(serene music)
- [Announcer] Stanford University.
- People are worried about data.
They're worried about their
privacy and their security.
They should be, we need secure systems.
- This is The Future of Everything.
- But we can't have a system
that closes that data off.
It is too rich of a source of inspiration,
innovation, and discovery
for new things in medicine.
- With your host, Russ Altman.
- Today on the Future of Everything,
the future of digital democracy.
Estonia is a small country
in northern Europe.
It has Latvia to the south,
it has Russia to the east,
Sweden is to the west
across a body of water.
And Finland is across a
body of water to the north.
And it's not a country that
many Americans may think
about frequently, but perhaps they should.
It is a remarkable country in many ways.
It has universal healthcare,
including a very robust
human genome effort.
It has free education,
it has some of the
longest maternity leaves,
and paternity, presumably for new parents.
It has elections on the internet,
and was the first country to do so.
And it has this concept of e-residency.
A way for people to have
government issued digital IDs,
at a distance, it's something we may talk
about a little bit more.
And, it's also remarkable
because of it's location
and the proximity to both
the Scandinavia, Russia,
and many of the former
Soviet Union states.
And therefore, in a
very understandable way,
faces challenges in
physical and cyber security,
Toomas Hendrik Ilves, is
a distinguished fellow
at the Hoover Institute
and a fellow at the
Center for International
Security and Cooperation
at the Freeman Spogli Institute
at Stanford University.
Toomas was the President of
Estonia from 2006 to 2016,
during a period of rapid
change and innovation.
He serves on the World Economic Forum
and chairs their group on
block chain technologies
and is our guest today.
Toomas, how did Estonia become a leader in
cyber security and the
use of the internet,
for processes of democracy?
- Well, it was a long road.
It started, well actually it
started partially with me,
because Estonia had just
become independent again,
and it was very poor, very, very poor.
And there were all kinds
of, all kinds of countries
were looking for ways how
to get out of that poverty.
And, I had two things.
One was that I had
actually learned to code
as a 15-year-old in New Jersey.
- In what language may I ask?
- Basic.
- Basic, you and Bill Gates.
- But that was in 1969 and then, so I,
and since then I had not
been really concerned, I'd
been kinda geeky but ...
And the other thing was
Mosaic came out and I saw that
whereas in all other realms,
I mean, infrastructure,
whatever, I mean the
whole state of the country
was very, very backward,
from 50 years of Soviet rule.
But here was one thing where we were
on a level playing field.
That is we could start here
and be no worse than anyone else.
- And everybody was kind
of getting started ...
- Right.
- So there wasn't, not much
a head start for anybody.
- Right, so the US was no
more advanced that we were.
So and then I proposed
this program of digitizing
all the schools and putting them online,
or bringing computers to all schools.
And despite some opposition,
that was accepted
by the government and so by
'97 all the schools were online
and people, banks then
realized that you know it's
a good idea if we can
do electronic banking.
- Was the internet
infrastructure adequate?
Did they do it over the phone lines?
Did you ...
- Well we had, one of
their early good steps was,
was actually instead of
making money from privatize,
from selling the old Soviet
network, we said, we told
this foreign telecom, well
create the fiber optic,
digital infrastructure for us instead.
That's, I mean, so we did that.
- That way it could be a
brilliant move then for
having capacity to grow
in the next decade.
- So we had that
infrastructure put in place.
It became clear by the late
90s that this would not be
adequate and that we need
something far more robust
if we want to have a,
have a system that worked
for governance and so we
did a number of things.
One is that we, first of all, we created
a national digital identity,
which was on a card,
a chip card secured by
well end-to-end encryption.
- Yep.
- And with two factor authentication.
This was the year 2000
I mean you don't do ...
- Wow.
- You don't do this in the US yet.
- No there are substantial
barriers to having it done
in the United States
as you know very well.
- And then, no I would argue it ...
- Not technical.
- No they're not.
You can do it in California if you want.
You can do it at a state level.
Anyway, and then we, crucial
was we passed a digital
signature law, which meant
you could actually sign legal
documents online, using this
idea, which basically means
you can do all transactions.
- I am flying to New York tonight,
to help sell my father's
apartment in New York
because they would not
accept any kind of proxy,
or electronic signage.
- Actually I will tell
you, there are three things
you cannot do in Estonia
with your digital identity.
One of them is get married,
you have to show up.
The other one is getting divorced.
You have to get, that's
a little less pleasant.
- Right.
- And then the third is actually transfer
a physical property.
And we have that, I think
it's actually a good idea.
I mean given, looking at
sort of the what has happened
in the United States, I mean
New York, Florida, London,
which is you have all of these
anonymous shell companies
buying property, including
you know Mafioso from Russia
buying property in Trump Towers.
- It might help if they showed up.
- We have to, I mean they're
anonymous, you don't even
know who they are.
Now because of our location,
we decided we better know
who's buying what.
So those are the three exceptions.
All other things you can do online.
And the other thing
that was crucial to this
to make it work, is we
designed a new architecture,
a distributed data exchange layer.
So that everything is
connected to everything,
but always through an
authentication process.
- Very good foresight, I mean.
- No this was not foresight, this was,
this is necessity is
the mother of invention.
We were too poor still in
the late 90s or early 2000,
to build a big data center,
which is how most have done it.
So we don't have a big data center.
I mean we didn't have
the money to build that,
so we said, okay you
all keep your servers,
it's just your access to your
server, in a government office
must always be through
this authentication process
of two factor authentication
and end-to-end encryption.
- Yes, so you used the
power of the government,
since you didn't have the economic power,
you could be a central point
for using the authority
of the government to
validate transactions.
- Yes.
- And to validate somebody
is who they say they is
and that's a, in the cyber
world, as you know very well,
that's the key thing to make
sure to keep people honest.
- Well this goes back to
the '93 New Yorker cartoon
of two dogs and one says to
the other, on the internet
no one knows you're a dog.
The other thing that made it
work is of course that this
was not simply a government effort.
First of all our NGOs,
especially geeky NGOs were really
thought it was cool and the
banks who realized that this
was one way to really cut
back on costs because you had,
I mean we had all these, we
have many banks, each one had
their little bank branch in a
little village and this was a
brick and mortar, branches
were really expensive.
And so they made bank transfers ...
- Now as a leader of the
citizenry, how did you make sure
that the population of the citizens,
were on board with all of this
because this must have been
a period of rapid change,
lot of innovations.
There were people who, I'm
sure there were people who were
farmers who were not technological.
How did you bring everybody
along into that process,
without losing the trust or
the faith of the citizenry?
- Well the key, again in
retrospect, is that you provide
services that people like.
Very simplified tax returns.
So that, I mean which is, so
since it's digitized it all
comes prepared for you.
I mean now it's not such
a new thing, but in 2001.
- Right the government
is providing Quicken,
Quicken taxes for everybody.
- Right.
And this is, so you just
look at it and if everything
looks right you press
enter and then you're done.
Digital prescriptions
was another one that ...
So you go to, if a doctor
gives a prescription,
he puts it into the computer
and then you can go to any
pharmacy in the country and
get your medicine by simply
identifying yourself with your card.
You don't even have to authenticate.
- So my field is biomedical data science.
So I'm extremely aware of the
valuable resources in Estonia.
And as you know very well,
there's a genome project
that was one of the first
national genome efforts,
probably under your leadership.
- I'm the patron.
- As I'm thinking about the years, yes.
And the ability to not
only take the genomes,
but then to take the health
records, the pharmacy records,
combine them for discovery,
makes many of us in the field,
I'll use the word salivate,
over the opportunity for
Estonian scientists.
And of course they're
very good at collaborating
so it's not just for Estonians.
- Well we are now going, I mean
we have started the process,
I guess with a hundred
thousand people, or more,
of offering, sort of putting
together your phenotype
- Yes good.
with your genotype.
- Good word.
These are my favorite words.
- Well it's been 45 years
since I studied all that.
But nonetheless, yes, and
so, I mean this we hope will
actually give some real
interesting results.
And I mean if you know that
you have propensity for a certain
kind of disease then you can take action
in the way you live your life.
Up to now it's simply been,
oh your parent died of this therefore ...
- That's right.
This allows a precision
and that's what many of us
in the field are looking for
and Estonia was a leader.
It's the first one that I was aware of.
Switching back to the
issue of the politics,
how did the introduction of
electronic internet voting
go down with the population?
As you know in the US there
would be huge concerns.
I think many of them valid,
about messing with the voting
machines, messing with the results.
- Yeah we don't have voting machines.
- So how does this work?
- It's online.
I mean it's exactly the same
as any other transaction.
Which is one reason why we trust it.
Which is that you simply
authenticate yourself online.
You vote and then you have voted.
- So by the time they
did the internet voting,
they had already been using
the authorization processes
for other transactions and so there was
a sense of trust already?
- Hundreds of millions
of bank transactions when we began.
And since no had ever lost any money
in the bank transactions
you figure why would they,
why would they, how would they, I mean,
- Yes, yes.
why would that ...
- That's a very good lesson
that maybe you don't lead
with the voting, you lead
with these other things
that are auditable and then
when trust is established.
- Well our vote is also
auditable except, I mean you know
that you voted, or you can prove,
we offer proofs that you voted.
The way the uptake, as
with all of these things,
was basically kind of a,
I don't know, parabola.
I mean it was just, we started
off, had seven or ten percent
of the population voted online.
It evened out in the, by
the fourth set of elections,
that was, we've had 11 now
I guess, where basically
31 to 33 percent of the
population votes online.
If you're abroad, I mean
this is especially useful
because otherwise if
you want to vote abroad
you have to go to a consulate, or if you,
or you can vote by mail, but
even that is very problematic.
So it's one of those
conveniences that we really
make use of and enjoy.
- And then two thirds will
show up to the precinct,
or the equivalent and cast their votes
the old-fashioned way?
- Yeah well people also
do sort of voting by mail.
- When they do it in person
is it a paper ballot?
- Yes.
- Which means you've solved
the problem of combining
paper ballots and electronic
ballots and auditability
across those two modes.
- Well there are couple of
things that are important
to keep in mind.
One is that, you can vote as
many times as you want ...
- Oh it's like Chicago.
(laughter)
- Excuse me my apologies to my
- I know the joke.
fellows from Chicago.
- You can vote as many times
as you want, digitally.
You're canceling your
previous vote in that process.
- How sensible.
- And the last vote is what
counts and in fact if there is
a problem, say digitally, then
you can still go and vote,
since it's for four or five days before
the physical election.
Now I just want to address the paper issue
because they would say,
paper ballots, paper ballots.
People forget that in
today's voting procedure,
the chain of actions beginning
with your voter lists,
to the final tabulation,
everything, even as you vote
on paper, everything
else is a manipulatable,
digital process.
And we know that either
21 or 39 US states,
depending on which, whether
it was Reality Winner,
or Janet Manfaira who has reported this,
but there were hacks
into voting registries.
Now we of course don't
have this problem of
voting registries.
We have one registry.
So everything ...
- And is it the citizens of the country?
- Right, well it's not
actually all residents
of the country.
- Residents.
But I mean if you're a,
say, we have lots of Finns,
who have moved to Estonia,
and I mean you can't go vote
because if you ID yourself
and then you want to vote,
they say nah, no.
Whereas if you want to
pay your taxes you can.
This is all stuff that you can do.
But the point is that,
when you have elections
in the United States,
even if you go and vote,
and I don't even mean a
machine with hanging chads,
But you know ...
- With a little black pen
and fill in the dots, right.
- It's, that's one step that is paper.
- And there's plenty of
electronics before that.
- And afterwards.
That can be manipulated.
- This is the Future of Everything.
I'm Russ Altman.
I'm speaking with Toomas Hendrik Ilves,
the former President of Estonia
and currently a distinguished fellow
at Stanford University.
One of the things I read
about in preparation for our
conversation was the
idea of an e-residency.
And as far as I can tell,
it's unique to Estonia still,
but I'm not sure about that.
Can you give us, what's
the motivation for it
and like how is it going?
And what is it?
- Okay it means that, there
are a whole series of services
that up 'til now are not
tied to residency except,
sort of by habit.
I mean why is it that you
cannot open a bank account
if you're not living there?
I mean as long as we
really know who you are.
So we have a very sort of
thorough identification
vetting process.
But why should you not do it.
Why shouldn't you be able to
if you open a bank account,
open a business in my country?
And so, we thought this
would be interesting
to see if it would work,
but now we have some
50, 60 thousand people that are set up,
mainly set up companies in Estonia
and you could see who would be interested.
Well say Brexit, if you are an SME,
or small medium enterprise in the UK,
you're not gonna be like Jaguar
and have your office in Brussels.
You're just selling something online,
but you want to take
advantage of the Common Market
and all of those good
things that go with that
and sell to the European market,
but you have to be established
within as a business within
the European Union.
So we find a lot of people
from the UK are establishing
a business in the EU.
They don't have to go to Estonia.
They're living in the UK, but
they're selling their product
under EU rules within the Common Market.
- And I would guess that
it's important to stress here
that this is not a
fly-by-night operation to allow
illicit things to happen.
The whole point is that you've validated
who these people are and there's
a sense of authentication
and the full faith of
the Estonia government.
- Fingerprints.
- Does it involve fingerprints.
- Yes I mean we really,
we wanna know who's who.
- This is The Future of Everything.
I'm Russ Altman.
More with Toomas Hendrik
Ilves next on the issues of
e-residency, cyber security
and how democracy can go digital.
Next on Sirius XM, Insight 21.
Welcome back to The Future of Everything.
I'm Russ Altman.
I'm speaking with Toomas Hendrik Ilves,
former President of Estonia
and distinguished fellow
at Stanford University, on these issues
of cyber security.
In our last segment, we
started talking about
this e-residency idea.
And I think you said 50
to 60 thousand people,
very authenticated
involving both fingerprints
and identity authentication.
What are people using this for?
Has it been declared a success?
Is it still an experiment?
And really what I want to
get to, or have there been
evidence of misuse of the vision
for how this would be used?
- Well as I mentioned,
one thing is being able to
establish a business
in the European Union,
which is, I sort of
brought the Brexit case
because that's kind of understandable.
But it applies to the rest of the world
outside the EU.
People, I mean people
bash the EU all the time.
Actually, it's really,
there are no sort of
trade barriers in an area
of 500 million people.
So people living outside that
really want to be able to
make use of that.
- Enter this market which is quite unified
and quite facile.
- And so we find, first of
all, people from all over
the world, have applied for
this because they wanna set up
a business in the EU.
- And we should stress, this
does not make then Estonian
citizens, it makes them
Estonian virtual residents.
- Yeah they're residents, meaning
you have, I mean you don't
vote, you have no, I
mean you don't have any,
you don't get healthcare,
none of those things,
but you do have the right
to establish a business.
Then there are other places for example,
payment systems in the
world, like PayPal does not,
or did not, I don't know how they are now
but did not work in Ukraine.
- Okay.
- At the same time, Ukrainians,
you know, Ukrainians
are brilliant programmers and
so they sell their services,
I mean this is like worldwide,
- Yes.
but they can't get paid in ...
- Through the most obvious
which would be PayPal transfer.
- Right.
And so they establish their
business in Estonia where,
I mean since we've been
in the EU for 15 years,
it's like, yeah okay normal ...
- Through an known node.
- And so they have their
business established there
and PayPal works there,
so they simply do that.
Now what do we get out of it?
Well as, we have ...
- Center of commerce it sounds like.
- Also if you have a business in Estonia,
you pay your taxes in Estonia.
So if you're a success, I mean we,
you have to pay your taxes in Estonia,
it's not that you just have a ...
- That's what residents do.
So it shouldn't be a surprise
to anybody who comes to any
country and works, is that the country
is gonna have the taxes.
So the Ukrainian example that you raise,
granted works beautifully
into the next topic
that I wanted to discuss
which is, there are totally
legitimate software entrepreneurs,
who are based in Ukraine,
but we also hear about
Ukrainian hackers and it raises
the issue of are we worried
about the e-residency being
used in some way as a front
for unethical, if not illegal activities?
And how do you police that, or do you?
Is it a free market approach,
or are there other things built-in?
- Well, first of all I'd say after 2014,
the hackers are not Ukrainian.
- And you were actually
the victims of hacking
in the electrical grid
and things like that.
- And have been continuously.
NotPetya was one of the
worst sort of attacks.
Well the vetting is quite strict.
And the only problems we've had is that
some banking authorities outside
the country don't get it.
And so they're kind of wary
and I mean so that has led to,
we've had to like prove,
or people have had to prove
over and over that they are really legit.
- Right.
Because money laundering
is such a big problem.
And you know we've had money laundering,
not through this system,
but rather through a
traditional bank from Denmark
that was turned out to be
laundering money in our country.
So I mean money laundering is
such a big problem these days
that there is a certain wariness.
- Now your transactions are auditable.
The transactions that happen through your
central system that you described earlier.
Because I know you have
an interest in blockchain
and we've talked about
blockchain on this show
and one of the things
that people worry about,
the blockchain transactions
if we were to move to that,
and I'm not claiming that
you're moving to that,
but if we were to move,
then they might not be,
they would be public but they
would be encrypted in ways
that could stymie attempts to uncover.
- Right that's true.
But, let me talk about ...
- Please yes.
- Blockchain in a different way.
First of all I prefer the
term a distributed ledger,
- Okay.
which basically means you
have a ledger that keeps,
accounts for things.
Now the thing that people
need to understand is that,
you know, why I don't say
blockchain is because people say
bitcoin starts with a B.
We in fact have since 2007 put
all crucial data in Estonia
on a distributed ledger,
because, I mean that's
healthcare data, property
records, laws, court cases,
are all on distributed
ledger, because, once you go
full digital, if someone
goes and changes it
you're really in trouble.
If someone changes a
precedent setting court case
and we don't print them
any more those court cases.
- So they're all electronic.
- Right.
And so you go back and go wait
a minute, I thought it was
the other way around, but I guess ...
- Somebody inserted a not.
- Now this is key in that I
argue that while people are
really obsessed with privacy,
there's nothing wrong
with being obsessed
about privacy, but it's,
if someone knows my blood
type and publishes it,
it's kind like, well okay.
If someone goes and changes
the record of my blood type
it could be fatal.
- That's correct.
- And therefore, what is
crucial when you go digital
is to take into, to make
sure the data integrity
is a key part of your system.
Privacy you obviously have
to guard against people
seeing things they shouldn't.
On the other hand you
really have to make sure
they don't change it.
And you just start thing about
it, I mean data integrity is,
who changed it, I mean
someone can go and change your
bank account ...
- Absolutely fundamental.
- Your medical records.
And then if you think at a
national level, someone changes
your laws, or your property records.
So that's why since 2007 we've
been putting these data on
a distributed ledger.
And the final thing that we
do which is quite innovative
- Which of course means
just to spin that out
just for a moment.
That means they can be copied, replicated,
there's really no, once you
have this distributed ledger
and assuming you back it up
and send it around the world,
it's very difficult to then
tamper with because there'll be,
there's trivial algorithms
they can compare
and make sure that everything is intact.
- Well what, actually it is,
I mean for the public sector
it is a private blockchain.
- Okay.
- That means there are a
limited number of authorities
that will sign off.
The final thing which that
leads into is that after the
Fukushima tsunami and the meltdown.
- Yes, literal.
- It turned out that some
percentage of Japanese
national data was lost
that it was digital.
And so we started thinking,
you see we don't have
we're not in a seismically active area,
but you know we basically
on the average in the last
thousand years we've been
invaded every 50 years.
- Yes stuff happens as we say.
- And so what we did was appealing to the
Vienna Convention on
diplomatic extraterritoriality
and immunity made a deal
with Luxembourg that we will
declare a server in Luxembourg
our digital embassy.
- Wow.
- So it's like Assange, right.
You can't go in and do
anything with it right.
And so we put all crucial national data
again property records,
law, citizen registries ...
- I love this.
So this is an off-site backup
of Estonia in Luxembourg.
- Right.
It's like a mirror image there.
- And it's credentialed
and it has the full faith
of the Estonian government in terms of ...
- Well it is the Estonian government
and it's online, real time.
So in case we get invaded again.
- And we hope never to use it.
- Right.
Well I mean, stuff happens.
- So do you do a calculation
of how many of such things,
like is Luxembourg enough?
Do you wanna put one in Asia?
- We wanna do other ones as well,
but even one is unique in the world.
Now it's not a problem in
the US because you're so big.
But any small country and
I say especially smaller
countries in seismically
active regions, you know
think Greece, or Turkey, why don't you,
you should think about these things.
- I'm just really impressed
that the thoughtfulness
with which this electronic
infrastructure has been
deployed in Estonia.
And as we've been
talking, there's backups,
there's authentication,
you've really created
a road map for the critical components
of an infrastructure for the future.
So the last question I guess
is, are other countries
noticing this and are you
seeing people appreciating
what you're doing and
trying to replicate it?
- Fifteen countries have
adopted our data exchange layer
which is open source, non-proprietary.
I used to call it our foreign aid,
foreign aid on a thumb drive
because you just give it
to 'em, say here it is.
- You're welcome.
- Most interesting,
especially for doctors,
what we've done is I proposed,
highlights the problems too.
I proposed to the Finnish
president seven years ago.
Look you have this system
which you took from us.
We have the system and we
have digital prescriptions.
Why don't we do it so, we
get eight million Finns
visiting a year so like ...
- And they show up in emergency rooms.
They need healthcare sometimes.
- Well we haven't gotten to
the point of medical records.
But certainly on prescriptions,
if you come and have
too good a time and lose
your medicine you can now
go and identify yourself
in the Estonia system
and your prescription, which
your doctor has somewhere
up in Lapland put in, you
can take out that medicine.
This also indicates
where the problems are.
The technical part of
that would have taken,
some people say a week,
other people say three weeks,
it took five years because
the policy and political
and regulatory and legal issues
took that long to resolve.
Technically it's an email basically.
And this is what always
needs to be kept in mind.
Digitization is not a
technological process
it is a political and most
decidedly analog project.
- Thank you for listening
to The Future of Everything.
I'm Russ Altman.
If you missed any of this
episode, listen any time
on demand with the Sirius XM app.
