Key note: Marina Kaljurand, Undersecretary for Political Affairs, Ministry of Foreign Affairs of Estonia
Marina Kaljurand is the Undersecretary for Political Affairs at the Ministry of Foreign Affairs of Estonia. She began her career at the Ministry in 1991 and has since held several leadership positions. She has also been appointed as Ambassador of Estonia to several different countries, including the Russian Federation and the United States of America. She has played an important role as an expert and negotiator in the process of Russian troop withdrawal and in negotiations on land and maritime boundary agreements between Estonia and the Russian Federation, as well as in the accession negotiations of Estonia to the European Union and to the OECD. As of 1 August 2014, she is the Estonian National Expert at the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.
Marina Kaljurand graduated cum laude from Tartu University (M.A. in Law). She also has a professional diploma from Estonian School of Diplomacy and an M.A. degree in International Law and Diplomacy from Tufts University. Additionally, she has undergone professional training at the Universities of Lapland, Pittsburgh and Durham and at the Civil Service College in London. She is a founding member of the Estonian branch of the International Law Association and of WIIS-EST (Estonian branch of Women in International Security). She has been awarded the Order of White Star, III class, and the Order of the National Coat of Arms, III class, by the President of Estonia. She is fluent in Estonian, English and Russian.
Check against delivery
Keynote address by Marina Kaljurand, the Undersecretary, Ministry of Foreign Affairs, Estonia, on behalf of the Minister of Foreign Affairs, Keit Pentus-Rosimannus
I am very pleased to address the eighth annual EuroDIG meeting here in Sofia today. It was fascinating to read how it all started: a couple of friends meeting in a brasserie in Paris, drinking wine and using the paper tablecloth to visualize the concept of European dialogue on Internet-related matters. It reminded me of another story. A few youngsters in the late nineties in an apartment in the suburbs of Tallinn developing a file transfer program called KaZaa. These were the guys who later used the same idea of peer-to-peer technology for creating Internet phone-calls; an invention that billions of people today use as Skype. Even if the dimensions are different, and I bet that the block of flats in Tallinn was somewhat less elegant than the brasserie in the French capital, there is something similar about big things. Unfaltering commitment, constant innovation, hard work and above all passion… This has made EuroDIG a forum that has an impact: a forum with a growing number of participants and blended mix of stakeholders.
I am also happy that we are meeting here in Sofia, the beautiful capital of Bulgaria. Thank you very much for all your work in contributing to the program and of course also for your hospitality.
I would like to make a few points on what is important to Estonia when it comes to the Internet – human rights, cybersecurity, the Internet as an engine for economic growth for Europe and beyond, and internet governance as the connecting framework.
I will start with freedom of expression on the Internet. Perhaps I am stating the obvious in this forum, but safeguarding freedom of expression and opinion on the Internet is an inseparable part of fundamental rights, dignity and the worth of humans. It forms an essential part of 21st century human rights. Freedom of opinion and expression is as much a fundamental right in its own right, as it is an “enabler” of other rights, such as economic, social, and cultural rights. Adopted by consensus, the UN Human Rights Council resolution on human rights on the Internet recognizes that freedom of expression which is valid offline should also be valid online. It should therefore be simple. Yet, everybody in this room knows that it is not.
Governments violate both: freedom of expression offline and online, on the European continent as on all the other continents. In the context of technical development and increasing Internet penetration, we see that the vibrant and rapidly growing online community is often a leeway for alternative voices and popular political dissent, particularly in authoritarian countries, where traditional media outlets continue to fall under strict government control. The Freedom House Report “Freedom on the Net 2014” shows that freedom of expression on the Internet is deteriorating, and in fact had been doing so for the third year in the row. In too many countries, citizens face intimidation, threats, arrests, and fines from the state because of their activities online. Even in Western democracies, there are worrisome legal developments that seek to grant the government broader powers to restrict online content.
What could be done? What should be done? What should we do? We share the view that we do not need new documents, we need the implementation of already existing commitments. There are a number of international instruments that are at our disposal. At the UN level, we have to use the UPR process to reiterate the condemnation of restrictions on freedom of expression and call the countries in question to fully respect international human rights laws. Estonia has done so in a number of UPR cycles already and we encourage other governments to do the same. The Council of Europe has recently launched a couple of interesting initiatives. For example, a platform for the safety of journalists and freedom of expression, which is an alert mechanism where the organizations of media actors can post information regarding violations. I would also like to praise the work of the OSCE Representative on Freedom of Media Dunja Mijatovic, whose engagement is particularly important in dialogue with different governments of OSCE Member States.
Estonia is very strongly engaged in the Freedom Online Coalition, a group of 26 countries who have committed to working together to support Internet freedom and protect freedom of expression and fundamental human rights more generally in close cooperation with all the stakeholders – governments, civil society and the private sector. The coalition is supporting the digital human rights activists on the ground through funding and through moral support which is often as vital as financing. Estonia chaired the coalition in 2014 and we are proud of the Tallinn Agenda that was adopted during the high-level conference in Tallinn.
From here I would like to continue with limitations to freedom of expression. Indeed, freedom of expression is not absolute. Article 19 of the International Covenant on Civil and Political Rights says that exercising this freedom may sometimes be subject to restrictions. Those restrictions have to be exceptional, prescribed by law, be precise and clear. Last but not least, these restrictions should pursue a legitimate aim and allow for effective remedies.
One example of where restrictions may be necessary is hate speech. We have recently witnessed a wave of hate speech against women on the Internet, which is accompanied by threats including those of murder and sexual assault. This form of hate speech targets female politicians, journalists and human rights defenders, but also ordinary women who dare to express their opinion or campaign for equal rights. I share the view that if we do not combat this particular form of discrimination, we will never be able to eliminate violence against women, which is one of the most extreme forms of violations of women’s rights. And I stress again, also in this context: the restrictions should be imposed based on a strict and predictable legal framework with due judicial oversight and be proportionate to the aim.
On the European continent, it is the European Court of Human Rights which has been tasked to find the right balance between freedoms and restrictions. It is therefore in everybody’s interest that the Court has enough resources, is efficient and of course independent. Member States should implement judgments and contribute to the raising of public awareness of Court case law. In straight legal terms, judgments are binding only in regards to the state in question; however, they surely have wider policy implications.
I would also like to touch upon Internet trolling as another fairly new phenomenon. I was shocked by a story in the New York Times on Wednesday this week of how the government of one country has developed a complex myriad of trolls, who get paid based on a fixed rate per comment or post; for spreading state propaganda, sometimes hate speech and also war propaganda. Of course we cannot close our eyes in regards to such a practice. At the same time, we cannot respond by closing or restricting open spaces since the same measures may have adverse effects and worsen the conditions of freedom of expression further. I think our answer to this should be more freedom of expression and not less, accompanied by raising awareness of the threats.
When talking about freedom of expression, one should also focus on the protection of privacy. Privacy and freedom online must continuously be advanced equally and together. These are complimentary values and fundamental for the realization of other human rights and the basis of democratic societies. We all are aware that while opening up new possibilities for global citizens, the Internet can also strengthen the hands of governments in some areas where many of us would not like to see them intervening. This is not true only with respect to savvy authoritarian states, who squash protests and censor dissent, but also with respect to democratic countries, where governments have built the capacity to gather massive quantities of information concerning their people. It is not assuring anymore that phone calls, e-mails and social-networking data are collected because they are relevant to crime investigations or essential in protecting citizens against international terrorism.
The former UN Special Rapporteur on freedom of expression Mr. Frank La Rue, among others, has in one of his reports warned that broad interpretation of outdated laws are enabling sophisticated and invasive surveillance measures to flourish around the world and governments should draw new regulations that properly acknowledge their growing power. More pessimistic views have predicted that the world is galloping into a new form of totalitarianism, where the power of entire populations is transferred to an unaccountable complex of transnational spy agencies and corporations.
The key word in this debate is democratic control. I agree that some surveillance may be needed in certain justified cases, but in a democratic country it can be legitimate only if it is based on informed consent, not on blind trust in the government. The level of public scrutiny of the legal basis of any kind of surveillance has to be adequate. In simple words, it should be citizens or their elected representatives, who ought to decide what is right and what is not.
Unfortunately there is some mistrust between partners in Europe and beyond. Therefore, international co-operation is needed more than ever for ensuring that surveillance practices by state security, law enforcement agencies and private companies are in line with international human rights obligations and standards. There is a need to monitor, analyze and report about the situation in respect of the right to privacy. We therefore strongly support the creation of a mandate of the UN Special Rapporteur for the right to privacy. A new Special Rapporteur will bear a huge responsibility by creating the first image of a mandate and by being able to make recommendations to States on the implementation and realization of the right to privacy, including reporting on violations. We hope that the right person will be found to match this challenge. At the Council of Europe, Human Rights Commissioner Muižnieks has expressed his interest to look into the democratic control of surveillance. The Parliamentary Assembly of the Council of Europe has made some reasonable recommendations concerning what governments of the Council of Europe should do. We support this work.
Given the important and increasing role that ICTs plays in economic growth and social progress, as well as in the shared goal of protecting human rights and freedoms online, security constitutes an integral and necessary element in developing and sustaining modern information societies. Estonia can speak from our own experience about how an ICT-centric lifestyle and social progress can be threatened by motivated and intentional state and non-state actors. Modern states need to be vigilant, resilient and prepared against the threat of cyber-attacks.
There are several reasons why we need to take cyber security seriously. First and foremost, ICTs are vulnerable – and our dependence on the societal and governmental functions of these advanced, but inherently vulnerable technologies will only deepen at a national level and expand globally.
Secondly, the cyber realm constitutes an operational domain. Many states have announced the development of military cyber capabilities. Many more states are de facto engaged in the development of such capabilities.
Thirdly, we are facing serious challenges in the fight against cybercrime. Our failure to get cybercrime under effective control directly inhibits trust in, and therefore the development of, ICTs and the information society. We are seeing an alarming tendency of deepening links between cybercrime, transnational organized crime and serious national security threats.
The broad use of digital services demands a high level of digital security. McKinsey and the World Economic Forum published a joint paper last year estimating that the material effect of slowing the pace of technology and innovation due to a lack of cyber resiliency – could be as high as $3 trillion dollars annually by 2020. Cybercrime is also on the rise and already extracts between 15-20% of the value created by the Internet. Data breaches have been causing substantial monetary loss for years – the number of lost or stolen data records increased by almost 80% in 2014 compared to 2013. These are terrifying numbers and threats undermining the potential and value of digitalization.
Besides the fact that many countries are developing and deploying offensive cyber capabilities through their security agencies or through proxy organizations, there has been a fundamental shift to what is called advanced persistent threats – stealthy cyber-attacks directed at business and political targets over a prolonged time. Such attack objectives typically extend beyond immediate financial gain. We are fundamentally concerned about APTs. Furthermore, criminal syndicates and hacktivists are using the territory and infrastructure of states to launch attacks for political purposes or illegal gain. These are worrying trends that will affect regional and strategic stability and international relations.
In this rather gloomy state of affairs, what can states and non-state actors do to preserve openness and improve security online? A comprehensive and systemic approach to cyber security has to start at a national level. It’s not an easy task. The complexity of cyber security interdependencies is a growing challenge for all states to comprehend and manage.
First of all, states must be willing to make dramatic changes to their perceptions and practices of Internet security and governance if they are to prevent cyber attacks. Governments need to assume the role of both the protectors and the exploiters of technology. They are to protect their economic environment, critical infrastructure, as well as private and public users. As in many other cases involving cyberspace, public-private partnership is crucial for strengthening cyber security – starting from a basic cyber hygiene regime and extending to national infrastructure support of energy, financial, and health-care systems.
Like with other Internet related issues, the key is to invest in public awareness, training and education, the latter covering a broad base of e-skills. This would empower citizens to grasp how their information, communication and transactions are handled online. This would also help citizens and companies to understand what damage cyber-attacks can cause and thus encourage taking action.
Building international and interdisciplinary cooperation is essential to have and maintain a free, open and safe cyberspace.
We already have several good forums for discussions and to develop our security measures. The EU has issued its first comprehensive policy document in this area. The OSCE has come up with measures to increase transparency, cooperation, and trust at the regional level. The continued expansion of the Council of Europe Convention on Cybercrime demonstrates the growing realization of governments that by developing and utilizing a consistent and proven legal framework we can tackle cybercrime head on and eventually eliminate criminal safe-havens. Large-scale cyber exercises hosted by the NATO Cooperative Cyber Defence Centre in Tallinn are an excellent example of how countries prepare together to overcome cyber threats. Estonia is also a member of the United Nations Group of Governmental Experts that is currently working to find common normative ground on responsible state behaviour in cyberspace.
What we have learned from international co-operation is that we need to be more inclusive, if we want to succeed. We need to listen to other regions, we need to approach developing countries, not only our likeminded allies or the major cyber powers; we need to hear not only what the IT sector thinks, but what concerns many other sectors; and we need to reach out to academia to broaden our horizons. We, the governments, also have to start asking policy relevant questions from our academia, civil society and the private sector.
We have all agreed that international law applies to the cyber sphere, now we have to agree how. We do not need new international treaties, but rather a consensus on how existing international law applies to cyberspace. This can and should be a gradual process, where we examine the existing norms, both international law and politically binding instruments, to find common ground on some basic questions that concern us all. This is an area where scholars and experts can make a substantive contribution to the dialogue going on at the government level.
In the absence of commonly agreed-upon standards of responsible State behaviour, it is a task, an opportunity, as well as a duty for policy makers, academics and other experts to contribute to the ongoing discussion about norms and what is normal.
We consider it essential that countries obey the norms and spirit of international law and do not take advantage of the still pending international consensus on norms of responsible State behavior or the existing legal lacunae.
Cyberspace has unique characteristics compared to other domains and kinetic activities, but such characteristics should not be viewed as impediments to the application of international law. Instead, they suggest the need for more detailed analysis of the preconditions for, and implications of, the implementation of relevant norms.
We call on states to define and implement responsible behaviour. This is required not only to maintain international peace and security, but also to secure the societal and economic benefits that ICTs bring. For Estonia, the socio-economic and politico-military aspects of cyber security are tightly intertwined and equally important.
We need policymakers, technologists, lawyers, activists and academics to start speaking the same language. What’s more, we need for the average citizen in our countries to talk the talk as well. This is the language that starts with basic, individual cyber hygiene and ends with universally respected rules of responsible behaviour in cyberspace. This is the language of progress and stability in the cyber age, walking the walk.
Security is never absolute; at the end of the day it’s about tolerating and managing real risks.
In this context, we welcome the release of the European Commission´s digital single market strategy, an ambitious plan on how to advance the European digital single market that crosses borders, but also ensures cyber security, the protection of personal data, and helps disruptive digital enterprises to fit into the regulatory model we have developed over 60 years. We all have to work together to make this plan a reality. It will not be easy, but I am confident that Europe will continue to follow an open, liberal model that is based on the rule of law. I am also sure that we will be able to develop the regulation which is necessary to protect the interests of different stakeholders.
The debate about the European digital single market is closely connected with another major theme very important for Estonia – the preservation of the multistakeholder Internet governance model. Internet governance should be seen as the platform for many issues that I have touched upon today – freedom of expression, the right to privacy, cyber security and economic growth. There have been many discussions in different fora also during the last days here in Sofia about what the multi-stakeholder model means. But I think the essence of it is actually not so complicated. This has been best captured by the German Foreign Minister Frank-Walter Steinmeier in his opening speech of the last year’s EuroDIG in Berlin. He said, I quote, „It takes many to run the internet. And it takes many to make sure it remains free, safe and open!“ We believe that Europe should be one of the main actors defending open, free and bottom-up Internet in the major global Internet governance processes this year, be it WSIS+10 with the extension of the mandate of IGF, IANA transition or ICANN accountability.
Furthermore, we should not forget that 2015 is the European year of development and the year when Sustainable Development Goals will be agreed upon. We have to provide development assistance to less-developed countries in order to connect the unconnected billion and address different issues from cyber security threats to employing information and communication technologies for growth, public health and education. International organizations and states should review their development cooperation and technical assistance programmes and direct them more towards information society-related capacity building projects. Our experience is that this will be money well-spent. We also need a better coordination of efforts between donors and bridging the development co-operation and cyber community, the public and private sector.
Estonia has initiated cooperation with countries who would like to build a well-functioning e-governance system. We have been approached by many developing countries that have made setting up an e-government as their national objective. The first cooperation projects have already been implemented in Moldova, Georgia, Ukraine and with the Palestinian National Authority, and work is continuing with the governments of many other countries, including the region of South-East Europe.
Our proactive approach means that we have also opened up our e-government applications to the world through our e-residency program and been making many central solutions open-source. We want the entire world to benefit fully from the digital revolution, and we are ready to work with any and all countries who share our goal and dream of a free, open and secure internet for all.
I would like to end my speech by thanking everybody for being part of the EuroDIG. It is the participation of each one of you that makes this conference so special and a great venue to speak at. I will later be discussing some more details in the panel on cyber security and hope to see many of you there. I would also like to wish everyone a good continuation of the conference.