Why we do no paper work in Estonia, by ex-envoy

• Internet data poses similar risk as real-life ones

Former Foreign Affairs Minister of Estonia, Ms Marina Kaljurand is a member of the United Nations expert group of governments and experts on cyber security. Kaljurand, who chairs the Global Commission on the Stability of Global Cyberspace since March 2017, spoke with Dolapo Aina at the just concluded Transform Africa Summit 2017, in Kigali, Rwanda, on challenges of protecting internet data and the prowess of Estonia on cyberspace and cyber security. Excerpt.

Despite its small size, Estonia is known to be a giant when it comes to cyberspace, cyber security and the Internet. Why is it so for a country with less than two million citizens?
Our population is 1.3 million (we are not big population-wise) but I agree that in today’s world when you use ICTs and can not take advantage of what internet and free secure internet provides, you can do many things to promote your governance (making it open and transparent), to promote your economy; to promote cultural ties; to promote human rights and civil societies. So, ICT has absolutely just opened new opportunities and vistas for development. And our country Estonia has taken the route of trying to take full advantage of the possibilities that ICT provides. But at the same time, we have to know about the challenges. Once you are using Internet services, you are vulnerable and you have to take very good care of cyber security.

What are some of the achievements recorded by Estonia when it comes to Internet and cyber security?
Estonia was the first country to begin e voting, the first to have Internet governance, the first country to introduce Internet signatures, the first country to begin digital embassies. We believe that a lot of our data is online. For example, we don’t have paper registers or land registers (land registry is an only online registry.) So it means that we have to protect the registries and we have to make them available anytime and anywhere. So, if there might be some situations that the registries in Estonia are not available, then we have the duplicates or copies in other places. And that is why we started the project of digital embassies and the first country we are cooperating with is Luxemburg.

Are there not disadvantages having all your data online?
So far, nobody has been able to prove that any services online are less secure than offline because it is a question of security. Whenever you have human factor, there is a risk. But you have the same risk in real life; people can find files; look at files; people can compromise data on paper. So, the risks are everywhere. And we just have to be ware of the risks and take technical steps and technical cyber security measures to minimise the risks. And since, we have a lot of data online, it is always a principal question of who owns the data. Our understanding is that data belongs to the person. So your medical records are your data and only you can give access to others to see your medical data. It is not the hospital or the doctor who owns the data; it is you who owns the data. I believe these are philosophical questions and they have a lot to do with cyber security. But as I said, nobody has so far proved that Internet services online are less secure. You just have to take security in real life, online life, digital life; very serious.

Has Estonia experienced cyber attacks and what were the measures taken that other countries especially on the African Continent could learn form?
I believe we were the first country in the world to fall under political cyber attacks in 2007. We had attacks, which took down our banking services and our websites for sometime. They did not disrupt anything but they disturbing. But we learnt from there that we have to take care nationally, we need to have our strategies, laws, clear division of powers, we have to work internationally because cooperation is needed if we are talking about attribution or if we are talking about those who are behind attacks. We have learnt our lessons and we have been very vocal all over the world, at international organisations (United Nations, European Union, OSCE, NATO) talking about cyber security.

Currently, you are the Chair of the Global Commission on the Stability of Cyberspace. What is GCSC all about?
It is a multi-stakeholder platform that was launched in March201, which has twenty-four Commissioners who represent twenty-four different countries, different regions and divergent thinking and who come from very different backgrounds. Amongst them are politicians, representatives of academia, ICT experts, lawyers etc. With the knowledge in the group and with additional knowledge from our researchers, we elaborate and draft very concrete proposals and recommendations that we propose to States and Governments on how to make cyberspace stable and secure.