Estonia is highly dependent on its information systems. Therefore, the concept of data embassies was developed: hosting server locations outside of physical space of Estonia that are legally under the Estonian jurisdiction. This would allow to create copies of key registries that could be used in case of a major availability incident in the country.
Innovation Summary
Innovation Overview
The Government of Estonia has approved the Estonian Government Cloud Strategy and its action plan includes the establishment of a network of Data Embassies. Data Embassy is an extension of Estonian government cloud, which means the Estonian state owns server resources outside its territorial boundaries. Those resources shall be under the Estonian state control, and shall be usable not only for data backup, but also for operating critical services.
The Data Embassy is established in order to ensure digital continuity of the Estonian highly developed information society. Active implementation of the “paperless governance” policy has brought Estonia to a situation in which essential registries, e.g. land register (contains information on land ownership) exist digitally only and also has evidential value only in digital form. Therefore, data embassy creates an additional security guarantee for sovereignty of Estonia.
Estonia backs up critical data and services important to the functioning of the state outside the territory of Estonia, provided that the data and the servers in the data center are protected by the same legal guarantees as the data and servers in Estonia. Thus, the main objective of the Data Embassy is to ensure the country's digital continuity: the capability to maintain services and digital data regardless of any interruptions, where the operation of the country's territorial data centres is stopped or disturbed (because of a natural disaster, a largescale cyber attack, power failure or other crisis situation). Those server resources would be fully under the control of the Republic of Estonia and it would be subject to the same immunities and privileges as the Estonian embassies in physical form.
On 20th June 2017, Prime Minister of Estonia Jüri Ratas and Prime Minister of Luxembourg Xavier Better signed the bilateral agreement between the two governments with the aim to ensure the immunity of data and the systems, which are stored in Luxembourg's government owned data centre. This agreement creates the basis for establishing the world's first data embassy. The Data Embassy accommodates the essential data and critical databases (such as Land Register, Population Register, Business Register, Land Cadastre, State Gazette and other critical information systems for operating the state functions) to ensure the continuity of the Estonian state. Beneficiaries of the Data Embassy are primarily the Estonian citizens, who will receive more reliable and secure digital society.
Additionally, it creates an extra security guarantee for e-residents of Estonia (currently there are more than 20 000 e-residents, see more information about e-residents here: https://e-estonia.com/solutions/e-identity/e-residency/) who expect the Estonian digital services to be available at anytime and location independently.
Innovation Description
What Makes Your Project Innovative?
Overall the Data Embassy project creates the new normality where the state distributes its critical data and information systems in co-operation with other states to increase its digital continuity and security. The Data Embassy is innovative from the inter-governmental relations, legal and technical perspective. With this project, first time in the world two countries bilaterally agreed to expand the Vienna convention on Diplomatic Relations to the hosting of data and information systems. Therefore, it creates a unique case study in international law and relations. Technical innovation lies mainly in the area of cyber security. For instance, how to build operating active load balancing solution between the sites which shall prevent the data loss and deal with emergence of several branches of the register in case of connection interruptions. Additionally, how to maintain and prove exactly one understanding of registry entries and of their order in case of imperfect communication between a data embassy and the Estonian server rooms. To overcome those challenges new technological solutions shall be developed, including using blockchain technology for ensuring the integrity of data for instance.
What is the current status of your innovation?
As of 2017, there are currently ongoing negotiations of Service Level Agreement of Data Embassy between Government of Estonia and Government of Luxembourg. If agreement is signed then the furnishing of the data embassy room with servers and other necessary hardware which is needed for backing up the critical data and information systems will start. The need for data embassy was identified as the result of the first cyber attacks against Estonia in 2007 where Estonia had to separate itself from internet and therefore Estonian government services where unavailable for outside world for a while. Estonia experienced how vital is to ensure the state digital continuity and how important is to provide the availability of critical services, despite of interruptions within Estonia based data centers. Idea of data embassies was discussed for several years between various cyber security experts, academics and state IT professionals. Finally, the idea was shaped and developed by Government CIO Taavi Kotka and associate professor of Tallinn University of Technology Innar Liiv. The Data Embassy project was described in Estonia Government Cloud strategy and establishing the world's first Data Embassy is written in the action plan of this strategy. The Ministry of Economic Affairs and Communication is responsible for implementing this project and building the network of Data Embassies. For successful project we need to partner with innovative governments, such as Luxembourg. Luxembourg gives us the guarantee for data and information system immunity and helps us to find out the possible solutions to overcome the technical challenges.
Innovation Development
Collaborations & Partnerships
Centre of Registers and Information systems is the public sector IT agency which has to build the secure and reliable technological solution for Data Embassy. Also, it has to provide technical capability to operate the Data Embassy. Estonian Information System Authority is responsible for security of Data Embassy and help to design the architecture of the solution. Ministry of Foreign Affairs of Estonia initiated the negotiations with the Government of Luxembourg and prepared the bilateral agreement between the countries to determine privileges and rights needed for storing the data and information systems. Key factor for successful project has been the innovative and future-looking attitude of the Government of Luxembourg. Their readiness to host the world's first Data Embassy within their government owned data center and provide the legal immunity for data and server hosting made this project possible.
Users, Stakeholders & Beneficiaries
One of the reasons the Data Embassy project has been implemented successfully is very agile and enthusiastic partners, who helped to get over the difficulties and reach to the final solution. Estonian IT agencies have done remarkable work with technological solution suitable for Data Embassy. The Government of Luxembourg has done lot of work with legal part and also has provided significant help with setting up the Data Embassy within their data center.
Innovation Reflections
Results, Outcomes & Impacts
The Data Embassy solution has drawn a new page in International law, and the idea also supports the free movement of data within European Union. Additionally, Data Embassy enables to test and implement new technological solutions for cyber security (including the usage of blockchain and secure multi-party computation technologies). The world's first Data Embassy will validate how important is to ensure the digital continuity of the state and how it is possible to build distributed systems which could help to increase the state's security and digital continuity.
Challenges and Failures
This project encountered legal challenges, primarily about how to guarantee the confidentiality and security of the critical data which lies within the jurisdiction of an another state. To overcome this challenge, the bilateral agreement between Estonia and Luxembourg governments was signed which stated the immunity for the Data Embassy. This has been the first of a kind agreement. Additionally, Data Embassy project has plenty of technological challenges (e.g. how to protect integrity and confidentiality of critical data outside of Estonia, redesign of information systems to work reliably in globally dispersed environment, etc.) which need new technological solutions. Those solutions and tools to overcome outlined challenges are currently under development.
Conditions for Success
The state will come up to the level with its digital society where digital continuity is vital. In order to secure it from cyber and other threats, physical storage of data out of the country is viable option particularly for a small state. The most crucial element for Data Embassy project is the trust between partners. The state hosting the Data Embassy has to be trustworthy, the trust needs to lie in between the technicians and lawyers. As governments utmost duty is the people, the trust from the people towards e-governments plays an important part.
Replication
The Data Embassy solution should be considered by every government, especially if the country is a digitally advanced society and a small state. Solution is needed to ensure the state continuity and functionality, despite of situations or emergencies which may hit local data centers. In fact, some governments are already also planning to establish their network of data embassies abroad.
Lessons Learned
For a good start it is important to find the partners who are thinking similarly to you and are eager to innovate. In our case Luxembourg is a very good partner as they understand the importance of digital continuity and they are ready to make efforts to increase this. The most important thing is to start moving with project and sort out the details on the go. It is important to nurture the mindset that even if there are essential risks involved in a project like this, it is still important to launch it and try it out due to its unique and innovative nature. Thus, failing should also be considered as acceptable result.
Anything Else?
Currently Estonia is implementing the Data Embassy concept in regard to an another state owned data center. However, the responsible Ministry of Economy and Information Society has come up with and piloted also an alternative where the critical data is stored within public clouds and therefore have a virtual Data Embassy. The reports of those pilots can be found here: https://www.mkm.ee/sites/default/files/implementation_of_the_virtual_data_embassy_solution_summary_report.pdf, https://www.mkm.ee/sites/default/files/transforming_digital_continuity_-_joint_research_report_finaly_may_20.pdf . This solution would increase availability and digital contuinity of the critical services, but it will also bring more serious issues with data security and confidentiality. However, this could become a universal future solution of Data Embassies.
Status:
- Implementation - making the innovation happen
Date Published:
7 February 2017