In addition to enabling me to use practically every government service from my couch (and signing legally binding contracts!), the eID system has expanded to become a single sign-on method for many more things. For example, if I would want to change my ISP or mobile carrier, I'm able to log into the new provider's site without any prior registration and have an account with my identity already verified. Even random e-shops will provide this as a login option, and then upon checkout I can use the very same authentication method to confirm the transaction with my bank.
Also, with the advent of Smart-ID (https://www.smart-id.com), I don't even need to pull out my card reader for any of this.
The only government interaction that has required me to be physically present in an office was when the residence permit + ID card were issued to me in the first place.
(For reference, I moved to Estonia from the US in the beginning of 2020)
Sorry, perhaps "verified" was a misnomer. Verified to the extent that I am in possession of a factor (ID card with chip or phone with registered Smart-ID certs) and a memorized PIN (one for authentication and one for signing).
I'm an Australian living in Estonia. The short answer: absolutely amazing.
The long answer: eID was originally through an ID card, and you'd have a USB chip reader you'd plug into your computer and a browser plugin and digital signature software (open source, I believe.) You could use this to authenticate on government, bank, etc websites, and sign documents, very easily: you just remembered a PIN code.
These days many people use Mobile ID which has the same signature functionality on your SIM card, and you sign by entering a PIN on your phone. This is very convenient but I do worry about security a lot more. In the past, there have been security issues, such as flaws in the signatures, and once this caused a large number of ID cards to be reissued. It's not without problems but all problems so far seem to be caught. I don't wholly trust it and I am waiting for the situation where a document is "signed" and the owner of the ID denies signing it.
Almost everything is accessible online, and you do not need to visit offices for the vast majority of government and often other business/bank interaction. I think there are only three things you cannot do online: get married, buy property, and I think deal with deaths. Everything else you can. The famous example is starting a company, which takes about fifteen minutes and even has a customisable template for company documents (in English!) for you, you just pick the options on the website, sign it digitally through the website, establish a holding bank account if necessary (through the website - bit of an echo here!) and done.
Most data about you is digital - your tax, medical etc. For background, I'm someone this scares. I see huge value behind an attack here. I also worry about access by the government or others. But in practice, it seems to work well. Data is stored in different enclaves: the tax department can't see medical data, for example, and access is logged. There are cyber-attacks, most commonly from Russia, but the Estonian IT team is top-notch. If this same system were in Australia I'd have no confidence, because Australia outsources everything and the government cannot run good IT systems. But Estonia does it well.
What makes it secure is that by law government entities (ministries, departments, etc) should not store data that can be queried from other available registries. So when I go to some official then they look at personal number, look up where I live, and don't have to ask me to fill forms about where I live and what car I have or whatever, data that is already stored in one place. The advantage is this: it is a lot easier to keep data secure when it's in one place (for example.. your address), than when every department had their own databases about addresses of people who have interacted with it.
Why do you think our current system is scarier than the alternative that exists in most other countries? Where every ministry has their own random databases, with data that is probably outdated.
Also, the cyber attacks by russia are always DDOS attacks, they can't achieve anything else.
I always found the infatuation with Estonian company setup a bit weird. For this convenience you pay 20% company tax. In Europe several countries offer a better rate - for example Ireland is at 12.5% with a similarly easy company setup system - in English. Or Hungary at 9%. At an 11% difference I'd gladly pay for a local accountant. If you earn 100k through your company you leave 10k in the hat just for the PR & marketing Estonia has. No thanks.
No, there is no biometry. To do anything with your electronic id you need your id card with the chip or your phone with a sim that stores your private key, and you need to know your PIN-s. What other kinds of verification do you need?
It is assumed that whoever is using the id card to sign in somewhere or sign something is the owner of the card. Since.. the pin is also required, stealing someone's card doesn't give the thief any benefit.
Somewhat related, Singapore also has a national digital ID system called Singpass[0] which is part of their Smart Nation[1] initiative. Once registered, you can use it from your PC/Phone for digital access to most government services.
Electronic voting is a bad idea. Almost no upside, but lot of downside.
Nobody can proof that the system works, nobody can keep it secure (noone cares about estionian elections, imagine the US...), nobody can proof authenticity in retrospect.
And of course, they can’t really be anonymous.
And for what? So that somebody that is too lazy or too disengaged to fill out a paper form or spend 10 minutes at a voting both can have a say in the countries direction?
> Nobody can proof that the system works, nobody can keep it secure (noone cares about estionian elections, imagine the US...), nobody can proof authenticity in retrospect. And of course, they can’t really be anonymous.
Why do you believe none of this can be proofed or kept secure?
The electronic ID is a great idea for everything except for voting.
I can easily go to someone's place, make sure he votes for my candidate and give him 10$. A lot of people with low interest in politics would sell their vote, I suppose.
Polling booths are still safer than all other options (mail voting, electronic voting, etc...)
And then after taking your money I can vote again as many times as I want for someone I actually like. Only the last vote counts. And I think that next elections it will be possible to override your electronic vote on paper at the polling stations.
1. the vote buyer can lock the eID in the vault until the end of the elections
2. the vote seller can be paid only after the end of the elections, given s/he didn't voted on paper (it it all possible to authenticate wuthout eID on the voting station).
In person voting at the voting booth is without any doubt more secure. For something so important like voting I would only use the most secure option.
I live in a country with only voting at the voting booth and I am perfectly happy with it!
In addition to this, the fact that you are not aware of voting fraud does not mean it does not happen. That's why it's important to care about potential voting fraud.
Unfortunately, voting fraud occurs even with in-person voting at the voting booths. Here election observer committees are made up of representatives of the various parties, and there are reports of the deals that split the votes of people who did not show up at the voting booth.
There was a proposal to install cameras on the voting booths, but it was rejected by the high court.
Surprisingly e-voting can solve these low-tech corruption problems, but it introduces a much larger attack surface.
I would kindly say that they didn’t think this system hard enough since it has no fallback way to authenticate. I left the country, a year and a half ago and I accidentally locked the card couple of month ago then I went to their embassy in Copenhagen. Their answer in short:
“Sorry the format of your card is not supported anymore, we can’t recover your code, you have to go to the police office in Estonia and ask for a new one, but it won’t be approved since you don’t live there anymore, so you should maybe try to apply to e-citizenship”
For a card that expires in middle of 2023 isn’t amazing to learn that they don’t support it anymore. Also applying to e-citizenship costs ~120€. When this card is the only thing you can use to access to your Estonian bank account like it was my case, I don’t know how does it sound to you but well not that great! I have something to compare with since I have pretty much the same electronic id in Denmark and in Sweden.
The fallback is having a second method of authentication or even a second ID card. If getting access to a new document is too difficult then that's a risk you should personally work on reducing.
In addition to enabling me to use practically every government service from my couch (and signing legally binding contracts!), the eID system has expanded to become a single sign-on method for many more things. For example, if I would want to change my ISP or mobile carrier, I'm able to log into the new provider's site without any prior registration and have an account with my identity already verified. Even random e-shops will provide this as a login option, and then upon checkout I can use the very same authentication method to confirm the transaction with my bank.
Also, with the advent of Smart-ID (https://www.smart-id.com), I don't even need to pull out my card reader for any of this.
The only government interaction that has required me to be physically present in an office was when the residence permit + ID card were issued to me in the first place.
(For reference, I moved to Estonia from the US in the beginning of 2020)