperable, not just in the public sector. The system follows the most advanced international standards (XAdES) in the area of advanced electronic XML-signatures.

Estonia has been trying to play a proactive role towards the interoperability of electronic signatures in the EU, by proposing the ‘Universal Electronic Signature’ (http://www.openxades.org/ues/) concept, launching www.openxades.org and signing a Memorendum of Understanding with Finland in 2003. Due to the slow international uptake in the deployment/usage of the eID, particularly in field of eSignatures, these initiatives have not been widely followed.

Mobile-ID

Mobile-ID is a development of the traditional eID cardbased authentication and digital signing; the SIM card of one’s mobile phone has become an identity document just like the eID card. Similarly to the eID card, the mobile-ID enables authentication and digital signing of documents. The user’s certificates are maintained on the telecom operator’s SIM card. In order to use them, the user has to enter a PIN code.

The new mobile-ID service (wireless PKI) was launched in May 2007 by mobile operator EMT, in cooperation with several banks and the Certification Authority AS Sertifitseerimiskeskus. This service allows accessing Internet banking services without entering eBanking codes. In order to authenticate oneself securely with the mobile-ID, the user will click on a dedicated button in the web environment. Upon completion of this action, he/she will be requested to enter his authentication PIN number. Once this operation has been completed, authentication is performed. The same process applies to the signing of digital documents.

Digital signing with the mobile-ID has the same legal value as that of the eID card. When using the mobile-ID, no separate eID card and card reader are

needed, as the phone itself already performs both functions.

The main advantages of the mobile-ID include userfriendliness and convenience; the computer no longer needs to be equipped with a card reader or have special additional software installed in it. One of the objectives of the Computer Protection 2009 initiative is to reach the threshold of 200 000 people using the mobile-ID for authentication and digital signing by 2009.

ePassport

In order to comply with the EU regulation 2252/2004/EC on standards for security features and biometrics in passports and travel documents issued by Member States, the systems of the Estonian Citizenship and Migration Board (CMB) have undergone considerable changes that have been implemented step-by-step.

The first biometric passports were planned to be delivered as of May 2008. According to the plans, only the person’s face picture would be digitised in the passport at first, and a fingertip would be added at a later implementation stage.

Changes in the organisation of work and supporting systems of the CMB are planned to occur at both customer service and document issuance systems’ levels.

eProcurement.....................................

Public Procurement State Register

Established in 2001 and maintained by the Public Procurement Office, the Public Procurement State Register is an eTenders portal where all public procurement notices are published electronically. The register is using CPV standards in the catalogue, and all the information in the register is publicly accessible over the Internet, free-of-charge.

Until recently, Estonia has had no eProcurement experience beyond eTendering. But the new Public Procurement Act which came into force in May 2007 includes legal provisions enabling the further

development of eProcurement (eAuctions, Dynamic Purchasing System, eCatalogues etc.). This move is intended to give better opportunities for taking forward a fully electronic Procurement tendering process.

Furthermore, the Estonian Government Programme set that by 2010 the submission of tenders should be made electronically only. Thus, the Estonian Government shows political will and support towards eProcurement.

Other Infrastructure............................

X-Road Middleware

Launched in December 2001, the X-Road (X-Tee in Estonian) is a middle-tier data exchange layer enabling Government databases to communicate with each other. It was initially developed as an environment facilitating the formulation of queries to different databases in a standardised way. The system allows officials, as well as legal and natural persons to search data from national databases over the Internet within the limits of their authority, using a unified user interface.

In addition, the system has been further developed to enable the creation of eServices capable of simultaneously using data held in different databases. Several extensions have thus been developed for the X-Road system. These include: writing operations to databases, transmitting huge data sets between information systems, performing successive search operations of data in different data sheets, providing services via web portals, etc. As a result, X-Road is one of the cornerstones of the Estonian State Information system.

In September 2006, X-Road comprised 67 databases providing services, 687 different services and 392 services users (institutions and companies). The hundreds of services provided by the information systems of different institutions work over the X-Road 24 hours, seven days a week. In addition, all Estonian residents with the national ID card or a contract for the use of Internet banking codes can make use of its enquiry services aimed at citizens.

[25]

Due to the constant development of technology and the ever-increasing number of its users, a new set of X-Road rules was elaborated. They establish new and more up-to-date software requirements; new security requirements conforming to the standard security system for information systems (ISKE), more detailed specifications for many technological (making back-up copies) and organisational operations, etc.

The development of several gateways has also been planned in order to support information exchange between the X-Road and the EU information systems.

Administration System of the State information system (RIHA)

The objective of RIHA is to ensure the interoperability of public sector information systems and the re-use of technical, organisational and semantic resources, so as to give a clear view of the State registers and of the services provided by them.

The creation and maintenance of Government databases is governed by the Public Information Act of 2007 which establishes an Administration System for State information systems (RIHA), where all the databases and information systems must be registered.

RIHA includes metadata about existing public sector databases – ranging from the information on the administrators of the databases to the eServices offered and the technical data concerning the environment/platform. Registration in RIHA is webbased; the user is authenticated and permissions are given by using the national electronic ID Card.

In the same web-based environment, requests to other information systems can be made in order to launch a new X-road based service. RIHA additionally administers two supporting systems of State registers; the system of classificators and the address data system. The system of integrated registers enables to apply new principles of administrative arrangements: citizen-orientation, flexibility, swiftness, as well as cost and time effectiveness for both the citizen and the State.

[26]

RIHA was expected to fully begin operations by the end of 2007. Once ready, it will be used to administer the X-Road and serve as a tool enabling the performance of the following activities: to obtain information about existing services, as well as those under development; to apply for the right to use a service; to propose the creation of a new service; to use data services; to administer in-house access rights; to ensure legitimate use of data services.

The Electronic Document Exchange Centre (DEC)

In 2006, the Estonian Informatics Centre procured and implemented a Document Exchange Centre (DEC), which enables secure XML-based automatic data exchange among electronic records management systems (ERMS) over the X-Road (documents are messages with described semantics and structure).

The DEC is a common central information system for different ERMS and applications for handling the documents of State portals. The objectives of the DEC are the following: interfacing dispersed information systems through the secure data exchange layer X-Road; short-term preservation of documents and, in the future, providing services that will support the proceeding of documents; long-term preservation and backup of documents.

Using the DEC as a central asynchronous buffering component on the distributed X-Road infrastructure is justified by both the needs to simplify the joining of ERMS with the State document exchange infrastructure and to ensure the reliability of document exchange. The functionality of the DEC is independent of the document format and does not impose any document type restrictions.

The DEC offers several advantages. In order to launch an electronic document exchange, an Agency needs to have electronic documents and records management software (ERMS) which is interfaced to DEC, and to join the DEC – the environment’s services must be opened for it. Furthermore, records management systems willing to join the DEC only need to be able to make X-Road queries, without having to be able to respond to them. At the same time, the DEC (as a database) must be able to respond to X- Road queries, but does not have to transmit them to

many different systems. Lastly, the DEC, as a central high availability information system, acts as an asynchronous buffer, ensuring the possibility to preserve a document (when the document management system of the receiving Agency is not available) and to accept the document at a time suitable for the receiver.

In October 2007, the document type “letter” had already been described. In the longer perspective, the use of the DEC will be extended, so as to include other types of documents (e.g. financial documents, such as invoices). In addition, the evolution of the DEC towards an infrastructure for the transmission of messages with described semantics can be foreseen. The DEC will allow for the gradual implementation of paperless document exchange in the public sector, regardless of the ERMS used in specific Agencies. Such a document exchange will ensure the integrity of transmitted digital documents and create preconditions for their long-term preservation.

Health Information System

The Health Information System project, coordinated by the Ministry of Social Affairs and supported by the European Union Structural Funds, is currently being tested in Estonia. The project consists of four subprojects: Electronic Health Record (EHR), Digital Imaging, Digital Prescription and Digital Registration.

The ‘Health Services Organization Act and Associated Acts Amendment Act’ passed in the Estonian Parliament on 20 December 2007 provides that as of 1 September 2008, health care service providers are obliged to forward medical data to the Health

Information System. The first applications of the eHealth Information System were set to be launched during the fall of 2008. The system’s gradual development has been scheduled to continue until 2013 – the official deadline for the implementation of eHealth in the country.

The eHealth Information System is a database which is a part of the State information system. The data relating to the health care field is processed in this database in order to provide quality healthcare services, guarantee patients’ rights and protect public health.

According to the Health Information System Statute, the authorised processor of the health information system is the Estonian eHealth Foundation. The health care services providers have to conclude a contract with the Estonian eHealth Foundaton in order to be interfaced with the Health Information System.

The Digital Registration sub-project is aimed at developing a centrally administered system for electronic registration by interfacing the already existing registration systems of different health service providers. It will allow patients and family physicians to see the reception hours of medical specialists and to make/cancel appointments online via one web portal.

[27]