At 48 years old, Kersti Kaljulaid is Estonia’s youngest president ever, and its first female president. A marathon runner with degrees in genetics and an MBA, she spent a career behind the scenes—mostly as a European government auditor—before being elected by Estonia’s legislature in 2016. Two years later, she’s continuing Estonia’s push for global digital security while deflecting military and cyber threats from Russia, which occupied Estonia for 50 years until its liberation in 1991.
Known for its digital government, tax, and medical systems, Estonia is planning for the future. The country’s “e-resident” program—which allows global citizens to obtain a government-issued ID card and set up remotely-operated businesses in Estonia—has attracted 35,000 people since 2014. Now the government is discussing a proposal to grant some rights to artificially intelligent systems. The law could make it easier to regulate decision-making by autonomous systems, robots, or driverless cars.
This week, Kaljulaid visited the White House along with the leaders of Latvia and Lithuania, to meet with President Donald Trump about issues including security along the Russian border. The visit coincided with the 100th anniversary of Baltic independence after World War I, and Trump took the opportunity to reaffirm the US’s commitment to protecting the Baltic States in accordance with the NATO Treaty. After attending the US-Baltic Trade Summit and laying a wreath at Arlington National Cemetery on Wednesday, Kaljulaid sat down with WIRED’s Eric Niiler for an interview at the Estonian Embassy in Washington.
EN: With various efforts over the past decade, Estonia is moving from a traditional state to a digital society in many ways. Where does that effort stand now and what do you hope to see happen during your next few years in office?
KK: Digital society is born when your people refuse to use paper. And in our country we know that our people refuse to use paper. If you arrive at such a point in your development, you have to make your digital state always secure. You need several alternatives if something goes wrong. All the time you need to worry about security; it doesn’t differ much from your paper archives.
We have already a society which is digitally disrupted. We also see that it changes how people think about technology and work and what possibilities the internet can offer for new types of careers. For example, people don’t need enterprises to work; they can sell their skills online independently.
In our case, also the government is within in the digital sphere. We recognize that there is the need to think about tax systems if people work in five different companies in five different countries at the same time. This needs to be sorted out. We cannot sort it alone, we need to sort it globally.
Estonian citizens seem to trust their government when it comes to sharing digital information. Here in the US, we trust Facebook and Amazon to a point, but with the government, it’s quite the opposite. How have you done this?
The way we have created our trust is because our people are not anonymous on the internet. It has always been secure. If you try to transact with someone online, you would not do it with an email and pay with a credit card. What we do instead is create an encrypted channel and sign a contract that is time stamped. Estonians are much more used to internet banking rather than an online credit card. You can create trust, but you have to create tools and the legal space that supports the security for these tools. The state has to promise people to keep them safe on the internet. I find it astonishing that globally businesses are on the internet. Very few states have followed them.
What about external threats? What other sort of steps might be needed to prevent Russian aggression in places like Ukraine, or the kind of cyber-attacks and hacking that have occurred in the United States during the 2016 presidential election?
With conventional aggression, since we got the sanctions in place, Russia has not made any further advances in any other region. In cyber, we must not get narrowly concentrated on Russia only. Cyber attacks rain down on us from many places. You have to make your systems secure and safe and teach your people cyber hygiene. If you are able to attribute some attacks, it’s good to be open about it as the United States has been. We need to have an understanding globally about how international rules apply in the internet sphere. Right now, that is massively missing.
What do you mean, global rules?
There’s lot of academic work on this, for example the Tallinn Manual 1 and 2. For example, we don’t attack each other’s sovereignty. Could attacking some vital electronic systems be considered an attack? What are the rights of the defender in that case? What are the rights where you fall under attack from a country you can identify, but not from the government? And if this government cannot go after the attacker because it is too weak—what are your rights then?
Speaking of rights, Estonia is looking to become perhaps the first nation to grant legal rights to artificial intelligence agents, such as fully autonomous robots or vehicles. How will it affect ordinary Estonians?
The discussion centers on whether we need to create a special legal entity for autonomous systems. If you regulate for AI, you also regulate for machine learning, self-acting and autonomous systems. We want our state to be proactive to offer services to people. You need to carefully think how to make this offer safe to our people and their private data. We want AI to be safely grown in Estonia.
Was this pushed by the advent of driverless cars?
No, it’s pushed by the Estonian people’s demand to get more proactive state services. For example, if a couple has a child, they are entitled to universal child support. In the Estonian people’s minds, it is unnecessary to apply for this. They say, “I had my baby, just pay me.” For that, this is proactive. People demand efficiency from an automated system that is making decisions. We have to regulate. Once you go digital, you are constantly pushed by your people to provide better services.
You’ve just launched a new genetic testing program for 100,000 Estonian citizens adding to the 52,000 who have already been tested. How will this information be used to improve public health? And what kind of safeguards are there to prevent possible genetic discrimination by employers, for example?
This information belongs to those people whose genome has been analyzed. This information does not belong to the Estonian Genome Bank or the government, and it’s not shared with other individuals. People’s genetic data is in an anonymous form. The aim of this program is so people will know their diabetes risk, or their heart attack risk. They can share this information with their family doctor, but they are not obliged to. They can keep it to themselves, but most people will probably share it with their doctor.
Are there any other big things on the horizon in Estonia that we should be looking for?
I wouldn’t tell you if I had. The genome bank and the digital society are the projects that have flied. I am sure there are others that have not. Our people are willing to work with the government on new technologies. Now it’s a habit; every Estonian looks at it as part of our national identity. We understand that this allows us to provide better services to our people than our money would allow.