Estonia. Land of saunas, shepherds and song festivals. I keep hearing about Estonia all of a sudden and not for any of these reasons but because of the blockchain. At meetings and conferences, I keep hearing people talking about the Estonian national identity scheme that uses a blockchain. Only this week, for example, in the Harvard Business Review, I read that…
“since 2007 Estonia has been operating a universal national digital identity scheme using blockchain.”
via Blockchain Will Help Us Prove Our Identities in a Digital World
I think this is a misinterpretation of the technical infrastructure of our neighbour to the north. The Estonian national digital identity scheme launched in 2002. Way back in 2007, my colleague Margaret Ford interviewed Mart Parve from the Estonian “Look@World” Foundation in Consult Hyperion’s long standing “Tomorrow’s Transactions” podcast series (available here). Mart was responsible for using the smart ID service (both online and offline) to help Estonia develop its e-society. If you listen carefully to them talking, you will notice that they never mention the blockchain, which is unsurprising since Satoshi’s Nakamoto’s paper on the subject was not published until October 2008. This only the most recent example of what I see to be a virulent strain of blockchainitis though.
Another Estonian outbreak of the same disease occurred just before Christmas when I was invited along to a blockchain breakfast (seriously) at the Mother of Parliaments.
After a while, the discussion moved on to the Estonian electronic identity system. I expressed some scepticism as to whether the Estonian electronic identity system was on a blockchain. The conversation continued. Then to my shame I lost it and began babbling “it’s not a blockchain” until the chairman, in an appropriate and gentlemanly manner, told me to shut up
As it happens, a few days ago I had breakfast with the new CIO of Estonia, Siim Sikkut. What a nice guy!
I asked him where this “Estonian blockchain ID” myth came from, since I find it absolutely baffling that this urban legend has obtained such traction. He said that it might be something to do with people misunderstanding the use of hashes to protect the integrity of data in the Estonian system. Aha! Then I remembered something… More than decade ago I edited the book “Digital Identity Management” and Taarvi Martens (one of the architects of the Estonian scheme) was kind enough submit a case study for it. Here is an extract from that very case study:
Long-time validity of these [digitally-signed] documents is secured by logging of issued validity confirmations by the Validation Authority. This log is cryptographically secured by one-way hash-function and newspaper-publication to prevent back-dating and carefully backed up to preserve digital history of mankind.
Mystery solved! It looks as if the mention of the record of document hashes has triggered an inappropriate correlation amongst less technical observers and as Siim observed, it may indeed be the origin of the fake news about Estonia’s non-existent digital identity blockchain.
So there we have it as far as I can see. If there are any other crypto-sleuths out there with alternative theories, I’d love to hear from them.
My memory is that it’s not just a Merlke-hash tree but a decent distributed ledger for documents with no single point of failure, that uses the identity system as input; i.e they are connected, but the chain can rely on the ID of the submitter of a document, as you would expect for accountability.