Security and Privacy in Estonia

ID Cards and Data Privacy

The decision to issue compulsory eID cards in Estonia was taken in 2000, and the first cards were introduced in 2002. The scheme is regulated by the Identity Documents Act. Data on all holders - including the personal ID numbers - are available in a public certificate directory

The cards contain two authentication keys, and a unique personal email address which is designed to be valid for life. It is used to forward communications to an individual’s ‘real’ email accounts. By the end of May 2005 around 765,000 cards had been issued to citizens.

There were no real problems with the issue of compulsory ID cards: it is possible that this is a remnant of the Soviet days, in that people have traditionally been used to being required to carry identification. However, the cards are seen as extremely useful for everyday life. The majority of Estonian citizens (over 70%) now use the Internet regularly and easily for transactions ranging from online banking to travelling across Europe.

The eID cards allow an Estonian citizen to access all data held on them. By inserting the ID into the smart card reader on a computer and keying in two security codes, a person may - through just the one portal - pull up details held on approximately 20 databases which contain a wide range of information including personal insurance policies, entries on the land registry, or registration number and model of car. Medical records are not yet available online.

The Data Protection Act is strictly implemented. Identity fraud - currently of concern in the UK - is not an issue in Estonia. It is not possible to obtain a copy of somebody else’s birth certificate, and the security measures in place offer an advanced level of protection to personal privacy. The operation of the Data Protection Act is overseen by the Data Protection Authority.

Access to databases holding personal information is only internal. Currently there are 12 people - all of whom have been security-vetted - who have the right to access the data. It is extremely difficult to get into the system. No computers storing these databases may be connected to the Internet, and all computers have at least two different passwords which the user has to key in to gain access to the information. Codes to access personal information are secret and are protected by the Data Protection Act. They are only accessible to the police or tax officials after a court order has been issued. The Ministry of the Interior oversees the operation and is accountable for it.

On the other hand, the Centre of Registers and Infosystems provides public access to a variety of databases containing information about companies, land registries and property. An inquiry into a trading ban database, for example, will reveal the name, personal identification number and date of court proceedings related to the person in question.

Work to enhance network security and the protection of privacy is continually advancing. Most recent developments include the launch in May 2006 of CERT Estonia. This unit has been established with the aim of contributing to awareness-raising and helping users in the implementation of preventative measures and in reducing damage from network security incidents.

An episode which took place in 1996 served to highlight the importance of installing and operating robust systems and procedures which are tested and updated regularly for security. Imre Perli was employed as a computer specialist in the Police authorities, working on facilitating access to information, with the goal of enabling single query access to all required data. While he carried out this task effectively, security measures had not been put in place to prevent him from stealing the information and making it into a separate database. Designing this with ease-of-use in mind, he sold it to various businesses, criminals, newspapers etc. The value of the information in the database reduced over time, as he had no access to newer data with which to update it; in addition, the database was copied and he was not paid for it. To fund his lifestyle, he then turned to manufacturing amphetamines. He died in April 2000 during a police raid on his drugs laboratory: the official version was that he took an overdose when he saw the police approaching. Not real challenge to this account was advanced. It was the end of a humiliating affair for the police authorities.

E-Voting

Estonia is particularly keen on developing an information society, and sees this as key to the public infrastructure. It was the first EU state to use an e-voting system in elections. The company to develop the system was chosen through public tender. (In Estonia there is a requirement for all public contracts with a value of over 20,000 Euros to be advertised for public tender).The company was vetted for security before proceeding to develop the unique e-voting system.

The system was tested by a variety of independent auditors, encompassing both Estonian and international IT specialists: none had any involvement in the development of the system. All reported that it functioned very well and was entirely secure.

The system is quite complex. To vote electronically, a citizen needs to have an eID card. Although these are compulsory in Estonia, not all citizens have yet obtained one. The cards are certificated for three years and contain two pin numbers: one for ID purposes and one for digital signature purposes. A smart card reader is required for computers.

The problems in implementing the e-voting system were not concerned with technical issues. They centred on the security of private information. The system was widely debated between the political parties, with the privacy issue at the forefront of debate. Most Estonian parties signed a Good Practice Agreement. However, a constitutional debate took place over the issue of secrecy of e-voting and how a person may be guaranteed privacy while voting. For example in work places, a manager might suggest that staff may use a particular machine equipped with the appropriate smart card reader to register their votes, and in such cases secrecy may not be guaranteed: for example, someone might be able to see how an individual has voted, or there might even be pressure for a person to register a vote for a particular party. To circumvent this issue, Estonians voting electronically have been given the option of having 2 or 3 days to change their vote, with the final one taken as the one which counts.

The question arises as to whether it is constitutional to allow e-voters the option of changing their vote, when this is not available to people voting by traditional means. Some people were therefore against this idea, possibly because their voters might not be among those most likely to be using the new system. Due to these concerns, the President initially refused to sign the Bill enabling e-voting, and the matter was referred to the Supreme Court. The basic aim of the constitution is the guarantee of free choice: as privacy when e-voting can be seen to guarantee the expression of free will (through the option of allowing someone to change their vote), it was ruled that there was no constitutional problem with the system, and the Bill was passed.

Access to data is restricted to those carrying out work on the system and to members of the electoral commission who use it for research purposes. A possible problem of secrecy of private data could arise where, for example, only one person has voted electronically in a district, and that vote can be seen to have been cast for the Reform Party. However, as the incidence of e-voting increases, this problem should resolve itself.

The system works like a double envelope. The outer envelope contains the personal identification, while the inner envelope contains the actual vote. The vote is encrypted: no one can understand how you have voted. It requires five people - all of whom are vetted - within the electoral committee to access a vote, using five different security keys. The Estonian authorities are confident that data cannot be tampered with. E-votes are recorded on one server only. However, ICT experts argue that double envelope systems are far from fool-proof.

In the local elections a total of 9000 people voted. These were mostly people who would have voted anyway. However, e-voting is seen as an important means of encouraging young people to participate in the electoral process. Surveys of e-voters showed that the experience was seen to be positive: people are ready and willing to explain it to others. Estonians living abroad are particularly happy with the system, as it gives them an easier means of casting a vote.

The Estonians believe that they have made a good start with e-voting, and the system will be extended to national elections. E-voting did not change the political balance. The Reform party polled a majority of e-votes.

Transparency in Governance

This widespread use of IT has enabled government ministries and others providing public services routinely to communicate via email and use the Internet to publicise information.

All institutions have an obligation to adhere to The Public Information Act (2000). High-level civil service staff must place all their details online for public availability. This information typically includes details about education and career. The publication of salary scales and declarations of interest are also required. Some institutions provide more information than others; obviously, where issues of national security are concerned, secrecy is maintained.

Unlike in Finland, officials do not have to reveal how much tax they have paid in the previous financial year, though they may if they choose to. Each year the media compiles a table of millionaires in Estonia: the individuals concerned have to agree to their name being revealed. The Public Tax Office may not release this information without permission.

To enhance joined-up government and inter-operable administration, an electronic ‘approval’ system has been established between the state ministries (eoigus.just.ee). When a new law is drafted, it is published on the web-site so that all the other ministries and relevant institutions can view it and comment on it. Once changes have been taken into account and approval has been given, the law is sent to the government for discussion and ratification. The Government’s agenda is published weekly on a public website. This meets the requirement for disclosing basic information about impending government business.

Transparency in Public Procurement

There is a particular concern with sharing public financial visibility. For instance, Estonia has a strict code of conduct covering public procurement issues. It is a legal requirement that all public contracts worth more 20,000 Euros are publicly advertised for tender. Three bids should be acquired before a decision is made.

However, there are potential problems with this system: for example, a person may have already decided that he/she wishes to purchase a particular fleet of cars, and will tailor the specification to fit only one model; in other cases, it may not be possible to acquire three bids because the product is manufactured by only one company. Computer software programmes can be especially problematic, particularly when the company which draws up the detailed specification is not allowed to put forward a tender for the actual work.

With the bigger procurements, it is more difficult to find loopholes in the procedures. One problem recently arose with a University of Tallinn project, when it came to light that the specialist who was designing the technical specifications had become involved with the bidding companies. He was sentenced on 5 May to 5 years in prison, demonstrating how seriously corrupt practices are dealt with in Estonia.

In the Public Procurements Office of one government department, measures to control corruption and ensure fair practice involve strict checks and balances. Projects involving expenditure of more than 300,000 kroons are advertised for 14 days and must attract a minimum of three competing bids. A sub-section advertises EU-wide bids, which are open for 60 days. Checks on the winning bid will then be carried out. For example, if a new IT system is required, the written technical description will be passed to the Bureau of Procurements, where it is scrutinised for legal aspects before being published online. As the winning bid is made public, it is easy for somebody who believes that they have offered a better solution to ask questions about the outcome of the process. The Director of the Board is accountable to the Interior Ministry.

The State Auditor is nominated by Parliament and serves for five years. This post is traditionally viewed as a step on the ladder into a career in politics. The legal powers of the State Auditor’s office encompass responsibility for auditing the entire state budget. A different ministry is chosen for scrutiny each year. All audits are public (unless subject to state secrecy). In the case of the Estonian Security Police, for example, the state budget is made public, but there is no breakdown on figures to account for how the money has been spent.

Opening Borders - Schengen

The major concerns about border security in Estonia focus on the lack of sufficient staff and the poor pay levels and general over work. Motivation among the border guard staff is therefore not high, leading to possibilities for corruption. However, although there were some cases several years ago, there have been no recent high-profile ones. While the whole border (including that in the lake which divides Russia and Estonia) is secure, there is an overall requirement for more border staff; better equipment is also needed.

Membership of the Schengen zone will lead to changes in procedure, as Estonia will become the outer border of the EU. The border with Russia is therefore of particular concern. However, the relationship between the Estonian Border Guard and the Russian Border Guard is particularly good, with data easily shared between the two. There is an excellent exchange of information, both on formal and informal levels. There is confidence, therefore, that efforts to use this border as a means of entering the EU illegally will be largely unsuccessful.

Security of personal data held by the Ministry is of paramount importance. The personal data is subject to the controls of the Data Protection Act and the Data Protection Inspectorate. There is confidence in the security of the systems, which are constantly monitored for problems.

Estonia is due to join the Schengen system in October 2007, and the formal evaluation for membership starts in May 2006 in St Petersburg, continuing in Kiev in June; sea borders will be assessed in July and land borders in September. This evaluation is carried out by representatives from across the EU, with expertise in particular areas. The land border evaluation will for example involve experts in land border issues. All member states may participate if they want to.

Although Estonia expects successful evaluation in all areas, membership of the Schengen zone may well be delayed due to the problems in constructing the new SIS II and in updating information available, which may mean that it is not ready in time for the new countries to join on schedule.

The lack of access to the current SIS poses the biggest problem, as Estonian security agencies and the Border Guard are unable to verify the validity of the information currently held on the system. It is possible data is incorrect; for example, there might be instances where an individual with the same name as a wanted person has been wrongly registered. The lack of access to the system prevents the correction of such errors, and may also have a detrimental effect on any EU-wide efforts to identify and detain possible suspects.

Schengen is seen as a positive step forwards for Estonia, encouraging ease of travel for tourists in particular, who form an increasingly important part of the economy. The issue of illegal immigration is not viewed as of pressing concern: Estonia is apparently not a popular destination for reasons varying from the climate through to the lack of any existing immigrant community; in addition, the social welfare available in Scandinavian countries is at a higher level than the low salaries on offer in Estonia. There have been only 2 or 3 applications per year from asylum seekers in recent years. The earlier Schengen convention articles on asylum seekers have now been changed by new EU directives, and the law in Estonia corresponds to these requirements. Similarly, there are no real concerns about the free movement of workers across the EU. Many Estonian businesses offer only low-skilled and low-salaried jobs. Estonian is a difficult language to learn, and yet knowledge of it is a requirement for most jobs, and also for acquiring citizenship.

Corruption

Corruption is not seen as a major problem in Estonia. Civil Servants are particularly careful. Estonia is a small country where ‘everybody knows everybody’. As the economy develops, there is less reason to take bribes and risk one’s entire career. Overall, the Civil Service has developed to the point where it is cleaner and more accountable. Officials are bound by a code of conduct.

Incidences of corruption do still occur, however. For example, the Estonian Security Police recently arrested a regional court judge in Harju Country. This is part of a larger enquiry which began in 2003 when the Deputy Mayor of Tallinn was arrested over a scandal concerning a water company. The judge became involved when he allegedly asked a middleman to approach one of the water company businessmen and ask for a million kroons in bribes in return for passing a lighter sentence. The defendant was informed about the offer. However, instead of accepting it, he contacted the police, and an operation was set up in which money was passed in order to gather evidence. As there are three 3 levels of courts in Estonia - county court, district court and state court - this attempt at corruption seems particularly inept: it is likely that the decision of the judge would have been sent for appeal at a higher court anyway.

Corruption and other illegal activity is also one of the major concerns of the Environmental Inspectorate. The Ministry of Agriculture issues licenses for exact quotas for each fishing vessel, which has a log book system for detailing every catch. The biggest problems are seen in the coastal fisheries, and many instances of illegal activity have been identified in this area, particularly within the fish processing plants. For example, from figures submitted, it appears that more fish is being exported from Estonia than is actually caught. Perhaps surprisingly, recreational fishing is also a problem. Two regions - SW Estonia and Lake Peipsi - are involved in winter ice-fishing. One ice fisherman can catch 10 kilos of fish per day: there are thousands of such people in action each day. They sell the fish to the fish processing plants, with some plants even sending transport over to collect the catch.

However, the most publicised incidences of corruption are seen in the local municipalities, where various cases have arisen in recent years. Municipalities have their own tax revenues and budgets. Because of problems of corruption at local level, it was agreed in 2005 that municipalities should now be audited annually, with all finances scrutinised; however, there is currently a lack of trained personnel to implement this new control mechanism.

In Tallinn, one recent issue which has come to light is the sale of 3000 square meters of land which is in a prime location in the Old Town. The market value was estimated at some 75 millions kroons. However, Tallinn Council has bought the plot for 150 million kroons. They do not plan to develop the site: it will be used as public green space. It has been suggested that this deal has gone through as a means of paying back money owed for election expenses. The case caused such disquiet that one of the opposition parties tried to put a halt to the deal in court; however, as no legal rules were broken, and as Tallinn Council (currently ruled by the Centre Party with an absolute majority) had made the agreements, the case was unsuccessful.

A case currently proceeding concerns the apprehension of 26 traffic police officers, who have been charged with corruption offences after a long investigation. It might be noted that the Interior Ministry has recently reformed the traffic police (who were notoriously easy to bribe). They were given pay rises and are now more reluctant to risk their jobs for short-term gains.

One Res Publica official believes that the core of corruption lies in certain political forces, and that most corruption occurs within the Estonian political system, as this is the place where it is possible to organise it. Interest groups also play a role.

Res Publica ran in the General Election on a ticket of ‘order’, or tough and strict rules both within the country as a whole and within the political system itself. Altogether gaining 26 out of the 101 available seats, they are the largest Opposition party in the parliament, which is now dominated by the Reform Party. As part of a coalition government, Res Publica initially held some of the most important posts, including the premiership, but in March 2005 Prime Minister Juhan Parts submitted his government’s resignation after a vote of no confidence in Justice Minister Ken-Marti Vaher’s tough anticorruption programme. The Ministry of Justice had introduced legislation aimed at addressing the problems of corruption within the civil service more effectively, through proposing that a specific number of cases should be investigated and taken to court each year. This was a highly unpopular move, and was viewed as reminiscent of Soviet-style intrusion; it allowed the Reform Party to seize the issue as a means of demanding a vote of no confidence in the government, and ultimately to take over the most important posts in the administration. Andrus Ansip became Prime Minister in April 2005.

While in power, Res Publica prohibited donations from private companies to political parties: when money is donated now for election campaign expenses, the individual is personally identified. Parties receive funding from the state budget, with amounts calculated on the number of votes polled.

Res Publica also prohibited public political advertising during elections, and this led to a creative way of circumventing the ban. The Centre Party (Keskerakond) always runs the biggest public campaigns, despite - and no doubt contributing to - having the most loyal voter base. During the last elections, Tallinn Dairies (previously a donor company to Keskerakond) launched a new product called ‘K’. Keskerakond also happens to have ‘K’ as its logo. The advertising campaign for the new product used the party colours and the slogan ‘K Cares’. No legal rules were technically broken, although the company was fined.

Somewhat ironically, Res Publica has itself recently become embroiled in a political scandal, with the resignation on 29 March of Res Publica’s Tallinn City Council member, Oleg Rebane, after allegations that he had offered a representative from the Centre Party, Tonis Bittman, one million kroons (64,000 euros) to defect to the opposition. The motivation behind the bribe was apparently the desire to oust the Centre Party Mayor. The conversation between Rebane and Bittmann was taped. The Prosecutor’s Office, however, ruled that there was no evidence to support criminal charges, while opposition parties on the Council accused the Centre Party itself of staging the incident. The Estonian President, Arnold Rüütel deemed the episode serious enough to speak publicly about it, and warned that such dishonesty in Estonian politics could lead to a serious crisis in Estonian democracy itself. (http://www.baltictimes.com/news/articles/15043/)

However, as noted above, it is widely believed that corruption has been effectively minimised in Estonia, and that the country offers an excellent role model to other East European states. Similarly, the degree of openness and transparency encouraged within governance and throughout society is presented as placing Estonia at the forefront of current developments across the EU.

Interviews carried out with:

Liia Hänni, Program Director, e-Governance Academy

Indrek Kukk, Jurist, Centre of Registers and Infosystems

Piret Lilleväli, Advisor and Schengen Coordinator, Internal Security Policy Department, Ministry of the Interior

Jaak Põlluaas, Former Political Secretary of Res Publica

Jano Purga, Senior Internal Auditor, Estonian Rescue Board

Tarvo Roose, Deputy Director General, Environmental Inspectorate

Useful Links

Government of the Republic of Estonia

http://www.valitsus.ee/?lang=en

Estonian ID Cards and digital signature

http://www.id.ee/pages.php/0303

The Estonian ID Card and Digital Signature Concept Whitepaper

http://id.ee/file.php?id=122

Estonia Informatics Centre

http://www.ria.ee/index.php?lang=en

Legal Acts governing the Centre of Registers and Infosystems http://www.eer.ee/oigus_eng.phtml

Estonian Data Protection Inspectorate

http://www.dp.gov.ee/index.php?id=14

Estonian Information Portal

http://www.eesti.ee/eng/?style=2

Estonian Legal Language Centre

http://www.legaltext.ee/indexen.htm

Estonian Legislation

www.eoigus.just.ee

Estonian State Information System

http://www.riso.ee/en/

e-gov

http://www.riik.ee/en/

e-Governance Academy

www.ega.ee.

Estonian eGov -policy, interoperability, services

http://www.tieke.fi/

Chancellor of Justice

http://www.oiguskantsler.ee/?lang=eng

Citizenship and Migration Board

http://www.mig.ee/eng/

National Archives of Estonia

http://www.ra.ee/?topic=25

State Audit Office of Estonia

http://www.riigikontroll.ee/?lang=en

Public Procurement Office

http://www.rha.gov.ee/?lang=en

Estonia Public Service and the Administrative Framework Assessment 2002 http://www.sigmaweb.org/dataoecd/38/25/34963238.pdf

Corruption and Anti-corruption Policy in Estonia (2002)

http://www.eumap.org/

Transcript of speech given by Mr Siim Kallas, the European Commissioner for Administrative Affairs, Audit and Anti-Fraud, on 24 November 2005

http://www.egov2005conference.gov.uk/

History of Data Protection in ESTONIA

http://www.privireal.group.shef.ac.uk/content/dp/estonia.php

Further developments on the state information system were announced in February 2006, with the aim of providing a clearer overview of the country’s IT resources.

http://www.ria.ee/?id=27313&&langchange=1

Statewatch Analysis

SIS II: fait accompli?

Construction of EU’s Big Brother database underway

http://www.statewatch.org/

Information on the Schengen Convention

http://ec.europa.eu/justice_home/

SIS II

http://europa.eu.int/rapid/

Breaking Barriers to e-Gov

http://www.egovbarriers.org

Relevant Legislation

Databases Act

Passed 12 March 1997

This Act provides for the procedure for possession, use and disposal of state and local government databases, for the general principles of maintenance of databases belonging to the state, local governments and persons in private law, and for release and use of their data.

http://www.legaltext.ee/text/en/X1060K6.htm

State Secrets Act

Passed 26 January 1999

This Act provides the definition of a state secret, information which is classified as a state secret, access to state secrets, and the bases of the procedure for the processing of state secrets and classified media.

http://www.legaltext.ee/text/en/X30057K6.htm

Identity Documents Act

Passed 15 February 1999

This Act establishes an identity document requirement and regulates the issue of identity documents to Estonian citizens and aliens by the Republic of Estonia.

http://www.legaltext.ee/en/andmebaas/ava.asp?m=022

Digital Signatures Act

Passed 8 March 2000

This Act provides the necessary conditions for using digital signatures and the procedure for exercising supervision over the provision of certification services and time-stamping services

http://www.legaltext.ee/text/en/X30081K4.htm

Public Information Act

Passed 15 November 2000

The purpose of this Act is to ensure that the public and every person has the opportunity to access information intended for public use, based on the principles of a democratic and social rule of law and an open society, and to create opportunities for the public to monitor the performance of public duties. http://www.legaltext.ee/text/en/X40095K2.htm

Personal Data Protection Act

Passed 12 February 2003

The purpose of this Act is protection of the fundamental rights and freedoms of natural persons in accordance with public interests with regard to processing of personal data.

http://www.legaltext.ee/text/en/X70030.htm

Information Society Services Act

Passed 14 April 2004

This Act provides for the requirements for information society service providers, the organisation of supervision and liability for violation of this Act.

http://www.legaltext.ee/text/en/X80043.htm