Tuesday 25 September 2012

Estonian digital signature – inspiration for Europe


Estonia started developing its digital signatures in the beginning of the new millennium. Today, every public institution accepts these signatures just like physical ones. Even ten years later, the Estonian digital signature’s dominance is unique on the European level – over 500 thousand people have signed documents digitally and the number is increasing by each month. How did Estonia manage to digitize its paperwork?
How to make the digital signature work?
There are five prerequisites for creating an ecosystem where digital signatures can be used – ID-cards, legislation, certification and validation services, technology and an organization to manage the project.
The organization responsible for handling digital signatures in Estonia is the Certification Centre. Tarvi Martens, the Development Director of the Certification Centre explains how the digital signature ecosystem was created in Estonia: “In 2000, legislation was passed which made accepting digital signatures mandatory for the public sector. The legislation was created first and then technological solutions were implemented to bring the legislation into reality. Currently, over 50% of the population uses ID cards and over 90 million digital signatures have been given.”
The first digital signature was signed on the 7th of October 2002, when the mayors of Tallinn (Edgar Savisaar) and Tartu (Andrus Ansip) signed a co-operation agreement between the two cities. “There was no strong opposition to digital signatures because the law required public organizations to accept it. As the technology became increasingly available, life was easier for both the officials and citizens who had to deal with less paperwork,” Tarvi Martens explains.
Around the same time, there was also a strong push to create awareness amongst developers to create solutions which would make use of the possibility of digital signatures. Tarvi Martens sees collaboration as the key to success in Estonia: “Everyone – the developers, the public institutions, the banks and telecommunication companies - worked together to achieve success. Everyone understood the benefits and there was a common goal.”
What are the benefits of signing digitally?
The first obvious benefit of adopting digital signatures is the lack of paperwork. A tool developed by the Certification Centre can be used to calculate how much money is saved by going digital. For example - when a CEO spends 15 minutes signing each 5-page document and signs five documents each day, the savings with digital signatures can be over 4000€ annually.
Another selling point of digital signatures is security. Such signatures are cryptographically secure and with over 90 million digital signatures given in Estonia, not a single case of online forgery has occurred. Just like with physical signatures, the weak link is users – forgery only becomes possible if someone is careless with their personal belongings, e.g. leaves his PIN-s and ID card for someone to steal.
In the private sector, digital signatures are not mandatory, but if both parties want to give a digital signature, it is just as legally watertight as a physical one. The financial motivation here is clear – instead of having to meet for signing a contract, companies can conduct their business over the internet. This becomes especially important with conducting business cross-border, which you can read more about below.
European collaboration on the digital signature
The success of the digital signature depends on its interoperability – digitally signed documents are independent from any e-service which means they can be easily transferred by one person or system to the other. Documents which are digitally signed are kept in “containers” which can be viewed over a web service or with special software. In Estonia everyone shares a common understanding what is digitally signed file and there are no questions about its security, legality or longevity.
Other European countries have already adopted similar systems. The challenge moving into a digital signature which would be interoperable over the entire European Union is the standardization of the digital signatures of each country. For example, digital signatures are available in both Estonia and Portugal, but inserting signatures from both countries into the same “container” is not yet possible.
The biggest challenge with digital signatures is the different legal framework of each country. For example, in some countries, ID cards are handed out by banks that cannot give a state guarantee for the validity of the signature. Another issue is the acceptance of signatures outside of the EU –if one member country accepts Russia’s signatures, it does not mean other countries have to do the same.
ETSI (European Telecommunications and Standards Institute) ETSI has recently issued unified standards for digital signatures and hopefully in time, the Portugal-Estonia example (or any other two countries from the EU) will become a reality. There is already an EU-wide “trust list” available where each country can see which signatures from other countries are trustworthy. And Estonia has created the first proof-of-concept that cross-border solutions work.
How to found a company in 18 minutes?
Estonia holds the world record for establishing a company – in 2009, the Centre of Registries and Information Systems (RIK) created a sample company in 18 minutes and 3 seconds. This is possible due to the e-Business Register that allows for founding of companies over the Internet, but also provides services such as filing annual reports. Estonia has agreements with Portugal, Belgium, Finland and Lithuania meaning their citizens can log into the portal using their own national ID cards. In 2012 over 90% of companies have already been founded in Estonia over the Internet.
This project was the first of its kind in Europe, proving that cross-border authentication is possible. „We have the technological capability to accept all EU ID cards in 1-2 years. But legislative readiness is another issue – for example, many European countries are still deciding whether they want to use digital signatures. Hopefully the Estonian pilot project gives them courage to move in the right direction,“ says Ingmar Vali from RIK.
Economic benefits of cross-border e-signature have not been measured yet. „In Estonia, the Company registration portal was not popular among foreign investors during the first year, but currently  more and more electronic identities are identified over the internet. New cross-border solutions take time to gain traction and the more countries we have participating, the bigger the gain. The EU has a population of 500 million, so the scalability of these services is huge,“ says Ingmar Vali from  RIK.