Unlocking Digital Governance

November 19, 2020
Toomas Ilves
5 min read
The Challenge: Government is Living in the Past

The Challenge: Government is Living in the Past

Almost every part of our lives is being digitized. You can buy a car, lease a house, find a doctor, and order groceries with a few taps on a screen. Our mechanisms of government, however, remain largely untouched by this digital revolution. Interacting with any level of government—local, state, or national—usually involves driving to a government office and standing in line.

Where it is possible to interact with the government online, doing so usually involves a shaky, dated, and insecure website, accessed using your email address and a likely hackable password. If your data is stored on a government server, you are left to wonder about the level of security. Data can be stolen, manipulated, or erased. Not infrequently, it is.

The Solution: Digital Identity and Data Integrity Can Unlock Digital Governance

Digital governance can update the apparatus of the state to meet the needs of the 21st century. In my native Estonia, secure and effective digital governance has increased access to public services, lowered barriers to citizen participation in civic life, enhanced the transparency of government agencies, and unlocked new areas of innovation. Digital governance only works, however, if trust has been established between the government and the citizen. Building this trust and reaping the benefits of digital governance require two critical policy interventions: secure digital identities for citizens, and resilient data architectures for governments.

National Digital Identity

Establishing a national digital identity program is the first step in creating a functional framework for digital governance. Simply put, a digital identity is the online persona of a subject; it ties an individual to a set of credentials across the Internet. The private sector has already recognized the power and potential of digital identities that are consistent across platforms. Apple, Facebook, and Google allow users to log into thirdparty websites and applications using their respective profiles. But for many of the services that digital governance makes possible, a Facebook account is not secure or verifiable enough. Government agencies must have a high degree of confidence that the digital persona claiming benefits or filing taxes is tied to the correct individual.

In Estonia, which boasts one of the first and most widely adopted national digital identity systems, citizens can cast a ballot, check medical records, establish a company, and sign legal documents using their state-issued digital identity. Authenticating themselves through either a physical ID card, a mobile phone, or a digital app, Estonians can access over 2,500 government services, as well as some private sector services such as banking. This two-factor authentication method guarantees the user’s identity throughout their online interactions, saving time and resources for government and citizens alike—these savings total as much as 2 percent of GDP annually.1

Creating a national digital identity system requires care and caution. First, such a system must be secure and identities must be verifiable. Two-factor authentication—such as combining a password with a government-issued ID card—should be adequate for most services. For especially sensitive tasks like voting, biometric data—such as a fingerprint or facial recognition—may be necessary. The latest advancements in mobile phones and computers have made biometric authentication an increasingly prevalent and accepted form of identification.

Second, the digital identity must be portable and interoperable. The same digital ID must be sufficient for use across a variety of different platforms, services, and websites. Logging into the Department of Motor Vehicles should require the same set of credentials as applying for financial aid or state-level unemployment. This consistency is critical to widespread adoption.

Third, a national digital identity should enhance rather than encroach on privacy. In many cases, having a digital identity can prevent privacy violations by limiting the amount and type of data shared in online transactions. For example, rather than providing one’s full date of birth, a digital identity could simply confirm that a user is over a specified age limit. Using a national digital identity as a primary method for accessing some private sector services (rather than a social media log-in) could also reduce the possibility of online tracking for advertising, removing certain tasks from the personal data economy. 

National Data Architecture

Of course, digital identities offer trust and transparency only in one direction. While the government might be confident that it knows who a user is, the user must also trust that their data is being used appropriately. In addition to maintaining data security, national data architecture must also guarantee resiliency and integrity to ensure that trust flows both ways.

Data resiliency—ensuring that data systems cannot be destroyed or rendered inaccessible—is a critical aspect of national data architecture. In 2019, over 40 U.S. cities—including Baltimore, Atlanta, and New Orleans—were affected by ransomware attacks that crippled key municipal services.2 These attacks undermine the ability of citizens to rely on digital governance. Estonia has established a data embassy in Luxembourg that provides redundant and secure data storage, ensuring that if a breach does occur, critical IT systems remain usable.

National data architecture must also guarantee data integrity—ensuring that data cannot be illicitly altered. This is a familiar challenge in Estonia. Twelve years ago, the country began putting all sensitive public data on a blockchain, making it impossible to alter data without express citizen assent while promoting individual privacy. When attacks are successful, knowing that data has not been modified helps ensure that trust endures.


If digital governance was once seen as desirable, the coronavirus pandemic has demonstrated its necessity. Debates about the legitimacy, efficacy, and feasibility of providing government services in the midst of a pandemic would be greatly mitigated by a system built from the bottom up with integrity, privacy, security, and resiliency in mind. Digital governance is now essential; to achieve it, the mechanisms of government must be rebuilt to fit the era in which we live.

Download the full report »

Photo Credit: Billion Photos / Shutterstock

Toomas Ilves is a distinguished visiting fellow at the Hoover Institution at Stanford University. He previously served as President of the Republic of Estonia.

1 e-Estonia Briefing Center, We have Built a Digital Society and We Can Show You How, undated

2 Manny Fernandez, David E. Sanger, and Marina Trahan Martinez, “Ransomware Attacks Are Testing Resolve of Cities Across America,” New York Times, August 22, 2019.