There is a connection between (1) the certainty that we attribute to mathematics, (2) the certainty that this fosters regarding the technological systems that employ, are bound to and thereby also limited by mathematical tools and methods, and (3) the outcomes of using such tools in governance. The purpose of our study is to explain the outcomes that the employment of such mathematical certainty-reliant technologies has for personal autonomy and state sovereignty.
Our purpose is to offer an insight to the current discussions on building considerations of fairness into automated systems to the extent possible while still respecting the contextual approach to judicial interpretation. Understanding the legal implications of automation and its effects on our fundamental values—autonomy, fairness, justice including core freedoms, due process, and the democratic nature of markets—is becoming a matter of urgency. The results of research in these matters are socially significant, potentially affecting nearly everyone in the world. We hope to contribute to the discussion with a possible justification and study of legal implications of the use of certain data integrity algorithms.
The main idea that we introduce and defend here is that mathematical certainty and certainty with respect to some technologies are able to sustain and produce particular relations within a state. Such a mathematics-based certainty regarding state affairs is able to extend support not just towards state sovereignty and political autonomy, but also allow for greater personal autonomy of the individuals operating within that state. We make an attempt to defend this argument in relation to technologies that build on and sustain mathematical certainty, data integrity and transactional transparency, e.g. blockchain technologies characterized as zero-trust technologies or technologies supporting no-party trust.1
The link between mathematics and governance, just as between science and governance, has been employed and studied thoroughly in the fields of economics, political science, public administration, psychology, sociology and beyond. We hope to add new observations to the well-studied connection between mathematics and governance with a focus on the creation of certainty-based relationships that develop when employing mathematical proof-reliant novel technologies, including blockchain, in contemporary governance. If successful, this might provide us a further understanding of the relationship between mathematics and governance in general. When describing these connections, we draw on experience and examples of Estonia’s use of mathematical tools in governance. Yet, while drawing on them, we remain critical and attentive to the limitations of employing similar tools in different contexts and among various societal groups.
The connection between mathematics, autonomy and sovereignty is not a utopian one. Rather, when supported by transparency and an appropriate legal framework, reliance on mathematical certainty and related technologies might help give rise to an improved system of governance around the world. It might take us a step closer to a system of governance where we, the people, govern the administration, and not the other way around.
A. Mathematics as a Source of Certainty
Why do we need certainty? “We want to be sure that we have not made any mistakes and to have a safeguard against error. This is a desire that is motivated by practical reasons: life is easier if one can avoid (at least sometimes) the consequences of error or of being wrong. It is motivated by social reasons, as well: being wrong can be embarrassing and being in the know is deeply satisfying.”2 Moreover, when we have more certainty, we can make better decisions and be in further control of our lives and businesses. In this manner, the more certainty we have the better grounds we have for leading our own lives and being autonomous in the sense of exercising positive freedom.
What are our tools for increasing certainty and decreasing error, beyond simply gathering more information or trusting each other? What gives us reliable information? What gives us certainty? “Mathematics is the only field of knowledge concerning which there has been some rough consensus that it actually gives us certain knowledge.”3 “Mathematical constructions are produced by the ideal mathematician, i.e. abstraction is made from contingent, physical limitations of the real life mathematician.”4 As such, mathematics is often put forward as an ideal: “‘this paragon of reliability and truth,’ as David Hilbert5 proclaimed.”6 Just as with the objectivity of mathematical truths and the ontological nature of mathematical objects, so has the concept of certainty received considerable attention in mathematics over past centuries.
As Berts rightly explains, research on the topic of certainty decreased after Gödel’s incompleteness proofs showed the impossibility of carrying out the original logicist and formalist programs that were driven by the wish to establish the certainty of mathematics. However, the fact that mathematical systems cannot explain all features of the world does not mean that we should cast them aside. In many situations and not just in everyday lives, “[t]he search for certainty makes us turn to mathematics. Mathematical techniques are often what bring certainty. They allow us to overview situations in such a way that we see clearly what the case must be. When we have settled something using mathematical tools, we can rely on that knowledge.”7
The use of mathematical tools in various technologies (computing, cryptography and communications) allows us to attain similar reliability. We can form clear expectations regarding the outputs that inputs should provide, as well as form an understanding regarding what must be the case by relying on the mathematical deterministic routine for the manipulation of symbols. From the standpoint of an observer, making the performance of the routines involved in the technological process transparent to some degree, e.g. observable through code or logs, increases the reliability of the technology further. At the same time, even with no transparency, an understanding of how particular mathematical tools are employed would often be enough for reliably defining the outcomes of the technological process.
What does it mean that a performance of a routine is deterministic? As Hansson explains, it is deterministic in the sense that it is unambiguously specified, step by step, so that the outcome is predetermined.8 Mathematicians operate with a wide variety of such routines for symbol manipulation, and the general term for them is “algorithm.”9 “Whereas a computation has numbers as both inputs and outputs, an algorithm can operate on any type of symbols. However, for the modern mathematician, the difference between making a computation and executing an algorithm is inconsequential, since all symbols can be represented by a sequence of numbers. Therefore, ‘computation’ is used as a general term for the performance of any algorithm, and ‘computable’ means ‘obtainable by performing an algorithm.’”10
The drive towards higher certainty and the related efforts to base mathematics on systems of axioms and proofs in the 19th and the beginning of the 20th century have enriched other fields of research and enabled the creation of many modern technologies. Following the long history of employing mathematical methods for tasks in practical engineering (including optics, structural mechanics, building construction, machine construction, shipbuilding, and engineering thermodynamics),11 we see the trend continuing with mathematical tools being used for simulation, optimization, control theory, and statistical analysis.12 Their use extends redundant contemporary scientific theories, e.g. solid and fluid mechanics, electrodynamics, thermodynamics, and quantum mechanics, all of which require considerable mathematical training.13
While Gödel’s work decreased the enthusiasm driving the research on further mathematical certainty, certainty itself, as Berts remarks, “does not stand and fall with the success of a foundational programme.”14 When we focus on mathematics as an activity, we see that certainty of mathematics can be described as, “being certain that one has performed an operation correctly, that one has followed the rules correctly.”15 “[C]ertainty can be seen in the practice of mathematics and in the status that mathematics has for us.”16 Modern technologies (that would be unthinkable without tools from different fields of mathematics) convey this mathematical certainty via technological processes to our everyday lives. As Hansson describes, “the technology-mathematics relationship has developed, from the use of simple aide-memoires for counting and arithmetic, via the use of mathematics in weaving, building and other trades, and the introduction of calculus to solve technological problems, to the modern use of computers to solve both technological and mathematical problems.”17 The reliability of the deterministic routine developed in mathematics means that in application, these routines produce only predetermined results. This is the certainty, or obviousness, that mathematics provides and that we can derive from it for building reliable new technologies.
B. Certainty in Service of Personal Autonomy
There is a curious relationship between certainty and personal autonomy. The more there is certainty about the world around us, the more one can exercise their personal autonomy. As individuals, we have a personal interest in being in control of our lives and making better decisions for ourselves: we want to be autonomous. To be autonomous means to be ably guided by the desires, motives and considerations that one recognizes as one’s own and that are not the product of manipulative or distorting external forces.18
Being autonomous means not just the ability or capacity to direct one’s own life and be oneself, but the achievement in doing so. In this sense, autonomy is not the same as freedom. As Gal masterfully explains, “[A] person may be entirely free to choose a course of action without ever exercising that freedom of choice.”19 Autonomy is neither just the absence of interference with a person's sphere of action (negative freedom), nor just an individual's ability to act on one’s authentic or rational will (positive freedom), but the effective mastery over himself or his environment, where they actually decide for themselves and actually author their own life.20 According to the rationale of the liberal political tradition, it is not the ability to choose or enjoy the objects of one’s choices that is intrinsically valuable, but the act of choosing in itself.21 Acting as an autonomous decision-maker is an important “part of what makes the objects of our choices valuable to us and our way of making life our own.”22 This is the concept of autonomy as self-authorship where the exercise of the capacity to choose is considered valuable independent of whether the particular choices or acts are objectively optimal.23
Ideally, of course, autonomous choices and acts would be performed by rational, self-aware, mentally competent, and fully informed individuals. However, it might not be the ideal autonomy that matters, but the minimal conditions under which we can talk about the existence of autonomy.
Could we justifiably claim to have general personal autonomy without cognitive or intellectual autonomy, i.e., the ability to form beliefs (which in turn influence the formulation of desires in exercising our personal autonomy) without the interference of ideological persuasion, manipulation, or psychotropic substances? While debates continue regarding the extent to which general autonomy and intellectual autonomy are dependent on each other, in this paper we rely on the position that one can have personal autonomy to a meaningful extent only in case of limited interference with one’s sphere of action, including one’s cognition.
Could we claim the person who chooses to end one’s autonomy to be an autonomous person? On the procedural conception, autonomy is the act of following rational procedure to evaluate one’s desires, whether agreeing with them or just acknowledging them and their authenticity. This kind of hierarchical model (desires being on a lower hierarchical stance than their rational evaluation) was suggested in the 1980s by Gerald Dworkin and Harry Frankfurt. As a procedural conception, it does not seek to meet any value criteria (it is value-neutral). According to some, this makes it too permissive as it allows considering a person who chooses to subject oneself to slavery or severe addiction an autonomous person. Accordingly, the competing non-procedural conception of autonomy sets out certain demands regarding the content of autonomy, e.g., autonomous acts are only those that are guided by politically or morally acceptable desires, motives and considerations.24 While we do not need to argue for either position at the moment, it is important to flag the disagreement and the possibility that the most justified conception of personal autonomy may be the value-neutral one, even if our moral and political considerations lead us to consider some choices and acts more justified than others.
One operates in a natural and societal context where choices are never unlimited. Increase in certainty about the circumstances in which one operates enhances one’s autonomy, i.e., the extent to which one can be an author of one’s life as opposed to the acts and choices being shaped by limited information or manipulation. In general, the more information and transparency there is in the society, the lower the transaction costs (the lowering of which is also one of the roles of legal systems). This, in turn, is expected to lead to better functioning of liberal markets, a greater efficiency on the societal scale and more optimal deals on the level of individuals.
Would any increase in information enhance personal autonomy? Probably not. On the one hand, we can indeed expect the availability of information to enhance individual autonomy, i.e., with a richer understanding of the world, the choices that one makes would be more appropriate in their context and help one to lead one’s life in a more effective manner. With more information and transparency, one makes better choices and has a stronger sense that they are authors of their own lives. On the other hand, in case of abundance of information it is no surprise that individuals’ abilities to process it are overshadowed by the abilities of machines or artificial agents. Experimentally, we could probably observe a tipping point beyond which the individual’s autonomy is rather decreased than increased by the availability of information, depending on factors like time, the nature of information, and the tools and capacities that various parties use in the environment. With new technologies (e.g., any that benefit from abundance of information and increasingly powerful tools for processing it), we might be relinquishing our autonomy to some and increasing our autonomy via others due to their superior ability to analyze vast amounts of information that we would otherwise be incapable to process. The increase or decrease in autonomy depends on how the technologies are used.
For the purposes of this paper, it makes sense to ask whether certainty (provided by information or otherwise) is necessary for economic exchange and exercise of personal autonomy at all. For example, some could suggest that we should rather talk about the reliability of relationships or control gained over exchanges through various means. Other studies show that trust is essential for economic exchange and increases the efficiency of exchange due to the fact that it reduces the expectation of opportunistic behavior, which in turn lowers transaction costs.25 For example, Kenneth Arrow remarks that, “[v]irtually every commercial transaction has within itself an element of trust, certainly any transaction conducted over a period of time. It can be plausibly argued that much of the economic backwardness in the world can be explained by the lack of mutual confidence.”26
While the question is fair, we see that what is common to the reliability of relationships, control over exchanges, trust, and mutual confidence between parties is that they all increase certainty (or in the words of Arrow, confidence) about the environment and relationships in the context of which one seeks to make choices and exercise one’s autonomy. Undeniably, the list of factors that can contribute to certainty about one’s environment and relationships is longer. For example, literature on the imposition of information duties in EU contract law stresses the function of information duties as a tool of market regulation to cure information asymmetries between parties, to enhance private autonomy.27 Mechanisms for dealing with market asymmetries exist to create a level playing field. It is no surprise that the same idea guides the calls for transparency and effective oversight in the context of technological developments, and if successful, can lead to mimicking or even fostering trust. Among the many ways to respond to these calls, one is to introduce technologies that have the operational capability to provide transparency and oversight (e.g., blockchain technologies which we will discuss infra).
C. Certainty in Service of Sovereignty
There is also a curious relationship between certainty and state sovereignty. With more certainty about the facts on the ground, e.g., availability and accuracy of information, exercising state sovereignty is more effective, and this does not necessarily imply an undemocratic form of governance. In the context of current technological developments and geopolitical rivalry, we see that the concept of sovereignty carries different meanings. In a simplified manner, we can talk about a narrow and a broad concept of sovereignty, the latter characterizing the concept that we employ later in this paper.
The narrow concept reflects the wave of thinking that focuses on technological sovereignty (sometimes also called digital autonomy). This concept is used to characterize the global rise of distrust in technological matters: states and regional organizations are increasingly putting an emphasis on utilizing and developing their own technologies for governance and communications. They consider independent (in their vocabulary, sovereign) technological capability decisive for minimizing the potential damage that could result for the region from the use of technologies that are manufactured in other countries and could be used for foreign interference. Many governments have called for pursuing technological sovereignty or have been making technological autonomy and sovereignty core parts of their economic, security and diplomatic strategies.28 These moves have mainly focused on the exclusion of the foreign and reliance on the local.
The broad concept reflects the understanding of sovereignty that encompasses the state’s authority and control over all elements of its domestic as well as international matters, including territory, population, system of governance, and international relations. By the broad concept of sovereignty, we refer to a set of concerns extending beyond control over the technologies that are being used in the state. While these concerns might include the pursuit of technological sovereignty as part of a general strategy, the concept encompasses a variety of means that can be employed for acquiring, preserving, increasing (or also, avoiding the infringement or loss of) state authority and control over everything that is considered to be part of or an extension of the state. It is about general self-determination/independence of the state, and not limited to its ability to control the technologies that it uses in governance or that are used within the sphere of its authority.
For the purposes of this paper, let us view sovereignty as entailing both authority and control, with these elements varying among different types of sovereignty. In Krasner’s taxonomy, “Westphalian sovereignty and international legal sovereignty are all about authority, whether to exclude external actors or to make international agreements with them. Interdependence sovereignty, he argues, relates to the control of movements across borders, something that is especially challenging in an era of the internet, persistent migration, and globalization. Domestic sovereignty, in his scheme, requires both authority and control.”29 The definitions of sovereignty range from strong and absolutist concepts to more moderate ones. Siding with the absolutists, some define it as the final and absolute authority in the political community.30 Authors pointing to the ever-growing fragmentation in political affairs, instead, suggest understanding sovereignty rather in a non-absolute sense, e.g. Tully viewing it as “the authority of a culturally diverse people or association of peoples to govern themselves by their own laws and ways free from external subordination.”31 Referring to Sunstein’s incompletely theorized agreements, Kalmo and Skinner contend that definitions of sovereignty vary, authors disagree, and people who start off with some definition need not agree on what it entails in particular cases.32 All in all, we see that the concept is not on its way out yet, especially as it has become nearly coextensive with any political activity. Indeed, how else should we call or signify the decision-making power and standing of international entities like nation states?
Technologies play an increasingly important role in exercising the authority and control that states (as well as regional organizations like the EU) claim to have. “Transnational data flows pose significant challenges for sovereignty at large as well as for discrete public policies. In the last decade, the cross-border movement of digital services and products as well as the underlying data have been disruptive to a range of (…) legal frameworks, such as in particular personal data and consumer protection, and have strongly impacted on critical public interests, such as cultural diversity or democratic elections.”33 In a way, governments and organizations are, just like consumers and businesses operating with the help of algorithms and technologies, facing a trade-off between taking advantage of the benefits of digital technologies and surrendering control. In this context Osula and Ilves propose that the policy-makers’ existing toolbox, just as with the toolbox of private individuals and enterprises, needs to be continuously updated with better technological products and services.34 But what does “better” mean? For Osula and Ilves, these are technologies employing security-by-design and autonomy-by-design, which enable a level of verifiability. Their suggestion rests on the idea that governments benefit from transparency and verifiability in their operation.
While many governments might, indeed, disagree that they would do better under higher transparency and verifiability, when it comes to the sovereign control of the populations that make up a state, or a sovereign operation in crisis, a higher level of certainty about the facts on the ground has significance. Economists tell us that the more certainty we have, or in other words, the more reliable information we have, the better we can perform in economic relationships, and in relationships generally.35 Reliable record-keeping increases the state’s ability to coordinate the affairs of its peoples, thus providing good guarantees for exercising sovereignty in unstable times. In parallel, the more technologically reliable and operational the system of public administration is, the better decisions the government can take when exercising sovereignty and maintaining political continuity of the state, even in the face of conflicts and crises.
Additionally, there is also a connection between the effectiveness of sovereign control over populations and the higher degree of public confidence in the government. The latter can be increased with the help of technologies which enable (1) transparency with respect to the performance of the government, and (2) a continuous reliable exchange of information between government structures and the population. This would not only enhance the state’s ability to coordinate society thanks to an authority sustained with more transparent and reliable performance, it would also help to meet the challenges that the state’s authority poses to the personal autonomy of individuals. Logs help to keep public administration accountable. Other such tools that increase the individuals’ ability to observe, predict and control the activities of the public administration increase the individuals’ ability to control their own lives. This means greater personal autonomy for the individuals operating within the state. With certainty regarding facts on the ground and control over circumstances, individuals can exercise their autonomy, just as states can exercise their sovereignty, with a higher degree of self-rule.
Accordingly, when it comes to considering their options among algorithms and technologies, one way that states can become more effective in exercising their sovereignty is by building their systems of governance on technologies that provide a high degree of certainty. This would result in operational capacity and reliability that fragmented technological systems and paper-based governance would not achieve. Certainty can provide a step forward in economic relations, as the economists claim, but it can provide much more.
D. Testing the Concept: Blind Trust Instead of Certainty
What we have described so far is a beginning of an argument for considering technologies that build on mathematical certainty as sources of enhancements in personal autonomy and in state sovereignty. The success of the argument depends not on its correctness, but on its convincingness and the plausibility of the relationships that we have described. Let us consider one compelling argument against it.
Some critics might argue that if anything in the use of technologies contributes to enhancements in personal autonomy and sovereignty, it is not mathematical certainty underlying these technologies but (blind) trust in those operating the technologies. When we form expectations regarding the performance of technologies with reference to their underlying mathematics, perhaps we would be more justified in describing this:
Not as a reliance on the certainty of mathematics (as described above),
But rather a (blind) trust in the system architects, software developers, legislators, or law enforcement?
Let us consider a line of argument from a possible critic. For example, as we know from studies on financial markets, financial practitioners often consider quantitative investment and algorithmic trading to require more than feeding models with input data and allowing them to provide estimates or values that then determine action.36 Instead, “judgment calls, norms, and narratives complement and sometimes contest the use of sophisticated trading algorithms, complex models, and comprehensive datasets” in model use.37 In general, there are diverging attitudes towards algorithms: those of idealists, pragmatists, and pragmatic idealists, all of whom have a different understanding about what it means to put trust in the mathematical certainty embodied in an algorithm.38 The terminology has been used in studies of risk management in banks, algorithmic trading and beyond.39 It is a matter of differing attitudes toward numbers and models: idealists trust models and let their output guide decision-making, while pragmatists use model output merely as one kind of input in decision-making.40
Idealists (often the model users) believe models provide accurate representations of reality, while for pragmatists (often dominant in machine learning use) “models need to be tweaked and complemented by human judgment, intuition, and experience to fit the context of application.”41 They consider the human role central in the process of selecting and devising complex adaptive models. While the latter holds for models that are equations in a spreadsheet, this view is less intuitive with automated decision-making and algorithmic systems where the role of the human changes. Rule-based algorithms follow explicit rules established by the developer, but machine-learning models develop rules as they learn from processing data.42 Their purpose extends beyond eliminating alleged human biases and beyond being efficient, accurate, and robust. They also discover solutions, patterns, correlations and anomalies that were not explicitly specified or foreseeable in advance, thus extending human capabilities.43 Thus, instead of engaging with the model output as an active decision-maker, due to the complexities, one is limited to engaging as a passive controller.44
Trying to synthesize the idealist and pragmatist calculative cultures, the pragmatic idealists remain attentive to their capacities, being “aware of their limited comprehension of the actual big data processing undertaken by their models, and that the worth of their judgment and domain knowledge is measured by their ability to select and parameterize a model suitable for the problem at hand.”45 They put their trust in carefully devised and rigorously tested models, considering human judgment, experience and reflexivity to be central in the process of selecting the correct quantitative tools (the modelling phase) and less important in judging the model output (the model use phase).46
Supporting the criticism, this example of financial markets shows that when we discuss matters related to the reliance and possible over-reliance on algorithms, we need to keep in mind that model use and automation are not there to replace human judgment, but have been taken up to improve performance in markets and in society. With the use of machine learning, human judgment has been displaced—it has become less valuable in evaluating the model output, but more valuable and indeed central in the process of selecting and devising a model for the problem at hand. This, however, does not rule out over-reliance on algorithms in the sense of overly trusting the output of the most carefully selected and parameterized quantitative tools (as might happen in an idealist calculative culture).47
Of course, says the critic, as a remedy many have suggested greater transparency—for example, asking the designers of algorithms to reveal their sources of the data sets that they use to train and feed their algorithms. Alternatively, some have suggested broadening the use of algorithms that would monitor algorithms. Could these be a sufficient remedy against blind trust in algorithms? They would probably not, as the transparency and algorithmic monitoring by themselves guarantee neither sufficient understanding of algorithms nor oversight over their creation, modification and application for a non-specialist. They would provide increased understanding only for people with enough expertise—those with specialized knowledge in computer science, mathematics, and the field where the algorithms are applied. In a similar manner, they would simply provide better grounds for oversight for people with specialized backgrounds and qualifications for monitoring compliance with norms.
As a result, all we would be left with would be a set of carefully devised and rigorously tested systems of algorithms with a layer of professional understanding of them and oversight over their creation and application. People would have a lower need to trust algorithms blindly but would have to do so by relying on expert knowledge. Instead of trusting the system architects, software developers, legislators, and law enforcement blindly, they would do so on the basis of the qualifications of people working in these fields, as well as the accountability measures (legal or relational enforcement) that are enhanced by algorithms that monitor algorithms for better oversight in society. A universal set of accountability measures is of course lacking, but it exists at the level of smaller societies and social groups.
In sum, the potential critic argues that when it comes to relying on algorithms, it only makes sense to take the pragmatic idealist standpoint. With the use of algorithms comes a possible over-reliance on them in the sense of overly trusting the output of quantitative tools. By taking measures for professional understanding and oversight, it is possible to remedy the over-reliance via higher accountability for the creation and use of algorithms, and this would add a layer of reliability. People’s expectations regarding the performance of algorithms would then be formed with reference to the expertise of the system architects, software developers, legislators, and law enforcement (perhaps even some level of trust). However, they would rarely if ever be formed with reference to the mathematical certainty on which these technologies are built.
If the critics are right, mathematical certainty employed by algorithms is an insignificant factor in generating trust in society. If they were able to create trust, that would be true only of high-trust and technologically advanced societies. In low-trust and less technologically advanced societies, the use of technologies might, instead, generate more distrust towards those employing the technologies in business or governance.
A. Response: It is Not about Trust
The criticism is powerful, but as I will argue here, leaves room for pursuing the main argument of this paper further. In fact, it helps to draw an important distinction for us. The criticism addresses the question about the attitude that would be most justified regarding the reliability of algorithms and their results. Describing the patterns of reliance and the methods of improving the reliability of technologies, the critics put forward an account about the relationship between the subjects in technological systems and their attitudes towards the technologies. While enriching the account of what reliance on technologies requires, this criticism leaves room for considering the objective side of technologies and relationships that form in technological systems. In particular, it neither rules out nor tells us anything about whether the technologies that operate in a deterministic manner (i.e., employing mathematical certainty built into technologies via algorithms) could function as sources of autonomy and sovereignty (be they independent of, or dependent on attitudes towards these technologies). It is this account that we are still free to pursue.
We know that technological processes rely heavily on the deterministic nature of machines performing their routines. Given this, let us explore next (1) whether there are any cases where mathematical certainty-reliant technologies act as sources of autonomy or sovereignty; and (2) whether there are cases where such technologies provide certainty (e.g., evidence quality) to any tools of algorithmic accountability, e.g., transparency, monitoring, or oversight.
Hypothetically, the cases where mathematical certainty-reliant technologies improve algorithmic accountability (transparency, monitoring, and oversight) would also be cases whether such technologies act as sources of autonomy or sovereignty. This is based on the ideas that (1) mathematical certainty-reliant technologies in governance enrich a society with certainty regarding facts on the ground and control over circumstances; and (2) with increased certainty regarding facts on the ground and control over circumstances, people would be able to exercise their autonomy and states their sovereignty with a higher degree of self-rule and decrease their dependency on luck or uncertainty. To test the idea, we would benefit from studying scenarios where governments use technologies for algorithmic accountability and governance. With the autonomy of its people and its sovereignty at risk throughout history, Estonia might offer one of such scenarios. It would provide an insight into the logic behind the heavy reliance on a variety of advanced technologies in governance and the connection that this might have with personal autonomy and state sovereignty.
Electronic governance systems use technologies ranging from the physical infrastructure to the intangible infrastructure in a great variety. It is the latter—architectural and design concepts, standards, software, and key services—that make Estonia’s electronic governance distinct.48 For now, let us focus on their mathematical certainty-reliant technologies, and particularly their keyless signature infrastructure technology also referred to as KSI blockchain.49 Blockchain technologies come in many forms. In general, “[b]lockchains package transactions or sets of data into cryptographic hash-linked blocks in a sequential chain.”50 “A single block groups together multiple transactions and is then added to the existing chain of blocks through a hashing process. A hash function (or ‘hash’) is a one-way cryptographic function that provides a unique fingerprint that represents information as a string of characters and numbers. (…) Cryptographic hash-chaining makes the log tamper-evident, which increases transparency and accountability.51 Indeed, because of the hash linking one block to another, changes in one block change the hash of that block, as well as of all subsequent blocks.”52
During the long life of technologies relying on hash-trees and timestamping,53 they have been primarily used as tools for preserving the integrity of data, e.g., documenting a history of transactions based on recorded items. As such, it is not designed as a solution for achieving the much-desired confidentiality or accuracy of information. Whether something recorded on the blockchain corresponds to the facts in the world (i.e., whether it is true or not) is not only a matter of verifying whether a piece of data has been recorded in a database. It also concerns the real-world circumstances connected to the information that the data is meant to confer (the particulars about the people, items, information or values involved). However, its data integrity preservation and logging capabilities have many advantageous applications. With some blockchains, such applications are primarily in record keeping, with others they include transferring values (via cryptocurrencies or otherwise) or contracting via smart contracts to automatically execute a transaction when one or more precondition is met.54
The KSI blockchain provides continuous integrity monitoring for all kinds of digital assets and data objects. In Estonia, it is deployed in Estonia’s state information systems by the Information Systems Authority (“RIA”), an internal service provider for the government that guarantees access to the blockchain network for the state agencies via the X-Road infrastructure.55 Its main purpose is to enforce the integrity of government data and systems. It does so by employing one-way hash functions to generate digital signatures that enable proof of the time, identity, and authenticity of electronic data without reliance on cryptographic keys, secrets, or trust anchors56 and the real-time verifiability of that data.57 As a result, the authenticity of the electronic data can be mathematically proven and their history cannot be rewritten, meaning that no one (hackers, system administrators, government) can manipulate the data with impunity. As no data is stored on the KSI blockchain, it can provide the stamp of tamper-resistance for petabytes of data every second.58 The cryptography behind the KSI signatures ensures that these signatures do not expire and remain quantum-immune i.e. secure even after the realization of quantum computation.59
While some scholars find the main advantage of blockchain technologies to be the trust that they create among their users, the rationale behind the use of blockchain technologies like KSI is that there is actually no need for trust when using the technology.60 The trust that such blockchains can generate would be based on the recognition that there is certainty about the integrity of the recorded information, data and transactions (the output). This certainty about the output comes from the deterministic nature of how the cryptographic protocol orders and logs transactions and data—the mathematical certainty of its system. Providing such a certainty is the key advantage of this technology, independent of whether this also fosters trust among the users. Accordingly, we would be more accurate to describe it as a distributed zero-trust system or a no-party trust system—a system which provides certainty without the need for trust among participants.61 Such a certainty regarding the records and logs of transactions and data is highly valuable for a society and in governance, especially in the context of further expansion of data and technological capabilities to process and apply it. The larger the scale of use, the more it makes a difference.
B. Test Case for Algorithms as Sources of Sovereignty
For years, global audiences have suggested that the Estonian population is naive for letting its government employ such powerful technologies to control its population in such an extensive manner. And yet, the Estonians would be the first to know what it means for a government to control a population and suppress hope for private or political autonomy. The population has lived under empires and occupations for hundreds of years, save for two short periods of time since 1918. It is fair to ask, why are these powerful technologies really used? Estonia has a distinct history that has driven their development and fast application.
Changes happen in times of need. Estonia’s need to rebuild the country after re-gaining its independence in the circumstances of low resources and organizational challenges drove the fast application of technologies, led by several visionaries, cryptographers and engineers.62 A significant part of the vision for building the system of governance was founded on the idea about the fragility of the state and its sovereignty. For the Estonian population, even thirty years later, “[i]t continues to be an interesting question—in its insolubility—how long one must build a country in thought, before the idea can finally materialize in some circumstances. When would the necessary people need to be born? Is 50 years in advance enough? Even in the twenty-first century, not everybody is able to build their own state.”63 Reflecting the population’s appreciation of the fact that they gained not only more autonomy but also sovereignty as a state, it also reflects the normative stance against oppression and attentiveness with regard to any signs of unlimited control.
While guiding the creation of Estonia’s entire electronic governance system, one of the distinct expressions of the idea about the fragility of the state has been the creation of Estonia’s data embassies.64 The data embassies network around the world complements but is distinct from use of a datacenter or cloud solutions inside the state or the state’s use of international public clouds for governance. The data embassies are intended “to achieve the continuous operation of the Estonian e-Governance, so even if the government lost power, even if the country’s border were breached, even if its sovereignty diminished, the core operation of the government could continue, and Estonia’s symbolic and constitutional integrity could live on in an extended, intangible digital form.”65 The solution would allow the provision of both services that require the active, manual involvement of a public servant (e.g., approving requests, requiring the public servant simply to have access to the online service environment, wherever they might be), as well as the fully automated, autonomous or pro-active services, which at least temporarily “could remain operational and fully functional even in a case of a severe disruption when no public servants are able to carry out their functions.”66 The example of data embassies helps to characterize the use of the mathematical certainty-driven technologies in the entire system of governance in Estonia: they are about sustaining the state’s operational capacity and supporting the population’s political standing. Digital societies require digital measures, and the data embassies, employing the KSI blockchain for data integrity, are an important measure for keeping a digital society operational regardless of prevalent conditions in its territory, so that the “Estonian state would endure even despite an occupation of its territory.”67
C. Test case for Algorithms as Sources of Autonomy
Beyond the idea of the fragility of the state and its sovereignty, the second most influential idea underlying Estonia’s electronic governance system regards the fragility of individual autonomy within a state characterized by society’s attentiveness to the government’s accountability and fast reactions against threats to individual freedoms. In view of this, it was considered vital that the system of governance (including the electronic system) would not only sustainably limit the powers of the public administration but would keep them in check in a reliable manner. The idea was that technologies allow the creation not only of more or less transparency into the performance of the government; together with suitable operational legal measures, reliable technologies can keep the official activity of each member of the executive, legislative and judicial branches of the government in check, holding them accountable when necessary. Applying such technological and legal measures is useful even simply for the accountability within the system of governance, but the purpose of devising them in Estonia was to keep the public administration accountable to the population.
The central design principles of the system follow a well-known confidentiality-integrity-availability (“CIA”) triad which lays out the mandatory characteristics of information and data for information security policies across organizations. Their purpose is to enable accountability but also to make sure that public institutions can offer their services in a reliable manner.
Which design principle would help to achieve privacy and confidentiality of data and information across the electronic governance system? Estonia uses a strong digital identity that is issued by the public authorities and compatible across the system using one tool. This is supplemented with authorization capability through a strong digital signature that is accepted, used and legally binding both in Estonia and the European Union. To achieve secure and robust availability of data and information at all times, Estonia has structured the data collection and maintenance across the population through rules that avoid the centralization and duplication of data and guarantee that it is up to date. The guiding idea is that the state cannot ask for the same data more than once, nor can store it in more than one place (once only principle). An important part of this work is carried out with the help of the data exchange platform X-Road, which organizes a real-time, secure and regulated data exchange, saving an auditable trace after each move. To guarantee the reliability and tamper-resistance of data in the governance system in real time (and over long periods of time), the system employs data integrity technologies, the KSI blockchain,68 which allows no access to the data or unrecorded data manipulation.69
The state registries that are currently backed by the KSI Blockchain are the healthcare, property, business, and succession registries, the digital court system, the surveillance and tracking information system, the state gazette (issuing laws and regulations), and the official state announcements system, with the data embassies, smart grid, personalized medicine, cyber-defense, and electronic taxation to follow.70 Blockchain technology is used to fulfill one of the foundational capabilities of a state—to guarantee the accuracy of government data in any situation.71 At the same time, data ownership is for the people. The technology is designed to give citizens and residents the ability to verify the integrity of government data independently of its home database in real time, enabling data interoperability between systems and across boundaries.72 This is accompanied by the blockchain’s real-time capability to detect data breaches.
The data integrity technology also provides a solid evidence base for applying legal measures. The data tracker solution allows anyone with an electronic identity (Estonian eID) to “log in to the state portal eesti.ee and review the full list of queries concerning their personal information,”73 even if there has not been a specific event for which they need information. This way, citizens and residents can keep an eye on the logs of Estonia’s public administration’s activities in relation to their data, letting them observe who is accessing their data and for what reasons, as well as connecting their real-life events with data exchange logs.74 Taken with legal measures, the system gives citizens the ability to enforce the integrity of government data (e.g. by turning to or suing the state when seeing an unjustified activity from the logs), and this enables effective mitigation of insider threats with respect to manipulation and abuse of the stored data.75 However, the idea is not to engage in disputes, but to make the “behind-the-scenes” as transparent as possible,76 giving individuals greater control over the activities of the public administration and thereby increasing their control over their lives, i.e., increasing their autonomy.
While some claim that the central idea behind the transformation of the state role and the application of blockchain technology in governance is digitalization of trust, Estonia’s history of applying KSI blockchain shows something different. Various technologies may be used to encourage trust, e.g., (1) through an efficient, user-centric service delivery system that actively responds to citizens’ needs, or (2) increased transparency of a system of governance. At the same time, achieving trust in a governance system with these measures is insufficient to establish its accountability or long-term security, even where an effective legal system is in place. For accountability and long-term security, the system needs to rely on certainty of some sort.
While rich with debates, the foundational mathematical proofs provide a source of certainty that would be difficult to find elsewhere. Data integrity technologies rely on mathematical certainty and convey it to the respective parts of governance where these technologies are employed, keeping records tamper-evident and comprehensive logs of governmental activity reliable. The examples we used in this study provide reasons to believe that such mathematical certainty-reliant technologies, when applied in governance, enhance both the sovereignty of the state applying the technologies, and the personal autonomy of individuals in the state. They do so through the provision of increased control, certainty about important facts on the ground, and greater reliability of information. Thus equipped, a state becomes more effective in exercising its sovereignty while an individual gains grounds for success in authoring their own life. Providing such certainty is the key advantage of applying relevant blockchain technologies, independent of whether their application also fosters trust among the users.