A delivery robot stops at a crosswalk. Cars begin to approach. Does the robot have the right of way, like a pedestrian? In Estonia, the car gets preference—but some human drivers wait, unaware of the rule, causing delays. And what happens when an adversarial nation owns the technology behind those robots and uses them nefariously?
That case study was offered by the president of Estonia, Kersti Kaljulaid, at an Atlantic Council Front Page event on Wednesday, and its ramifications extend far beyond a mere traffic jam. Enforcing traffic laws (and other well-meaning policies) requires effectively informing the public about these measures. And who owns the technology especially matters, with foreign nations like China able to not just weaponize the data they gather but also influence the actions of the products they make. Imagine the chaos that would ensue if bad actors told those robots to disregard Estonian law and cross busy intersections.
As one of the world’s most advanced governments in the digital domain, Estonia is among just a few countries to tackle complex contemporary problems like this one. Under Kaljulaid, 51, who was elected in 2016 as the country’s youngest and first female president, Estonia became the world’s first nation to allow citizens to pay taxes and vote online through its nearly universally adopted electronic identity (e-identity) program. In September, Estonia will host the Tallinn Digital Summit to push forward the conversation around online policies across the globe.
Kaljulaid spoke about the concept of “trusted connectivity”—making sure critical digital and physical infrastructure linking those robots and underpinning national economies is built by democratic allies and partners in close collaboration with the private sector—alongside Anne Neuberger, deputy national security advisor for cyber and emerging technology in the Biden administration. Introducing the conversation, Ambassador Paula J. Dobriansky, vice chair of the Atlantic Council’s Scowcroft Center for Strategy and Security, pointed out that “China has made massive global infrastructure investments through its Belt and Road Initiative, influencing global actors and unlocking sensitive data with potential vectors for coercion, disruption, and attack.” As the Group of Seven (G7) nations back infrastructure projects like Build Back Better World and standards embodied by the updated Blue Dot Network, “trusted connectivity offers a viable framework to counter Chinese tech and infrastructure investment,” Dobriansky said.
Below are some of the key takeaways from the discussion about how democracies can work together and with private companies to take on ambitious projects and promote global security, plus the future of connectivity in a world where technological competition presents tremendous geopolitical risks and opportunities.
What trusted connections look like
- Kaljulaid warned that digital infrastructure—a term that now applies to traditionally analog spaces that have gone digital like smart highways, electric railroads, and air routes—increasingly depends on platforms and technology that could become unreliable or even unusable if made by questionable partners: “Today, the element of who has made this technology and who may have control over this technology has to come into the game,” Kaljulaid said.
- The Three Seas Initiative, a public-private partnership including twelve European Union (EU) nations bordering the Baltic, Black, and Adriatic seas, is working to create common regional agreements on best internet practices and to pool investments in digital infrastructure. The aim? To build digital trust “in a layered way,” as Kaljulaid put it, in a similar manner to how international norms around traffic rules, driver’s licenses, and mandatory airbags created confidence in driving cars across borders.
- Some worry that the upfront cost of investing in digital infrastructure could be a deterrent for some countries still reeling from the economic impact of COVID-19 closures. But after a spate of global cyberattacks during the pandemic—including attacks on US pipelines and German and French hospitals—Neuberger pointed out that there is “a sense of urgency and a sense of shared collective threat that is very helpful to making rapid advancements.”
Building trust in a dangerous world
- “What we’re grappling with today is that we have our lives, our economies, and our critical services built essentially leveraging an internet which wasn’t built for the level of connectivity and reliance we have today,” Neuberger said. That presents significant challenges, she noted, but also “the opportunity to build this next generation secure from the bottom up with principles that allow us to make them far more defensible.”
- Yet hardening these defenses, as Neuberger acknowledged, involves a difficult balancing act between privacy and security. “We’re a proud democracy. We want our citizens to feel confident that their civil liberties and privacy are protected online,” she said. But in order to counter cyber crimes, governments need some visibility into internet activity. Neuberger said that while the US government has “very limited” domestic monitoring of networks, it could form “purpose-built information sharing” with cloud and internet service providers to identify threats.
- Transparency and accountability are key to building trust in digital services. But government policies may still need to leave space for calculated ambiguity. “If I see a malign act coming towards me from one country, this country may be supporting this or this country may simply be, let’s say, a failed state in the digital sphere, unable to do something about it,” Kaljulaid said. As a result, some of the more developed digital nations, including Estonia, want to create “some strategic ambiguity” in their guidelines for cyber conduct.
- Building trust must start with encouraging a concept of “cyber hygiene,” Kaljulaid said. That should include a multi-sector approach—from companies investing in defending their data to government officials encouraging good behavior. “You cannot really demand this [from] the citizens,” Kaljulaid warned: Establishing digital hygiene first requires that governments provide citizens with the tools they need, including “a digital ID which encrypts the communications between both sides and also guarantees that everybody is who they have said they are.” It also requires establishing common infrastructure standards for the private sector to work toward as companies build these networks.
- The approach may require convincing consumers to give something up too. Though the Biden administration has reversed the Trump administration’s push to ban the Chinese-owned video app TikTok, Neuberger indicated that the White House isn’t exactly embracing the app. “What was so concerning about TikTok was the aggregation of data about individuals, about society, and the potential for [using] that information to target individuals based on whether they … have controversial views,” she said. Neuberger added that governments therefore must educate citizens about such risks and arm them with the proper tools to secure their online lives.
Can I see some ID?
- Estonia is a trailblazer on digital IDs, with 98 percent of its citizens having one. The benefits of digital IDs range from authenticating identities without physical contact to granting instant digital access to health, bank, and government records to providing the ability to vote remotely—all capacities that became critical during the pandemic.
- A digital ID can foster trust among citizens too, Kaljulaid noted. Take a common challenge in the United States: trying to confirm that somebody who you’re talking to online is who they say they are. Estonians don’t have to wonder, Kaljulaid said: They can simply ask the other person to log in with their digital ID. “No Estonian simply trusts somebody on Google or Facebook who says they are called Pete or John,” she said. “This is where trust starts… [knowing] with whom I’m acting and transacting online.”
- Building public support globally for digital IDs is difficult, in part because of rampant fears of government abuse in countries such as the United States, Germany, and the United Kingdom. Both Kaljulaid and Neuberger said governments must make such technologies easy to use or else they won’t be used. Governments must also make it in the public’s interest to adopt digital IDs or government-supported digital services, Neuberger said, adding that the rising frequency and awareness of fraud online “underscores the potential value of a digital identity.”
Nick Fouriezos is an Atlanta-based writer with bylines from every US state and six continents. Follow him on Twitter @nick4iezos.
Watch the full event
Transcript May 5, 2021
Estonian President Kaljulaid and US Senator Shaheen on challenges from Moscow and the future of Nord Stream 2
By Atlantic Council
Estonian President Kersti Kaljulaid and US Senator Jeanne Shaheen talked about how the US and EU should engage Russia, craft a transatlantic approach to Afghanistan, lead a strategy to mitigate climate change, and more.
Seizing the advantage May 27, 2021
A connected world is a vulnerable world. The US can help secure it.
By Benjamin Jensen
National security is no longer measured by the size of a country’s military forces. It is measured by how efficiently and securely a country, as part of a network of allies and partners, exchanges information, resources, and ideas.
Report Jun 28, 2021
Collective cybersecurity for the Three Seas
By Safa Shahwan Edwards, Simon Handler, Trey Herr, Adam Marczyński, and Jakub Teska
In Central and Eastern Europe’s Three Seas region, twelve countries have joined together to invest in critical infrastructure projects and increase interconnectivity on energy, infrastructure, and digitization efforts along the way. To strengthen the resilience of these technical investments and better bind together the defensive cybersecurity operations of these societies, Three Seas member states should establish a regional hub for cybersecurity together with key private sector partners.