For past 20 years or so Estonian e-government – and the x-road backbone – have been promoted with promise of transparency. Yes, we keep a lot of data, but it is stored securely and you can always check who has accessed it. This means transparency and trust. Or “trust”, as in this The Guardian interview with Toomas Henrik Ilves:
The Estonian system, he explains, is based on “trust”. While the national database can be accessed by the authorities, he stresses, the citizen has to be notified when their records are observed. So if the system hasn’t been built on Blockchain technology, it nonetheless operates on Blockchain-like principles – creating a data system that can’t be altered with notifying both the authorities and citizens.
This is what Ilves calls a “Lockean contract” between digital citizen and the government. The 21st-century networked sovereign, he says, is the guarantor of what he calls “data integrity”. While the government can’t access our data without our knowledge, the citizen no longer has any anonymity in this system.
Problem is, there is no such transparency – no notifications, no place to log in and see who has accessed your data. There was one system with such functionality, but that was shut down like 10 years ago (added: there is one more system now: E-health, sample below). And even when it worked, it displayed only trivial amount of accesses – like if police used the data while identifying me during traffic stop and I had done nothing criminal (my car’s mandatory checkup had expired) that wasn’t visible. As I had also forgotten all my documents (and money) at home I was of course totally in favour of them identifying me via databases… but anyway, there’s no trail of that positive moment that I can show to you.
The rest of the databases? I recall a meeting (in government residence, no less) where the topic was discussed, possibly on a roundtable arranged by National Audit Office. After some serious googling I found a contact address where to submit a request to get information about access to my data in population registry. It took some months to get answer, as supposedly information about who had requested my data was only available in “comments field” and had to be assembled manually. Promoting the idea of requesting such transparency is a good start for denial-of-service attack on Estonian e-government.
Then there was a case when somebody from Ministry of The Interior was promoting some new legislation mandating more data storage with the argument, that everybody is able to see who has been accessing the data, so it is not a privacy violation. Our correspondence ended after couple of rounds, after she was unable to find any proof of solution where I can view the access log.
And don’t get me started on the question of who can purchase the data from our population registry or from business register. Want to get contacts of underemployed pensioners? Give us your monies! Want to spam every e-resident who has created a company? Sure, all addresses in registry must be business contacts so spam away (and give us some monies)!
THI is as kickass president as they ever get – but there is some serious ass-kicking to be done back at home, to cover his own that has been left without notable protection on this trust issue.
Trust in Estonian e-gov databases is completely meme-based. As a citizen I should presumably be able to see, who has accessed my data. As a former tech journalist someone should have told me I’m wrong and shown me the place to see the data. But it’s like… you know, jet fuel doesn’t melt memes.
Correction – There is one system that currently displays access log, Estonian E-Health’s Digilugu.ee “patient portal”. While it is difficult to tell if all accesses are listed I can find most of the cases where I recall having had interactions, like my filling of “health self-assessment” and a doctor accessing it to provide me with proof-of-health needed for driver’s license: