Text resize: A A
Change contrast

Estonia combats hacking with world’s first data embassy

On June 20th, the prime ministers of Luxembourg and Estonia signed agreement establishing the world’s first data embassy — a secure building where Estonia will store its critical government and institutional data outside of its own borders.

June 27, 2017 - Aliide Naylor - Articles and Commentary

hacking-2077124 960 720

“This is the first data embassy in the world. Its establishment is part of the Estonian general strategy of data management and fundamentally a double guarantee to our data and services,” Estonian Prime Minister Jüri Ratas stated upon its confirmation.

The data embassy will be much like a traditional diplomatic embassy, in accordance with the Vienna Convention adopted in 1961: a piece of foreign territory within another country’s borders. Luxembourg, despite hosting, will not be able to access the data and will not pay any of its costs.   

The small Baltic nation bordering Russia is going to such innovative lengths in part in response to the growing risk of cyberattacks upon its critical digital infrastructure. The country has digitised its banking, voting, contracts, taxes and even its garbage.   

“In Estonia, we have reached such a high level of digitisation of government and society that for us there’s no more option to go back to paper. It means that we have to do all we can to ensure security of the systems and information we are working with,” said Government Chief Information Officer Siim Sikkut in emailed comments.

Estonia has learned the hard way about why data security matters. The Kremlin has been implicated in hacking, most recently in relation to the US elections, hitting voting systems in 39 states according to recent reports.

But the country had an earlier wakeup call. Back in 2007 Estonia saw a wave of cyberattacks targeting media, government and financial institutions amid a heated dispute with Russia.

Citizens encountered problems with banking systems and prominent media outlets and government ministries were targeted. The attacks followed Estonia’s relocation of a Soviet monument from central Tallinn to a military cemetery on the outskirts of the capital. Estonians viewed Red Army soldiers as occupiers and the statue a reminder of the torment they suffered at the hands of the forces. The EU and NATO did not directly accuse Russia of being involved, although it was widely seen as responsible.

The data embassy will store citizen’s data on the territory of another sovereign state. In the event of another cyberattack, there will be backup “outside our borders,” said Sikkut. “We would want it to be fully under our jurisdiction (including laws) and control – which privately offered clouds don’t really allow.” This means that a physical attack would also be easier to circumvent and a data embassy is not only useful to defend against an online attack — it is helpful in the case of a ground invasion, too, which is something the country still fears.

“We have a very aggressive neighbour,” said Hannes Astok, the Deputy Director of Estonia’s e-Governance Academy. Jaan Priisalu, a NATO cyber-defence fellow and a researcher at Tallinn University of Technology echoed this concern. “In the first order it’s a defence mechanism, and it’s a deterrence mechanism,” said Priisalu recalling Estonia’s previous experiences with being subjected to Soviet occupation.

“We can continue the government even if we lose the territory,” he added. “One of the goals is to take over or suppress existing institutions. When you’re able to continue those institutions even if the territory is occupied then you’re raising the price of occupation.” 

Natural disasters may be another situation in which data embassies could be beneficial, said Astok, especially for smaller nations at high risk. “It is a good role model for countries in the Pacific or Caribbean, that have endless earthquakes or tornadoes or whatever, landslides. But we have other risks,” he said, suggesting that the military threat could be more severe than natural disasters in the Baltics.

Data embassies are not the only unique idea coming from Estonia, which has swiftly marked itself out as a global leader in e-governance in the past few years. Recently, it began offering e-citizenship to residents of other countries (that is, offering foreigners the chance of basing their business in the country), and earning itself the nickname E-stonia. In the wake of Brexit, Estonia saw applications rise, a WIRED report found.

Estonia, according to Sikkut, expects its data embassy to be active by the end of 2017. In the meantime, the idea of a data embassy could easily take hold elsewhere. Estonia is currently helping Jamaica set up a fully digitised government system with the help of the country’s e-Governance Academy, and this new approach to data protection may soon start to spread globally too. However, it might only be applicable to smaller nations.

Priisalu said there are two requirements: “One is that you have to be so small that those kinds of disasters will actually take the whole territory of your country,” he said. Secondly, “you must have electronic government at the level you have something to store.” 

Aliide Naylor is a British journalist, editor and researcher. She formerly worked at The Moscow Times in Russia and is a contributor to citizen media network Global Voices. She holds a BA in History from the University of London and an MA in Russian Studies from the European University at St. Petersburg.

, , ,


Terms of Use | Cookie policy | Copyryight 2024 Kolegium Europy Wschodniej im. Jana Nowaka-Jeziorańskiego 31-153 Kraków
Agencja digital: hauerpower studio krakow.
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active
Poniższa Polityka Prywatności – klauzule informacyjne dotyczące przetwarzania danych osobowych w związku z korzystaniem z serwisu internetowego https://neweasterneurope.eu/ lub usług dostępnych za jego pośrednictwem Polityka Prywatności zawiera informacje wymagane przez przepisy Rozporządzenia Parlamentu Europejskiego i Rady 2016/679 w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i w sprawie swobodnego przepływu takich danych oraz uchylenia dyrektywy 95/46/WE (RODO). Całość do przeczytania pod tym linkiem
Save settings
Cookies settings