Estonian president: Our connected world needs a trusted architecture

A woman and Estonian company's Starship local delivery robot cross a street in Saue, Estonia, on June 1, 2018. Photo by Ints Kalnins/Reuters.

A delivery robot stops at a crosswalk. Cars begin to approach. Does the robot have the right of way, like a pedestrian? In Estonia, the car gets preference—but some human drivers wait, unaware of the rule, causing delays. And what happens when an adversarial nation owns the technology behind those robots and uses them nefariously?

That case study was offered by the president of Estonia, Kersti Kaljulaid, at an Atlantic Council Front Page event on Wednesday, and its ramifications extend far beyond a mere traffic jam. Enforcing traffic laws (and other well-meaning policies) requires effectively informing the public about these measures. And who owns the technology especially matters, with foreign nations like China able to not just weaponize the data they gather but also influence the actions of the products they make. Imagine the chaos that would ensue if bad actors told those robots to disregard Estonian law and cross busy intersections.

As one of the world’s most advanced governments in the digital domain, Estonia is among just a few countries to tackle complex contemporary problems like this one. Under Kaljulaid, 51, who was elected in 2016 as the country’s youngest and first female president, Estonia became the world’s first nation to allow citizens to pay taxes and vote online through its nearly universally adopted electronic identity (e-identity) program. In September, Estonia will host the Tallinn Digital Summit to push forward the conversation around online policies across the globe.

Kaljulaid spoke about the concept of “trusted connectivity”—making sure critical digital and physical infrastructure linking those robots and underpinning national economies is built by democratic allies and partners in close collaboration with the private sector—alongside Anne Neuberger, deputy national security advisor for cyber and emerging technology in the Biden administration. Introducing the conversation, Ambassador Paula J. Dobriansky, vice chair of the Atlantic Council’s Scowcroft Center for Strategy and Security, pointed out that “China has made massive global infrastructure investments through its Belt and Road Initiative, influencing global actors and unlocking sensitive data with potential vectors for coercion, disruption, and attack.” As the Group of Seven (G7) nations back infrastructure projects like Build Back Better World and standards embodied by the updated Blue Dot Network, “trusted connectivity offers a viable framework to counter Chinese tech and infrastructure investment,” Dobriansky said.

Below are some of the key takeaways from the discussion about how democracies can work together and with private companies to take on ambitious projects and promote global security, plus the future of connectivity in a world where technological competition presents tremendous geopolitical risks and opportunities. 

Wed, Jun 30, 2021

Estonian President Kersti Kaljulaid on combating digital threats with ‘trusted connectivity’

The Estonian president and Anne Neuberger, US deputy national security advisor for cybersecurity and emerging technology, appeared at the Atlantic Council to discuss the world’s digital challenges ahead. Here’s the full transcript.

Transcript by Atlantic Council

Cybersecurity Internet

What trusted connections look like

  • Kaljulaid warned that digital infrastructure—a term that now applies to traditionally analog spaces that have gone digital like smart highways, electric railroads, and air routes—increasingly depends on platforms and technology that could become unreliable or even unusable if made by questionable partners: “Today, the element of who has made this technology and who may have control over this technology has to come into the game,” Kaljulaid said.
  • The Three Seas Initiative, a public-private partnership including twelve European Union (EU) nations bordering the Baltic, Black, and Adriatic seas, is working to create common regional agreements on best internet practices and to pool investments in digital infrastructure. The aim? To build digital trust “in a layered way,” as Kaljulaid put it, in a similar manner to how international norms around traffic rules, driver’s licenses, and mandatory airbags created confidence in driving cars across borders.
  • Some worry that the upfront cost of investing in digital infrastructure could be a deterrent for some countries still reeling from the economic impact of COVID-19 closures. But after a spate of global cyberattacks during the pandemic—including attacks on US pipelines and German and French hospitals—Neuberger pointed out that there is “a sense of urgency and a sense of shared collective threat that is very helpful to making rapid advancements.” 

Building trust in a dangerous world

  • “What we’re grappling with today is that we have our lives, our economies, and our critical services built essentially leveraging an internet which wasn’t built for the level of connectivity and reliance we have today,” Neuberger said. That presents significant challenges, she noted, but also “the opportunity to build this next generation secure from the bottom up with principles that allow us to make them far more defensible.”
  • Yet hardening these defenses, as Neuberger acknowledged, involves a difficult balancing act between privacy and security. “We’re a proud democracy. We want our citizens to feel confident that their civil liberties and privacy are protected online,” she said. But in order to counter cyber crimes, governments need some visibility into internet activity. Neuberger said that while the US government has “very limited” domestic monitoring of networks, it could form “purpose-built information sharing” with cloud and internet service providers to identify threats
  • Transparency and accountability are key to building trust in digital services. But government policies may still need to leave space for calculated ambiguity. “If I see a malign act coming towards me from one country, this country may be supporting this or this country may simply be, let’s say, a failed state in the digital sphere, unable to do something about it,” Kaljulaid said. As a result, some of the more developed digital nations, including Estonia, want to create “some strategic ambiguity” in their guidelines for cyber conduct.
  • Building trust must start with encouraging a concept of “cyber hygiene,” Kaljulaid said. That should include a multi-sector approach—from companies investing in defending their data to government officials encouraging good behavior. “You cannot really demand this [from] the citizens,” Kaljulaid warned: Establishing digital hygiene first requires that governments provide citizens with the tools they need, including “a digital ID which encrypts the communications between both sides and also guarantees that everybody is who they have said they are.” It also requires establishing common infrastructure standards for the private sector to work toward as companies build these networks.
  • The approach may require convincing consumers to give something up too. Though the Biden administration has reversed the Trump administration’s push to ban the Chinese-owned video app TikTok, Neuberger indicated that the White House isn’t exactly embracing the app. “What was so concerning about TikTok was the aggregation of data about individuals, about society, and the potential for [using] that information to target individuals based on whether they … have controversial views,” she said. Neuberger added that governments therefore must educate citizens about such risks and arm them with the proper tools to secure their online lives.

Can I see some ID?

  • Estonia is a trailblazer on digital IDs, with 98 percent of its citizens having one. The benefits of digital IDs range from authenticating identities without physical contact to granting instant digital access to health, bank, and government records to providing the ability to vote remotely—all capacities that became critical during the pandemic.
  • A digital ID can foster trust among citizens too, Kaljulaid noted. Take a common challenge in the United States: trying to confirm that somebody who you’re talking to online is who they say they are. Estonians don’t have to wonder, Kaljulaid said: They can simply ask the other person to log in with their digital ID. “No Estonian simply trusts somebody on Google or Facebook who says they are called Pete or John,” she said. “This is where trust starts… [knowing] with whom I’m acting and transacting online.” 
  • Building public support globally for digital IDs is difficult, in part because of rampant fears of government abuse in countries such as the United States, Germany, and the United Kingdom. Both Kaljulaid and Neuberger said governments must make such technologies easy to use or else they won’t be used. Governments must also make it in the public’s interest to adopt digital IDs or government-supported digital services, Neuberger said, adding that the rising frequency and awareness of fraud online “underscores the potential value of a digital identity.” 

Nick Fouriezos is an Atlanta-based writer with bylines from every US state and six continents. Follow him on Twitter @nick4iezos.

Watch the full event

Further reading